Citrix Virtual Apps and Desktops

Universal Print Server policy settings

The Universal Print Server section includes policy settings for handling the Universal Print Server.

SSL cipher suite

This setting specifies the set of SSL/TLS cipher suites that are used in the Universal Print Client for encrypted print data stream (CGP) connections.

To control the cipher suite package used by the Universal Print Client for encrypted print web service (HTTPS/SOAP) connections, see [SCHANNEL].

Default value: ALL

This setting has the following values: ALL, COM or GOV.

The cipher suites corresponding to each value are the following:

ALL:

TLS_ECDHE_RSA_AES256_GCM_SHA384

TLS_ECDHE_RSA_AES256_CBC_SHA384

TLS_ECDHE_RSA_AES128_CBC_SHA

COM:

TLS_ECDHE_RSA_AES128_CBC_SHA

GOV:

TLS_ECDHE_RSA_AES256_GCM_SHA384

TLS_ECDHE_RSA_AES256_CBC_SHA384

SSL compliance mode

This setting specifies the level of compliance with NIST Special Publication 800-52 that is used by the Universal Print Client for encrypted print data stream (CGP) connections.

Default value: None.

This setting has the following values:

None.

The encrypted print data stream (CGP) connections use the default compliance mode.

SP800-52.

The encrypted print data stream (CGP) connections use the NIST Special Publication 800-52 compliance mode.

SSL enabled

This setting specifies whether SSL/TLS is used by the Universal Print Client for the following:

  • Print data stream (CGP) connections
  • Web service (HTTP/SOAP) connections

When you set Universal Print Server enable to Enabled with fallback to Windows’ native remote printing, fallback connections are made by the Microsoft Windows Network Print Provider. This setting does not affect these fallback connections.

Default value: Disabled

This setting has the following values:

Enabled.

The Universal Print Client uses SSL/TLS to connect to the Universal Print Server.

Disabled.

The Universal Print Client uses SSL/TLS to connect to the Universal Print Server.

SSL FIPS mode

This setting specifies whether the SSL/TLS cryptographic module used by the Universal Print Client for print data stream (CGP) connections run in FIPS mode.

Default value: Disabled

This setting has the following values:

Enabled.

FIPS mode is on.

Disabled.

FIPS mode is off.

SSL protocol version

This setting specifies the SSL/TLS protocol version used by the Universal Print Client.

Default value: ALL

This setting has the following values:

ALL.

Use TLS versions 1.0, 1.1 or 1.2.

TLSv1.

Use TLS version 1.0.

TLSv1.1.

Use TLS version 1.1.

TLSv1.2.

Use TLS version 1.2.

SSL Universal Print Server encrypted print data stream (CGP) port

This setting specifies the TCP port number of the Universal Print Server encrypted print data stream (CGP) port. This port receives data for print jobs.

Default value: 443

SSL Universal Print Server encrypted web service (HTTPS/SOAP) port

This setting specifies the TCP port number of the Universal Print Server encrypted web service (HTTPS/SOAP) port. This port receives data for print commands.

Default value: 8443

Universal Print Server enable

This policy enables or disables the use of the Citrix Universal Print Server (UPS). Apply this policy setting to Organizational Units (OUs) that includes the virtual desktop or server-hosting applications.This policy settings include fallback options to allow connections to print servers using the native Windows remote printing service in the event that the Citrix UPS component is not installed or unavailable on the requested print server. Changes to this policy is applicable only after the VDA is restarted.

By default, the Universal Print Server is disabled.

When adding this setting to a policy, select one of the following options:

  • Enabled with fallback to Windows native remote printing: The Universal Print Server services the Network printer connections, if possible. If the Universal Print Server is not available, the Windows Print Provider is used. The Windows Print Provider continues to handle all printers previously created with the Windows Print Provider.
  • Enabled with no fallback to Windows native remote printing: The Universal Print Server services the Network printer connections exclusively. If the Universal Print Server is unavailable, the network printer connection fails. This setting effectively disables network printing through the Windows Print Provider. Printers previously created with the Windows Print Provider are not created while a policy containing this setting is active.
  • Disabled: The Universal Print Server feature is disabled. No attempt is made to connect with the Universal Print Server when connecting to a network printer with a UNC name. Connections to remote printers continue to use the Windows native remote printing facility.

Universal Print Server print data stream (CGP) port

This setting specifies the TCP port number used by the Universal Print Server print data stream Common Gateway Protocol (CGP) listener. Apply this policy setting only to OUs containing the print server.

By default, the port number is set to 7229.

Valid port numbers must be in the range of 1-65535.

