Product Documentation

Prepare to install

Feb 26, 2016

General installation guidance

  • If you are unfamiliar with the product and its components, review the Technical overview articles. If your current deployment is XenApp 6.x or earlier, the Concepts and components article explains the differences in the 7.x versions of XenApp and XenDesktop.
  • When planning your deployment, review the security articles.
  • Check the Known issues article for installation issues you might encounter.
  • If you are using a supported hypervisor or cloud service to provide virtual machines for applications and desktops, you will configure the first connection to that host when you create a Site, after you install components. However, you can configure the virtualization environment at any time before then. See the information sources listed here.
  • If you are using Microsoft System Center Configuration Manager to manage access to manage access to applications and desktops, see this article.
  • If a component has a .NET prerequisite, the installer will deploy the required .NET version if it is not present. The .NET installation might require a restart of the machine.
  • Review the Databases article to learn about the system databases and how to configure them. During Controller installation, you can choose whether to install Microsoft SQL Server 2012 Express on the same server. You configure most database information when you create a Site, after you install the core components.
  • When you install the Citrix License Server, that user account is automatically made a full administrator on the license server. See the Delegated Administration article for details.
  • When you create objects before, during, and after installation, it is best practice to specify unique names for each object - for example networks, groups, catalogs, and resources.
  • If a component does not install successfully, the process stops with an error message. Components that installed successfully are retained; you do not need to reinstall them.
  • Citrix Studio starts automatically after it is installed. When using the graphical interface, you can disable this action on the final page of the wizard.
  • You can use the installer included in the product ISO to install core components and Virtual Delivery Agents (VDAs); this is referred to as the "full-product installer." To install VDAs, you can use either the full-product installer or the standalone VDA installer, which is available on the product download site. Both installers offer graphical and command line interfaces.
  • The product installation media contains sample scripts that install, upgrade, or remove VDAs for groups of machines in Active Directory. You can also apply the scripts to individual machines and use them to manage master images used by Machine Creation Services and Provisioning Services. For details, see the Install VDAs using scripts article.
  • You can use the full-product installer to install the server component (UpsServer) of the Universal Print Server on your print servers, using either the graphical or command line interface. The product download site may also contain UpsServer download packages.
  • The product ISO no longer includes versions of the Citrix Receiver for Mac and the Citrix Receiver for Linux. You (or your users) can download and install the Citrix Receivers from the Citrix website. Alternatively, you can make those Citrix Receivers available from your StoreFront server (see the Make Citrix Receiver installation files available on the server section in the StoreFront 3.0.x documentation, or the equivalent content in the StoreFront version you are using).


You must be a domain user and a local administrator on the machines where you are installing components.

To use the standalone VDA installer, you must either have elevated administrative privileges before starting the installation, or use Run as administrator.

Configure your Active Directory domain before beginning an installation.

  • The System requirements article lists the supported Active Directory functional levels. The Active Directory article contains additional support information.
  • You must have at least one domain controller running Active Directory Domain Services.
  • Do not attempt to install any components on a domain controller.
  • Do not use a forward slash (/) when you specify Organizational Unit names in Studio.
  • See the Microsoft documentation for Active Directory configuration instructions.

Where to install components

Decide where you will install the components, and then prepare the machines and operating systems.

  • Review the System requirements article for supported operating systems and versions for the Controller, Studio, Citrix Director, virtualization resources (hosts), and VDAs. Most component prerequisites are installed automatically; exceptions are noted in that article. See the Citrix StoreFront and the Citrix License Server documents for their supported platforms.
  • You can install the core components on the same server or on different servers. For example, to manage a smaller deployment remotely, you can install Studio on a different machine than the server where you installed the Controller. To accommodate future expansion, consider installing components on separate servers; for example, install the License Server and Director on different servers.
  • You can install both the Delivery Controller and the Virtual Delivery Agent for Windows Server OS on the same server. To do this, launch the installer and select the Delivery Controller (plus any other core components you want on that machine); then launch the installer again and select the Virtual Delivery Agent for Windows Server OS.
  • Do not install any components on a domain controller.
  • Installing a Controller on a node in a SQL Server clustering installation, SQL Server mirroring installation, or on a server running Hyper-V  is not supported.
  • Do not install Studio on a server running XenApp 6.5 Feature Pack 2 for Windows Server 2008 R2 or any earlier version of XenApp.
  • Be sure that each operating system has the latest updates.
  • Be sure that all machines have synchronized system clocks. Synchronization is required by the Kerberos infrastructure that secures communication between the machines.

