General installation guidance
- If you are unfamiliar with the product and its components, review the Technical overview articles. If your current deployment is XenApp 6.x or earlier, the Concepts and components article explains the differences in the 7.x versions of XenApp and XenDesktop.
- When planning your deployment, review the security articles.
- Check the Known issues article for installation issues you might encounter.
- If you are using a supported hypervisor or cloud service to provide virtual machines for applications and desktops, you can configure the first connection to that host when you create a Site, after you install components. However, you can configure the virtualization environment at any time before then. See the information sources listed here.
- If you are using Microsoft System Center Configuration Manager to manage access to manage access to applications and desktops, see this article.
- If a component has a .NET prerequisite, the installer will deploy the required .NET version if it is not present. The .NET installation might require a restart of the machine.
- Review the Databases article to learn about the system databases and how to configure them. During Controller installation, you can choose whether to install Microsoft SQL Server 2012 Express on the same server. You configure most database information when you create a Site, after you install the core components.
- When you install the Citrix License Server, that user account is automatically made a full administrator on the license server. See the Delegated Administration article for details.
- When you create objects before, during, and after installation, it is best practice to specify unique names for each object - for example networks, groups, catalogs, and resources.
- If a component does not install successfully, the process stops with an error message. Components that installed successfully are retained; you do not need to reinstall them.
- Citrix Studio starts automatically after it is installed. When using the graphical interface, you can disable this action on the final page of the wizard.
- You can use the installer included in the product ISO to install core components and Virtual Delivery Agents (VDAs); this is referred to as the full-product installer. To install VDAs, you can use either the full-product installer or the standalone VDA installer, which is available on the product download site. Both installers offer graphical and command line interfaces.
- The product installation media contains sample scripts that install, upgrade, or remove VDAs for groups of machines in Active Directory. You can also apply the scripts to individual machines and use them to manage master images used by Machine Creation Services and Provisioning Services. For details, see the Install VDAs using scripts article.
- You can use the full-product installer to install the server component (UpsServer) of the Universal Print Server on your print servers, using either the graphical or command line interface. The product download site may also contain UpsServer download packages. For more information, see Provision printers.
- You can use the full-product installer to install the Federated Authentication Service.
- Analytics are collected automatically when you install components. Additionally, when you use the full-product installer graphical interface to install a Controller or a VDA, you can indicate whether or not you want to participate in the Citrix Call Home feature. For details on both features, see the Citrix Insight Services article.
- The product ISO no longer includes versions of the Citrix Receiver for Mac and the Citrix Receiver for Linux. You (or your users) can download and install the Citrix Receivers from the Citrix website. Alternatively, you can make those Citrix Receivers available from your StoreFront server (see the Make Citrix Receiver installation files available on the server section in the StoreFront 3.0.x documentation, or the equivalent content in the StoreFront version you are using).
You must be a domain user and a local administrator on the machines where you are installing components.
To use the standalone VDA installer, you must either have elevated administrative privileges before starting the installation, or use Run as administrator.
Configure your Active Directory domain before beginning an installation.
- The System requirements article lists the supported Active Directory functional levels. The Active Directory article contains additional support information.
- You must have at least one domain controller running Active Directory Domain Services.
- Do not attempt to install any components on a domain controller.
- Do not use a forward slash (/) when you specify Organizational Unit names in Studio.
- See the Microsoft documentation for Active Directory configuration instructions.
Where to install components
Decide where you will install the components, and then prepare the machines and operating systems.
- Review the System requirements article for supported operating systems and versions for the Controller, Studio, Citrix Director, virtualization resources (hosts), and VDAs. Most component prerequisites are installed automatically; exceptions are noted in that article. See the Citrix StoreFront and the Citrix License Server documents for their supported platforms.
- You can install the core components on the same server or on different servers. For example, to manage a smaller deployment remotely, you can install Studio on a different machine than the server where you installed the Controller. To accommodate future expansion, consider installing components on separate servers; for example, install the License Server and Director on different servers.
- You can install both the Delivery Controller and the Virtual Delivery Agent for Windows Server OS on the same server. To do this, launch the installer and select the Delivery Controller (plus any other core components you want on that machine); then launch the installer again and select the Virtual Delivery Agent for Windows Server OS.
- Do not install any components on a domain controller.
- Installing a Controller on a node in a SQL Server clustering installation, SQL Server mirroring installation, or on a server running Hyper-V is not supported.
- Do not install Studio on a server running XenApp 6.5 Feature Pack 2 for Windows Server 2008 R2 or any earlier version of XenApp.
- Be sure that each operating system has the latest updates.
- Be sure that all machines have synchronized system clocks. Synchronization is required by the Kerberos infrastructure that secures communication between the machines.
