What’s new in App Layering 4.10
This release includes the following improvements.
Windows 10 version 1709 support. Windows 10 version 1709 is now supported when Store Apps are disabled. Use the script included in our OS Machine Tools package to turn off Store Apps. Because Store Apps must be disabled, we can only support Windows 10 editions where this is possible to do: Enterprise and Education,but not Professional. If you have been using Store Apps on their 1607 setup, they will have to re-create their App and Platform layers from scratch after upgrading to 1709 and disabling Store Apps.
Improved support for PVS on Hyper-V and vSphere. This release includes stability improvements when using PVS to stream images on Hyper-V or vSphere systems peformance. (UNI-61938, UNI-65218)
Labs features in this release
Labs features are previews of potential functionality for future releases. While a feature is in Labs, you should not use it in production. You must enable each of these features in System > Settings and Configuration before you can use them.
In this release:
- User layers. User layers let you persist user profile settings, data, and user-installed applications in non-persistent VDI environments. This feature is supported in Windows 7 64-bit and Windows 10 64-bit environments for Citrix XenDesktop, VMware Horizon View, and View JIT.
- App layers can be elastically assigned to layered images that use a different OS layer. Until now, elastic layer assignments required that the App layer assigned use the same OS layer that was used to create the App layer. Now you can elastically assign App layers using other OS layers available on your App Layering appliance. There is no guarantee that the app layer will work on a different OS layer, but now you can try it. If it does not work, then disable this feature on the layer and only use the OS that the app layer was created with. In addition, you must use the original OS layer when adding versions to your application layer.
When User layers are enabled and you have upgrade to 4.10 or later, signing on starts the Windows First Sign-in screens. This is a normal windows process during upgrades. Your User layer is brought up to date with the OS version, and no User layer files are lost in the process.
For information about Citrix App Layering -supported platforms, see System requirements.
You can upgrade from any previous Citrix App Layering 4.x version to the current release.
Known issues and considerations
Issues with Labs features
- User layers on Windows 10 and Windows 7. Changes to Windows indexing options do not persist when you enable User layers on Windows 10 and Windows 7 desktops. If you set Indexing Options for an elastically layered app, the settings are not available when users log in. If an indexing option change is critical for all users, you can include it in a new version of the OS layer. You can also include it in a new app layer, which is a better option. The change becomes the default for all users. (UNI-56064, UNI-56213)
- Network adapter icon. A red “X” network adapter icon indicates that there’s an issue even when the network is functional. You can ignore the red ‘X.’ (UNI-53443).
Issues common to all platforms
The following issues may occur, whether your appliance is installed on XenServer, Azure, Hyper-V, Nutanix, or VMware.
Access the management console through Citrix Cloud
You can access the App Layering management console using the Manage tab with App Layering in Citrix Cloud. When accessing this tab, consider:
- Administrator access to the console using Citrix Cloud will be slower than direct access.
File downloads from Citrix ShareFile
You can download files by using Citrix ShareFile but you cannot save changes to the files. (UNI-55850)
App Layering appliance and management console
- After upgrading from App Layering 4.1.0 or 4.2.0 to the current release, you might need to reset the App Layering administrative passwords.
- When accessing the App Layering appliance through Internet Explorer running on a server operating system, the fonts for the management console might not load correctly. To prevent this issue, add the appliance IP address to the Trusted Sites list in Internet Explorer. (UNI-50830).
- Restart the appliance after adding new disks. When adding disks to expand storage, Citrix recommends that restarting the appliance after the disk expansion wizard completes the operation. (UNI-53580)
- If an IP address is already in use with another virtual machine, configuring a different IP address on the appliance can cause a network service failure. For example, if the app layering appliance has a dynamic IP address and you reconfigure it to use a static IP address. An error message, “Job for network service failed.” If the appliance loses network connectivity, change to an unused IP address and restart the appliance.