What to specify when installing core components

The following sections explain what you see and specify during installation. It follows the sequence of the graphical interface wizard; equivalent command line options are also provided. The installation articles provide details about how to launch the wizards and issue commands with options.

Features used with core components

Choose or specify whether to install Microsoft SQL Server Express. If you're not familiar with the databases, review the Databases article. (Command line option: /nosql to prevent installation)

When you install Director, Windows Remote Assistance is installed automatically. You can choose whether to enable shadowing in Windows Remote Assistance for use with Director user shadowing, and open TCP port 3389. By default, this is enabled.  (Command line option: /no_remote_assistance)

Firewall ports for core components

By default, the following ports are opened automatically if the Windows Firewall Service is running, even if the firewall is not enabled. You can disable this default action and open the ports manually if you use a third-party firewall or no firewall, or if you prefer to do it yourself. For complete port information about this and other Citrix products, see CTX101810.  (Command line option: /configure_firewall)

  • Controller: TCP 80, 443
  • Director: TCP 80, 443
  • License Server: TCP 7279, 8082, 8083, 27000
  • StoreFront: TCP 80, 443

VDA installation guidance

  • The VDA installers offer graphical and command line interfaces.
  • Review the System requirements article for supported operating systems and versions for VDAs. Most component prerequisites are installed automatically; exceptions are noted in that article.  When you install a VDA for Windows Server OS, Remote Desktop Services role services are automatically installed and enabled, if they are not already installed and enabled.
  • If you installing a VDA on a Windows 7 or Windows Server 2008 R2 machine, verify that .NET 3.5.1 is installed before you start the VDA installation. The Restarts section below has addition installation prerequisite considerations.
  • The Print Spooler Service is enabled by default on supported Windows servers. If you disable this service, you cannot successfully install a VDA for Windows Server OS, so make sure that this service is enabled before installing a VDA.
  • Profile management is installed automatically during VDA installation. Although you can exclude it if you are using the command line interface, that exclusion will affect monitoring and troubleshooting of VDAs with Director.
  • When you install the VDA, a new local user group called Direct Access Users is created automatically. On a VDA for Windows Desktop OS, this group applies only to RDP connections; on a VDA for Windows Server OS, this group applies to ICA and RDP connections.
  • For Remote PC Access configurations, install the VDA for Windows Desktop OS on each physical office PC that users will access remotely. Do not enable the optimize feature.
  • If you are installing a VDA on a machine running a supported Linux operating system, see Red Hat Linux VDAs or SUSE Linux VDAs for essential information.
  • The VDA must have valid Controller addresses with which to communicate; otherwise, sessions cannot be established. You can specify Controller addresses when you install the VDA or later; just remember it must be done! For more information, see the Delivery Controller addresses section below.
  • After you install a VDA for Server OS on a Windows Server 2012 R2 system, use the Kerberos Enable Tool (XASsonKerb.exe) to ensure the correct operation of Citrix Kerberos authentication. The tool is located in the Support > Tools > XASsonKerb folder on the installation media; you must have local administrator privileges to use the tool. Run xassonkerb.exe -install from a command prompt on the server. If you later apply an update that changes the registry location HKLM\System\CurrentControlSet\Control\LSA\OSConfig, run the command again. To see all available tool options, run the command with the -help parameter.

Available VDA installers: full-product and standalone

You can install a VDA using the full-product installer or a standalone installation package. Both offer graphical and command line interfaces.

The full-product installer automatically detects your operating system and allows you to install only the Windows VDA supported on that system: VDA for Windows Server OS or VDA for Windows Desktop OS.

Standalone VDA installation package

The smaller standalone package more easily accommodates deployments using Electronic Software Distribution (ESD) packages that are staged or copied locally, have physical machines, or have remote offices. The standalone package is intended primarily for deployments that use command line (silent) installation; it supports the same command line parameters as the full-product installer. The package also offers a graphical interface that is equivalent to the full-product installer.

How to use the graphical interface for the standalone VDA installer.

How to use the command line interface for the standalone VDA installer.

There are two self-extracting standalone VDA installer packages: one for installation on supported server OS machines, and another for supported workstation (desktop) OS machines.

By default, files in the package are extracted to the Temp folder. More disk space is required on the machine when extracting to the Temp folder than when using the full-product installer. Files extracted to the Temp folder are not automatically deleted, but you can manually delete them (from C:\Windows\Temp\Ctx-*, where * is a random Globally Unique Identifier) after the installation completes. Alternatively, you can use the /extract command with an absolute path.

If your deployment uses Microsoft System Center Configuration Manager, a VDA installation might appear to fail with exit code 3, even though the VDA installed successfully. To avoid the misleading message, you can wrap your installation in a CMD script or change the success codes in your Configuration Manager package. For more information, see the forum discussion at  


A restart is required at the end of the VDA installation.

If you want to minimize the number of additional restarts needed during the installation sequence:

  • Ensure that a supported .NET Framework version is installed before beginning the VDA installation.
  • For Windows Server OS machines, install and enable the RDS role services before installing the VDA.

Other prerequisites do not typically require machine restarts, so you can let the installer take care of those for you.

If you do not install prerequisites before beginning the VDA installation, and you specify the /noreboot option for a command line installation, you must manage the restarts. For example, when using automatic prerequisite deployment, the installer will suspend after installing RDS, waiting for a restart; be sure to run the command again after the restart, to continue with the VDA installation.

VDAs on unsupported Windows systems

The latest VDAs are not supported on Windows XP or Windows Vista systems; additionally, some of the features in this and other recent releases cannot be used on those operating systems. Citrix recommends you replace those systems with currently-supported Windows desktop OS versions and then install a VDA from this release. If you must continue to accommodate machines running Windows XP or Windows Vista, you can install an earlier Virtual Desktop Agent version (5.6 FP1 with certain hotfixes). See CTX140941 for details. Keep in mind that:

  • You cannot install core components (Controller, Studio, Director, StoreFront, License Server) on a Windows XP or Windows Vista system.
  • If you use Windows XP or Windows Vista systems, when you create a Machine Catalog containing those machines, be sure to choose the 5.6 FP1 entry in the "Select the VDA version installed ..." listbox on the Master Image page.
  • Remote PC Access is not supported on Windows Vista systems.
  • Citrix support for Windows XP ended April 8, 2014 when Microsoft ended its extended support.
  • Continuing to use older VDAs can affect feature availability and VDA registration with the Controller; see Mixed environment considerations.

What to specify when installing a VDA

The following sections explain what you specify during installation. It follows the sequence of the graphical interface wizard; equivalent command-line options are also provided. The installation articles provide details about how to launch the wizards or issue commands with options. 

Check VDA intallation guidance for tasks you may need to complete after VDA installation. 


The VDA environment specifies how you will use the VDA:

  • The default "master image" option indicates you will use Machine Creation Services (MCS) or Provisioning Services to create virtual machines based on a master image created in a hypervisor or cloud service. You install the VDA on the master image. (Command line option: /masterimage)
  • The "Remote PC Access" option indicates you will install the VDA on a physical machine or on a VM that was provisioned without a VDA.

HDX 3D Pro (VDA for Windows Desktop OS version)

When you install a VDA for Windows Desktop OS, you are offered the option to install the standard or the HDX 3D Pro version of the VDA.