What to specify when installing core components
The following sections explain what you see and specify during installation. It follows the sequence of the graphical interface wizard; equivalent command line options are also provided. The installation articles provide details about how to launch the wizards and issue commands with options.
Components are installed in C:\Program Files\Citrix by default. You can specify a different location on the Core Components page, but it must have execute permissions for network service. (Command line option: /installdir to specify nondefault directory)
Features used with core components
Choose or specify whether to install Microsoft SQL Server Express. If you're not familiar with the databases, review the Databases article. (Command line option: /nosql to prevent installation)
When you install Director, Windows Remote Assistance is installed automatically. You can choose whether to enable shadowing in Windows Remote Assistance for use with Director user shadowing, and open TCP port 3389. By default, this is enabled. (Command line option: /no_remote_assistance)
Firewall ports for core components
By default, the following ports are opened automatically if the Windows Firewall Service is running, even if the firewall is not enabled. You can disable this default action and open the ports manually if you use a third-party firewall or no firewall, or if you prefer to do it yourself. For complete port information about this and other Citrix products, see CTX101810. (Command line option: /configure_firewall)
- Controller: TCP 80, 443
- Director: TCP 80, 443
- License Server: TCP 7279, 8082, 8083, 27000
- StoreFront: TCP 80, 443
VDA installation guidance
- The VDA installers offer graphical and command line interfaces.
- Review the System requirements article for supported operating systems and versions for VDAs. Most component prerequisites are installed automatically; exceptions are noted in that article. When you install a VDA for Windows Server OS, Remote Desktop Services role services are automatically installed and enabled, if they are not already installed and enabled.
- If you installing a VDA on a Windows 7 or Windows Server 2008 R2 machine, verify that .NET 3.5.1 is installed before you start the VDA installation. The Restarts section below has addition installation prerequisite considerations.
- The Print Spooler Service is enabled by default on supported Windows servers. If you disable this service, you cannot successfully install a VDA for Windows Server OS, so make sure that this service is enabled before installing a VDA.
- Profile management is installed automatically during VDA installation. Although you can exclude it if you are using the command line interface, that exclusion will affect monitoring and troubleshooting of VDAs with Director.
- When you install the VDA, a new local user group called Direct Access Users is created automatically. On a VDA for Windows Desktop OS, this group applies only to RDP connections; on a VDA for Windows Server OS, this group applies to ICA and RDP connections.
- For Remote PC Access configurations, install the VDA for Windows Desktop OS on each physical office PC that users will access remotely. Do not enable the optimize feature.
- If you are installing a VDA on a machine running a supported Linux operating system, see Red Hat Linux VDAs or SUSE Linux VDAs for essential information.
- The VDA must have valid Controller addresses with which to communicate; otherwise, sessions cannot be established. You can specify Controller addresses when you install the VDA or later; just remember it must be done! For more information, see the Delivery Controller addresses section below.
- After you install a VDA for Server OS on a Windows Server 2012 R2 system, use the Kerberos Enable Tool (XASsonKerb.exe) to ensure the correct operation of Citrix Kerberos authentication. The tool is located in the Support > Tools > XASsonKerb folder on the installation media; you must have local administrator privileges to use the tool. Run xassonkerb.exe -install from a command prompt on the server. If you later apply an update that changes the registry location HKLM\System\CurrentControlSet\Control\LSA\OSConfig, run the command again. To see all available tool options, run the command with the -help parameter.
Available VDA installers: full-product and standalone
You can install a VDA using the full-product installer or a standalone installation package. Both offer graphical and command line interfaces.
The full-product installer automatically detects your operating system and allows you to install only the Windows VDA supported on that system: VDA for Windows Server OS or VDA for Windows Desktop OS.
Standalone VDA installation package
The smaller standalone package more easily accommodates deployments using Electronic Software Distribution (ESD) packages that are staged or copied locally, have physical machines, or have remote offices. The standalone package is intended primarily for deployments that use command line (silent) installation; it supports the same command line parameters as the full-product installer. The package also offers a graphical interface that is equivalent to the full-product installer.
How to use the graphical interface for the standalone VDA installer.
How to use the command line interface for the standalone VDA installer.
There are two self-extracting standalone VDA installer packages: one for installation on supported server OS machines, and another for supported workstation (desktop) OS machines.
By default, files in the package are extracted to the Temp folder. More disk space is required on the machine when extracting to the Temp folder than when using the full-product installer. Files extracted to the Temp folder are not automatically deleted, but you can manually delete them (from C:\Windows\Temp\Ctx-*, where * is a random Globally Unique Identifier) after the installation completes. Alternatively, you can use the /extract command with an absolute path.
If your deployment uses Microsoft System Center Configuration Manager, a VDA installation might appear to fail with exit code 3, even though the VDA installed successfully. To avoid the misleading message, you can wrap your installation in a CMD script or change the success codes in your Configuration Manager package. For more information, see the forum discussion at http://discussions.citrix.com/topic/350000-sccm-install-of-vda-71-fails-with-exit-code-3/.
Restarts when installing a VDA
A restart is required at the end of the VDA installation.
If you want to minimize the number of additional restarts needed during the installation sequence:
- Ensure that a supported .NET Framework version is installed before beginning the VDA installation.
- For Windows Server OS machines, install and enable the RDS role services before installing the VDA.
Other prerequisites do not typically require machine restarts, so you can let the installer take care of those for you.
If you do not install prerequisites before beginning the VDA installation, and you specify the /noreboot option for a command line installation, you must manage the restarts. For example, when using automatic prerequisite deployment, the installer will suspend after installing RDS, waiting for a restart; be sure to run the command again after the restart, to continue with the VDA installation.
VDAs on unsupported Windows systems
The latest VDAs are not supported on Windows XP or Windows Vista systems; additionally, some of the features in this and other recent releases cannot be used on those operating systems. Citrix recommends you replace those systems with currently-supported Windows desktop OS versions and then install a VDA from this release. If you must continue to accommodate machines running Windows XP or Windows Vista, you can install an earlier Virtual Desktop Agent version (5.6 FP1 with certain hotfixes). See CTX140941 for details. Keep in mind that:
- You cannot install core components (Controller, Studio, Director, StoreFront, License Server) on a Windows XP or Windows Vista system.
- If you use Windows XP or Windows Vista systems, when you create a Machine Catalog containing those machines, be sure to choose the 5.6 FP1 entry in the "Select the VDA version installed ..." listbox on the Master Image page.
- Remote PC Access is not supported on Windows Vista systems.
- Citrix support for Windows XP ended April 8, 2014 when Microsoft ended its extended support.
- Continuing to use older VDAs can affect feature availability and VDA registration with the Controller; see Mixed environment considerations.
What to specify when installing a VDA
The following sections explain what you specify during installation. It follows the sequence of the graphical interface wizard; equivalent command-line options are also provided. The installation articles provide details about how to launch the wizards or issue commands with options.
Check VDA installation guidance for tasks you may need to complete after VDA installation.
The VDA environment specifies how you will use the VDA:
- The default "master image" option indicates you will use Machine Creation Services (MCS) or Provisioning Services to create virtual machines based on a master image created in a hypervisor or cloud service. You install the VDA on the master image. (Command line option: /masterimage)
- The "Remote PC Access" option indicates you will install the VDA on a physical machine or on a VM that was provisioned without a VDA.
HDX 3D Pro (VDA for Windows Desktop OS version)
When you install a VDA using the graphical interface, this page appears only when installing a VDA on a desktop OS machine (not on a server OS machine). Choose to configure the VDA for standard or HDX 3D Pro mode.
- The standard VDA mode is recommended for most desktops, including those enabled with Microsoft RemoteFX. This mode is configured by default.
- The VDA for HDX 3D Pro mode optimizes the performance of graphics-intensive programs and media-rich applications. It is recommended if the machine will access a graphics processor for 3D rendering. (Command line option valid only on desktop OS machines: /enable_hdx_3d_pro)
VDA for HDX 3D Pro
- Generally best for virtual desktops without graphics hardware acceleration, and for Remote PC Access.
- Supports GPU acceleration with any GPU, with some application compatibility limitations:
- On Windows 7, 8, and8.1, GPU acceleration for DirectX feature levels up to 9.3. Some DirectX 10, 11, 12 applications may not run if they do not tolerate fallback to DirectX 9.
- On Windows 10, GPU acceleration is limited to windowed (non full-screen) DirectX 10, 11, 12 applications; DirectX 9 and full-screen applications are software-rendered (WARP).
- OpenGL application acceleration in remote sessions if supported by the GPU vendor (currently only NVIDIA).
- Uses Citrix WDDM display driver, supporting arbitrary monitor resolutions (up to 4K) and up to 8 monitors.
- Desktop Composition Redirection option for broadband access to Windows 7 and 8.x Aero desktops.
- Windows desktop composition offloaded to user device (Windows or Mac).
- Generally best for data center desktops with graphics hardware acceleration, unless more than four monitors are required.
- Supports GPU acceleration with any GPU, however console blanking, non-standard screen resolutions and true multi-monitor support require NVIDIA GRID or Intel Iris Pro graphics
- Leverages graphics vendor's driver for broadest application compatibility.
- All 3D APIs (DirectX or OpenGL) that the GPU supports.
- Full-screen 3D app support with Intel Iris Pro (Win10 only) and NVIDIA GRID.
- Support for custom driver extensions and APIs. For example, CUDA or OpenCL.
- Supports up to four monitors.
Remote PC Access and HDX 3D Pro mode
For Remote PC Access, the VDA is usually configured using the standard VDA option. For Remote PC Access configured with HDX 3D Pro, monitor blanking is supported with Intel Iris Pro graphics and Intel HD graphics 5300 and above (5th Generation Intel Core Processors and 6th Generation Intel Core i5 Processors), and NVIDIA Quadro and NVIDIA GRID GPUs.
Core Components (installation location and Citrix Receiver installation)
VDAs are installed in C:\Program Files\Citrix by default. You can specify a different location during installation, but it must have execute permissions for network service. (Command line option: /installdir to specify nondefault directory)
By default, Citrix Receiver for Windows is installed with the VDA. You can disable this default action. (Command line option: use "/components vda" to prevent Citrix Receiver installation)
You can specify the addresses (FQDNs) of installed Controllers either when you install the VDA (recommended) or later. Although you are not required to specify Controller addresses when you install a VDA, keep in mind that that a VDA cannot register with a Controller without this information. If VDAs cannot register, users on machines containing those VDAs will be unable to access their applications and desktops. (Command line option: /controllers)
- If you specify Controller FQDNs when you install the VDA, the installer attempts to connect to the specified addresses. If the connection attempt fails, the installer provides informative messages.
- If you choose to specify Controller addresses later, the installer reminds you of that requirement. If you install a VDA without specifying a Controller address, you can either rerun the installer later or use Citrix Group Policy.
If you specify Controller addresses both during VDA installation and in Group Policy, the policy settings override settings provided during installation.
Remember that successful VDA registration also requires that the firewall ports used for communication with the Controller are open.
After you initially specify Controller locations (either when installing the VDA or later), you can use the auto-update feature to update VDAs when additional Controllers are installed.
For more information about how VDAs discover and register with Controllers, see the Delivery Controllers article.
You can enable or disable the following features that are used with VDAs:
- Optimize performance: (Default = enabled) When this feature is selected, the optimization tool is used for VDAs running in a VM on a hypervisor. VM optimization includes disabling offline files, disabling background defragmentation, and reducing event log size. For more information, see CTX125874. Do not enable this option if you will be using Remote PC Access. (Command line option: /optimize)
- Use Windows Remote Assistance: (Default = enabled) When this feature is selected, Windows Remote Assistance is used with the user shadowing feature of Director, and Windows automatically opens TCP port 3389 in the firewall, even if you choose to open firewall ports manually. (Command line option: /enable_remote_assistance)
- Use Real-Time Audio Transport for audio: Default = enabled) When this feature is selected, UDP is used for audio packets, which can improve audio performance. (Command line option: /enable_real_time_transport)
- Framehawk: (Default = enabled) When selected, bidirectional UDP ports 3224-3324 are opened. (You can change the port range later with the "Framehawk display channel port range" Citrix policy setting; you must then open local firewall ports.) A UDP network path must be open on any internal (VDA to Citrix Receiver; or VDA to NetScaler Gateway) and external (NetScaler Gateway to Citrix Receiver) firewalls. If NetScaler Gateway is deployed, Framehawk datagrams are encrypted using DTLS (default UDP port 443). For more information, see the Framehawk article. (Command line option: /enable_framehawk_port)
- Install Citrix App-V publishing components: (Default: enabled) Select this feature if you will use applications from Microsoft App-V packages. For more information, see the App-V article. (Command line option: /no_appv to prevent component installation)
- Personal vDisk: (Default = disabled; available only when installing a VDA for Desktop OS on a VM.) When this feature is selected, Personal vDisks can be used with a master image. For more information, see the Personal vDisks articles. (Command line option: /baseimage)
By default, the following ports are opened automatically if the Windows Firewall Service is running, even if the firewall is not enabled. You can disable this default action and open the ports manually if you use a third-party firewall or no firewall, or if you prefer to do it yourself. For complete port information, see CTX101810. (Command line option: /enable_hdx_ports)
- Controller Communications: TCP 80, 1494, 2598, 8008. For communication between user devices and virtual desktops, configure inbound TCP on ports 1494 and 2598 as port exceptions. For security, Citrix recommends that you do not use these registered ports for anything other than the ICA protocol and the Common Gateway Protocol. For communication between Controllers and virtual desktops, configure inbound port 80 as a port exception.
- Remote Assistance: TCP 3389. Windows opens this port automatically if the Windows Remote Assistance feature is enabled on the previous page, even if you choose to open the ports manually.
- Real Time Audio: UDP 16500-16509.
- Framehawk: UDP 3224-3324.
After you review the information presented and click Install, the display shows the progress of the installation. After the installation completes, a machine restart is required before the VDA can be used.