Universal Print Server print stream input bandwidth limit (Kbps)

This setting specifies the upper boundary (in kilobits per second) for the transfer rate of print data. The transfer rate is calculated for the print data that is delivered from each print job to the Universal Print Server using CGP. Apply this policy setting to OUs containing the virtual desktop or server-hosting applications.

By default, the value is 0, which specifies no upper boundary.

Universal Print Server web service (HTTP/SOAP) port

This setting specifies the TCP port number used by the Universal Print Server’s web service (HTTP/SOAP) listener. The Universal Print Server is an optional component that enables the use of Citrix universal print drivers for network printing scenarios.

When the Universal Print Server is used, printing commands are sent from Citrix Virtual Apps and Desktops hosts to the Universal Print Server via SOAP over HTTP. This setting modifies the default TCP port on which the Universal Print Server listens for incoming HTTP/SOAP requests.

You must configure both host and print server HTTP port identically. If you do not configure the ports identically, the host software doesn’t connect to the Universal Print Server. This setting changes the VDA on Citrix Virtual Apps and Desktops. In addition, you must change the default port on the Universal Print Server.

By default, the port number is set to 8080.

Valid port numbers must be in the range of 0-65535.

Universal Print Servers for load balancing

This setting lists the Universal Print Servers to be used to load balance printer connections established at session launch, after evaluating other Citrix printing policy settings. To optimize printer creation time, Citrix recommends that all print servers have the same set of shared printers. There is no upper limit to the number of print servers which can be added for load balancing.

This setting also implements print server failover detection and printer connections recovery. The print servers are checked periodically for availability. If a server failure is detected, that server is removed from the load balancing scheme. Also, the printer connections on that server are redistributed among other available print servers. When the failed print server recovers, it is returned to the load balancing scheme.

Click Validate Servers to check that each server is a print server, that the server list doesn’t include duplicate server names, and that all servers have an identical set of shared printers installed. This operation might take some time.

Universal Print Servers out-of-service threshold

This setting specifies how long the load balancer must wait for an unavailable print server to recover before it determines that the server is permanently offline and redistributes its load to other available print servers.

By default, the threshold value is set to 180 (seconds).

Universal Print Server web service (HTTP/SOAP) connect timeout

This setting specifies the number of seconds that the Universal Print Client must wait until a Universal Print Server web service connect() operation times out. This setting has the following values. All these values are numeric and the units (of time) are seconds.

  • The minimum value is 0.
  • The maximum value is 60.
  • The default value is 10.

When the timeout is between 1 and 60 (inclusive), the Universal Print Client waits for the specified time for the operation to complete. The operation is a connect TCP socket operation. Sockets are a facility of the Windows operating system that allows interprocess communication over TCP/IP networks.

When the timeout is 0, the Universal Print Client uses the default timeout defined by the operating system. This configuration was the available configuration present in the previous versions of the Universal Print Client before this change.

The Universal Print Client is the component of the Virtual Delivery Agent (VDA) that communicates with the Universal Print Server.

Note:

This policy setting is applicable in the VDA version 7.35 and later.

Universal Print Server web service (HTTP/SOAP) receive timeout

This setting specifies the number of seconds that the Universal Print Client must wait until a Universal Print Server web service recv() operation times out. This setting has the following values and all these values are numeric and the units (of time) are seconds.

  • The minimum value is 0.
  • The maximum value is 60.
  • The default value is 10.

When the timeout is between 1 and 60 (inclusive), the Universal Print Client waits for the specified time for the operation to complete. The operation is a receive TCP socket operation. Sockets are a facility of the Windows operating system that allows interprocess communication over TCP/IP networks.

When the timeout is 0, the Universal Print Client uses the default timeout defined by the operating system. This configuration was the available configuration present in the previous versions of the Universal Print Client before this change.

Universal Print Client is the component of the Virtual Delivery Agent (VDA) that communicates with the Universal Print Server.

Note:

This policy setting is applicable in the VDA version 7.35 and later.

Universal Print Server web service (HTTP/SOAP) send timeout

This setting specifies the number of seconds that the Universal Print Client must wait until a Universal Print Server web service send() operation times out. This setting has the following values. All these values are numeric and the units (of time) are seconds.

  • The minimum value is 0.
  • The maximum value is 60.
  • The default value is 10.

When the timeout is between 1 and 60 (inclusive), the Universal Print Client waits for the specified time for the operation to complete. The operation is a send TCP socket operation. Sockets are a facility of the Windows operating system that allows interprocess communication over TCP/IP networks.

When the timeout is 0, the Universal Print Client uses the default timeout defined by the operating system. This configuration was the available configuration present in the previous versions of the Universal Print Client before this change.

Universal Print Client is the component of the VDA that communicates with the Universal Print Server.

Note:

This policy setting is applicable in the VDA version 7.35 and later.