  • The standard VDA is recommended for most desktops, including those enabled with Microsoft RemoteFX. This is the version installed by default.
  • The VDA for HDX 3D Pro optimizes the performance of graphics-intensive programs and media-rich applications. It is recommended if the machine will access a graphics processor for 3D rendering. (Command line option: /enable_hdx_3d_pro)

Core Components (installation location and Citrix Receiver installation)

Components are installed in C:\Program Files\Citrix by default. You can specify a different location during installation, but it must have execute permissions for network service. (Command line option: /installdir to specify nondefault directory)

By default, Citrix Receiver for Windows is installed with the VDA. You can disable this default action. (Command line option: use "/components vda" to prevent Citrix Receiver installation)

Delivery Controller

You can specify the addresses (FQDNs) of installed Controllers either when you install the VDA (recommended) or later. Although you are not required to specify Controller addresses when you install a VDA, keep in mind that that a VDA cannot register with a Controller without this information. If VDAs cannot register, users on machines containing those VDAs will be unable to access their applications and desktops. (Command line option:  /controllers)

  • If you specify Controller FQDNs when you install the VDA, the installer attempts to connect to the specified addresses. If the connection attempt fails, the installer provides informative messages.
  • If you choose to specify Controller addresses later, the installer reminds you of that requirement. If you install a VDA without specifying a Controller address, you can either rerun the installer later or use Citrix Group Policy.

If you specify Controller addresses both during VDA installation and in Group Policy, the policy settings override settings provided during installation.

Remember that successful VDA registration also requires that the firewall ports used for communication with the Controller are open.

After you initially specify Controller locations (either when installing the VDA or later), you can use the auto-update feature to update VDAs when additional Controllers are installed.

For more information about how VDAs discover and register with Controllers, see the Delivery Controllers article. 


You can enable or disable the following features that are used with VDAs:

  • Optimize performance: (Default = enabled) When this feature is selected, the optimization tool is used for VDAs running in a VM on a hypervisor. VM optimization includes disabling offline files, disabling background defragmentation, and reducing event log size. For more information, see CTX125874. Do not enable this option if you will be using Remote PC Access. (Command line option: /optimize)
  • Use Windows Remote Assistance: (Default = enabled) When this feature is selected, Windows Remote Assistance is used with the user shadowing feature of Director, and Windows automatically opens TCP port 3389 in the firewall, even if you choose to open firewall ports manually. (Command line option: /enable_remote_assistance)
  • Use Real-Time Audio Transport for audio: Default = enabled) When this feature is selected, UDP is used for audio packets, which can improve audio performance. (Command line option: /enable_real_time_transport)
  • Framehawk: (Default = enabled) When selected, bidirectional UDP ports 3224-3324 are opened. (You can change the port range later with the "Framehawk display channel port range" Citrix policy setting; you must then open local firewall ports.)  A UDP network path must be open on any internal (VDA to Citrix Receiver; or VDA to NetScaler Gateway) and external (NetScaler Gateway to Citrix Receiver) firewalls. If NetScaler Gateway is deployed, Framehawk datagrams are encrypted using DTLS (default UDP port 443). For more information, see the Framehawk article. (Command line option: /enable_framehawk_port)
  • Install Citrix App-V publishing components: (Default: enabled) Select this feature if you will use applications from Microsoft App-V packages. For more information, see the App-V article. (Command line option: /install_appv)
  • Personal vDisk: (Default = disabled; available only when installing a VDA for Desktop OS on a VM.) When this feature is selected, Personal vDisks can be used with a master image. For more information, see the Personal vDisks articles. (Command line option: /baseimage)


By default, the following ports are opened automatically if the Windows Firewall Service is running, even if the firewall is not enabled. You can disable this default action and open the ports manually if you use a third-party firewall or no firewall, or if you prefer to do it yourself. For complete port information, see CTX101810. (Command line option: /enable_hdx_ports)

  • Controller Communications: TCP 80, 1494, 2598, 8008. For communication between user devices and virtual desktops, configure inbound TCP on ports 1494 and 2598 as port exceptions. For security, Citrix recommends that you do not use these registered ports for anything other than the ICA protocol and the Common Gateway Protocol. For communication between Controllers and virtual desktops, configure inbound port 80 as a port exception.
  • Remote Assistance: TCP 3389. Windows opens this port automatically if the Windows Remote Assistance feature is enabled on the previous page, even if you choose to open the ports manually.
  • Real Time Audio: UDP 16500-16509.
  • Framehawk: UDP 3224-3324.


After you review the information presented and click Install, the display shows the progress of the installation. After the installation completes, a machine restart is required before the VDA can be used.