Universal Print Server policy settings

The Universal Print Server section contains policy settings for handling the Universal Print Server.

SSL cipher suite

This setting specifies the set of SSL/TLS cipher suites used by the Universal Print Client for encrypted print data stream (CGP) connections.

To control the cipher suite package used by the Universal Print Client for encrypted print web service (HTTPS/SOAP) connections, see [SCHANNEL].

Default value: ALL

This setting has the following values: ALL, COM or GOV.

The cipher suites corresponding to each value are listed below:

ALL:

TLS_ECDHE_RSA_AES256_GCM_SHA384

TLS_ECDHE_RSA_AES256_CBC_SHA384

TLS_ECDHE_RSA_AES128_CBC_SHA

COM:

TLS_ECDHE_RSA_AES128_CBC_SHA

GOV:

TLS_ECDHE_RSA_AES256_GCM_SHA384

TLS_ECDHE_RSA_AES256_CBC_SHA384

SSL compliance mode

This setting specifies the level of compliance with NIST Special Publication 800-52 that is used by the Universal Print Client for encrypted print data stream (CGP) connections.

Default value: None.

This setting has the following values:

None.

The encrypted print data stream (CGP) connections use the default compliance mode.

SP800-52.

The encrypted print data stream (CGP) connections use the NIST Special Publication 800-52 compliance mode.

SSL enabled

This setting specifies whether SSL/TLS is used by the Universal Print Client for print data stream (CGP) connections and for web service (HTTP/SOAP) connections.

When you set Universal Print Server enable to Enabled with fallback to Windows’ native remote printing, fallback connections are made by the Microsoft Windows Network Print Provider. This setting does not affect these fallback connections.

Default value: Disabled

This setting has the following values:

Enabled.

The Universal Print Client uses SSL/TLS to connect to the Universal Print Server.

Disabled.

The Universal Print Client uses SSL/TLS to connect to the Universal Print Server.

SSL FIPS mode

This setting specifies whether the SSL/TLS cryptographic module used by the Universal Print Client for print data stream (CGP) connections will run in FIPS mode.

Default value: Disabled

This setting has the following values:

Enabled.

FIPS mode is on.

Disabled.

FIPS mode is off.

SSL protocol version

This setting specifies the SSL/TLS protocol version used by the Universal Print Client.

Default value: ALL

This setting has the following values:

ALL.

Use TLS versions 1.0, 1.1 or 1.2.

TLSv1.

Use TLS version 1.0.

TLSv1.1.

Use TLS version 1.1.

TLSv1.2.

Use TLS version 1.2.

SSL Universal Print Server encrypted print data stream (CGP) port

This setting specifies the TCP port number of the Universal Print Server encrypted print data stream (CGP) port. This port receives data for print jobs.

Default value: 443

SSL Universal Print Server encrypted web service (HTTPS/SOAP) port

This setting specifies the TCP port number of the Universal Print Server encrypted web service (HTTPS/SOAP) port. This port receives data for print commands.

Default value: 8443

Universal Print Server enable

This setting enables or disables the Universal Print Server feature on the virtual desktop or the server hosting applications. Apply this policy setting to Organizational Units (OUs) containing the virtual desktop or server hosting applications.

By default, the Universal Print Server is disabled.

When adding this setting to a policy, select one of the following options:

  • Enabled with fallback to Windows native remote printing. Network printer connections are serviced by the Universal Print Server, if possible. If the Universal Print Server is not available, the Windows Print Provider is used. The Windows Print Provider continues to handle all printers previously created with the Windows Print Provider.
  • Enabled with no fallback to Windows native remote printing. Network printer connections are serviced by the Universal Print Server exclusively. If the Universal Print Server is unavailable, the network printer connection fails. This setting effectively disables network printing through the Windows Print Provider. Printers previously created with the Windows Print Provider are not created while a policy containing this setting is active.
  • Disabled. The Universal Print Server feature is disabled. No attempt is made to connect with the Universal Print Server when connecting to a network printer with a UNC name. Connections to remote printers continue to use the Windows native remote printing facility.

Universal Print Server print data stream (CGP) port

This setting specifies the TCP port number used by the Universal Print Server print data stream Common Gateway Protocol (CGP) listener. Apply this policy setting only to OUs containing the print server.

By default, the port number is set to 7229.

Valid port numbers must be in the range of 1 to 65535.

Universal Print Server print stream input bandwidth limit (kpbs)

This setting specifies the upper boundary (in kilobits per second) for the transfer rate of print data delivered from each print job to the Universal Print Server using CGP. Apply this policy setting to OUs containing the virtual desktop or server hosting applications.

By default, the value is 0, which specifies no upper boundary.

Universal Print Server web service (HTTP/SOAP) port

This setting specifies the TCP port number used by the Universal Print Server’s web service (HTTP/SOAP) listener. The Universal Print Server is an optional component that enables the use of Citrix universal print drivers for network printing scenarios. When the Universal Print Server is used, printing commands are sent from Citrix Virtual Apps and Desktops hosts to the Universal Print Server via SOAP over HTTP. This setting modifies the default TCP port on which the Universal Print Server listens for incoming HTTP/SOAP requests.

You must configure both host and print server HTTP port identically. If you do not configure the ports identically, the host software will not connect to the Universal Print Server. This setting changes the VDA on Citrix Virtual Apps and Desktops. In addition, you must change the default port on the Universal Print Server.

By default, the port number is set to 8080.

Valid port numbers must be in the range of 0 to 65535.

Universal Print Servers for load balancing

This setting lists the Universal Print Servers to be used to load balance printer connections established at session launch, after evaluating other Citrix printing policy settings. To optimize printer creation time, Citrix recommends that all print servers have the same set of shared printers. There is no upper limit to the number of print servers which can be added for load balancing.

This setting also implements print server failover detection and printer connections recovery. The print servers are checked periodically for availability. If a server failure is detected, that server is removed from the load balancing scheme, and printer connections on that server are redistributed among other available print servers. When the failed print server recovers, it is returned to the load balancing scheme.

Click Validate Servers to check that each server is a print server, that the server list doesn’t contain duplicate server names, and that all servers have an identical set of shared printers installed. This operation may take some time.

Universal Print Servers out-of-service threshold

This setting specifies how long the load balancer should wait for an unavailable print server to recover before it determines that the server is permanently offline and redistributes its load to other available print servers.

By default, the threshold value is set to 180 (seconds).