- When installing the App Layering appliance, you must use the default CPU setting of 4. Increasing the value, could cause issues with the appliance.
- If you are using Roles in a large, complex Active Directory environment and logins are slow, make sure that all Roles have been assigned to explicit users, rather than to groups. We have noticed that tasks such as logging in complete noticeably faster in large, complex AD environments when all roles have been assigned to explicit users.
- Use the same hypervisor when adding a version to your OS layer. When adding a version to an OS layer, package the layer on the same hypervisor from which you imported the OS during layer creation. (UNI-44372)
- Automatic Windows Updates are disabled during OS Layer updates. When you update the OS layer, Windows Updates are disabled automatically. Disabling automatic updates help avoid situations where Windows starts an update in the background before, or during, an OS layer finalization. When you add a version to an OS layer, manually start the download and installation of Windows updates. Then repeat the downloads and installation until you apply all available updates before finalizing the new OS layer. (UNI-58115)
- Use the built-in administrator account when you log on to a packaging machine. Otherwise, RunOnce scripts do not run, and finalization of the layer does not occur. (UNI-58154)
- Apps can appear to load slowly in user sessions. Disable automatic updates for applications, such as Chrome and Firefox. Windows prompts the user to make changes with an administrator account even though the user does not have administrator access. Instruct the user to click No when prompted and then the application starts successfully.
Elastic Layering (general)
- Microsoft Office cannot be elastically layered due to the way its licenses are integrated with the Windows Store. The Office app layer must be included in the Layered image, which you can do by adding it to your image template(s).
- Users receive the following alert when starting an elastically assigned Skype layer for the first time: “The Installer has insufficient privileges to modify this file: URL “ If the user click Ignore, Skype opens as expected. (UNI-52164)
- Empty directories are visible to Windows Explorer users when Citrix App Layering drivers are running. When you enable an image with elastic layering, users might be able to view files and directories from other sessions in Windows Explorer. If users browse files with Windows Explorer, they might be able to see empty directories associated with other sessions that use elastic layering. Directories explored in the other session might create folders visible to all sessions that have permission to browse that directory. If users access to the volume is not available, they cannot see the directories and contents of the drives.
- Elastic layers require .NET Framework 4.5. If you are using Citrix App Layering elastic layers, install .NET Framework 4.5 on any layered image where you enable elastic layers.
- If you use elastic layer assignments with Windows Server 2008 or Windows 7, create your file share with a sector size of 512. For details about this issue and related operating system updates, see the following:
- When using Elastic Layer Assignments, Persona Management in Horizon View is not supported. Although Citrix App Layering supports Horizon View 6.1 and later, Elastic Layer Assignments do not support these versions of View Persona Management. (UNI-53639)
- Citrix App Layering supports Horizon View 6.1 and later. Elastic layer assignments do not support Persona Management in Horizon View. (UNI-53639)
Windows 10 support
- Due to issues with Store apps, App Layering does not work with the Store.
- Starting with Windows 10, version 1607, you must disable Store apps if you want to be able to upgrade to future Windows 10 versions.
- Windows 10, version 1703 is supported only if you have turned off the Store apps.
- You can disable Windows 10 Store apps on Windows 10 Enterprise only
- To disable Windows 10 Store apps:
- Add a new version to the Windows 10 OS layer.
- Use an administrator command prompt to run the script at C:\Windows\Setup\Scripts\RemoveStoreApps.cmd.
- Finalize the layer.
- In your image template(s) that use this OS layer, select the new layer version, and republish your layered images.
- App layers, Platform layers, and User layers created before the Store was disabled must be recreated.
- If you revert to an earlier major version of the Windows 10 OS layer, the user layers are not compatible. For example, reverting from version 1607 to 1511.Rolling back from one sub-release to another is fine. If the user layers are not compatible, delete and recreate the user layers.(UNI-57006)
- Windows 10 upgrades require a 60-GB disk for the OS layer version. When you add a version to the Windows 10 OS layer, change the maximum layer size from 30 GB to 60 GB.(UNI-52422)
- Upgrading requires extra steps when going to a new Windows 10 major release. During the upgrade, Windows 10 can create a recovery volume on the same disk as the OS layer version. Always delete this volume before you finalize the OS layer version. Otherwise, the recovery volume can cause desktops to fail to start correctly. For more information, see App Layering: Windows 10 upgrade may result in new recovery volume partition.
- When creating a Microsoft Office layer on Windows 10, the Optimizer.hta now launches the Office Prep script. As a result, you must now use the Optimizer.hta as part of preparing a Microsoft Office App layer.
Citrix Provisioning Services (PVS)
- When you create an image template, the target device hardware settings must match the Windows operating system and platform layer settings. Ensure that the hardware settings on the target device match the operating system and platform layer hardware settings, especially the number of CPUs. If the settings don’t match, you can get a restart required message when you start the published image.(UNI-50799, UNI-46333, UNI-51599)
- If you use Provisioning Services, you must disable IPv6 in the OS layer. If you disable IPv6 in the platform layer instead of in the OS layer, when Provisioning Services start, the network connection fails and stops responding. (UNI-53600)
- If permissions are wrong when you publish an image, an error message might appear that says the operation timed out. (UNI-54516)
- Although the management console allows image names that contain a period (.), those names fail in the Provisioning Services environment. Do not include a period in the name. (UNI-54263)
- When you prepare your operating system image for use in XenServer, you must open port 5900. (UNI-50846)
- Creating a Citrix App Layering connector configuration that points to a child node in a XenServer pool produces an unexpected error message. To avoid this issue, only use the primary node when creating connector configurations. (UNI-52454)
- When you import an OS layer from a XenServer virtual machine, use the XenServer connector to perform the import directly. There might be issues exporting the virtual machine image to a network file share first and then importing it to XenServer. (UNI-52669)
VMware Horizon View
- Elastic layers are only supported with floating desktop pools. (UNI-53442)
- Citrix App Layering does not support Azure File storage. Create a network file share or an SMB file share in Azure to use with Citrix App Layering. (UNI-42272)
- If the fully qualified domain name (FQDN) is not typed in the format Azure expects, the FQDN in Azure can fail. For more information, see Create a fully qualified domain name in the Azure portal for a Windows VM. (UNI-51587)
- The Azure connector configuration name must be unique. When creating an Azure connector configuration, you cannot use the same name that is in an existing configuration. If you do use the same name, you cannot save the changes. (UNI-56230)
- When you configure Elastic Layering in Hyper-V, you must use unmanaged RDS pools (UNI-53545)
App Layering Nutanix Connector does not work with Nutanix AHV 5.5. Citrix recommends not upgrading to the latest Nutanix Acropolis OS (AOS) version 5.5. Starting in AOS 5.5, the App Layering Connector for Nutanix can no longer negotiate a secure connection to the Controller virtual machine for management, or uploading and downloading virtual disks. As of AOS 5.5,Nutanix has disabled TLS 1.1, TLS 1.0, SSLv3 and any non-ephemeral cipher suites. The Connectors in App Layering are restricted to SSLv3. Nutanix has no way to re-enable SSLv3 for compatibility with App Layering. Until Citrix produces a fix, the Nutanix AHV Connector will not work.
Depending on the operation you are performing, you may see any of these errors:
Failed to connect to the server at ‘host’ A failure occurred connecting to the Nutanix server. Error = write EPROTO 140283234211648:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s3_pkt.c:1472:SSL alert number 40140283234211648:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:../deps/openssl/openssl/ssl/s3_pkt.c:656:
Failed to execute the script: A failure occurred connecting to the Nutanix server. Error = write EPROTO 140283234211648:error:14077410:SSL routines:SSL23_GET_SERVER\HELLO:sslv3 alert handshake failure:../deps/openssl/openssl/ssl/s23_clnt.c:769: