Note: These features are valid only for supported Windows server machines. They do not apply to Windows desktop OS machines.
The Microsoft virtual IP address feature provides a published application with a unique dynamically-assigned IP address for each session. The Citrix virtual loopback feature allows you to configure applications that depend on communications with localhost (127.0.0.1 by default) to use a unique virtual loopback address in the localhost range (127.*).
Certain applications, such as CRM and Computer Telephony Integration (CTI), use an IP address for addressing, licensing, identification, or other purposes and thus require a unique IP address or a loopback address in sessions. Other applications may bind to a static port, so attempts to launch additional instances of an application in a multiuser environment will fail because the port is already in use. For such applications to function correctly in a XenApp environment, a unique IP address is required for each device.
Virtual IP and virtual loopback are independent features. You can use either or both.
Administrator action synopsis:
- To use Microsoft virtual IP, enable and configure it on the Windows server. (Citrix policy settings are not needed.)
- To use Citrix virtual loopback, configure two settings in a Citrix policy.
When virtual IP is
enabled and configured on the Windows server, each configured application
running in a session appears to have a unique address. Users access these
applications on a XenApp server in the same way they access any other published
application. A process requires virtual IP in either of the following cases:
- The process
uses a hard-coded TCP port number
- The process
uses Windows sockets and requires a unique IP address or a specified TCP port
To determine if an
application needs to use virtual IP addresses:
- Obtain the
TCPView tool from Microsoft. This tool lists all applications that bind
specific IP addresses and ports.
- Disable the
Resolve IP Addresses feature so that you see the addresses instead of host
- Launch the
application and use TCPView to see which IP addresses and ports are opened by
the application and which process names are opening these ports.
- Configure any
processes that open the IP address of the server, 0.0.0.0, or 127.0.0.1.
- To ensure that
an application does not open the same IP address on a different port, launch an
additional instance of the application.
How Microsoft Remote
Desktop (RD) IP virtualization works
- Virtual IP
addressing must be enabled on the Microsoft server.
in a Windows Server 2008 R2 environment, from Server Manager, expand Remote
Desktop Services > RD Session Host Connections to enable the RD IP
Virtualization feature and configure the settings to dynamically assign IP
addresses using the Dynamic Host Configuration Protocol (DHCP) server on a
per-session or per-program basis. See the Microsoft documentation for
- After the
feature is enabled, at session start-up, the server requests
dynamically-assigned IP addresses from the DHCP server.
- The RD IP
Virtualization feature assigns IP addresses to remote desktop connections
per-session or per-program. If you assign IP addresses for multiple programs,
they share a per-session IP address.
- After an
address is assigned to a session, the session uses the virtual address rather
than the primary IP address for the system whenever the following calls are
made: bind¸closesocket¸connect, WSAConnect, WSAAccept, getpeername,
getsockname, sendto, WSASendTo, WSASocketW, gethostbyaddr, getnameinfo,
When using the
Microsoft IP virtualization feature within the Remote Desktop session hosting
configuration, applications are bound to specific IP addresses by inserting a
“filter” component between the application and Winsock function calls. The
application then sees only the IP address it should use. Any attempt by the
application to listen for TCP or UDP communications is bound to its allocated
virtual IP address (or loopback address) automatically, and any originating
connections opened by the application originate from the IP address bound to
In functions that
return an address (such as GetAddrInfo(), which is controlled by a Windows
policy), if the local host IP address is requested, virtual IP looks at the
returned IP address and changes it to the virtual IP address of the session.
Applications that attempt to get the IP address of the local server through
such name functions see only the unique virtual IP address assigned to that
session. This IP address is often used in subsequent socket calls, such as bind
application requests to bind to a port for listening on the address 0.0.0.0.
When an application does this and uses a static port, you cannot launch more
than one instance of the application. The virtual IP address feature also looks
for 0.0.0.0 in these call types and changes the call to listen on the specific
virtual IP address, which enables more than one application to listen on the
same port on the same computer because they are all listening on different
addresses. The call is changed only if it is in an ICA session and the virtual
IP address feature is enabled. For example, if two instances of an application
running in different sessions both try to bind to all interfaces (0.0.0.0) and
a specific port (such as 9000), they are bound to VIPAddress1:9000 and
VIPAddress2:9000 and there is no conflict.
Enabling the Citrix virtual IP loopback policy settings allows each session to have its own loopback address for communication. When an application uses the localhost address (default = 127.0.0.1) in a Winsock call, the virtual loopback feature simply replaces 127.0.0.1 with 127.X.X.X, where X.X.X is a representation of the session ID + 1. For example, a session ID of 7 is 127.0.0.8. In the unlikely event that the session ID exceeds the fourth octet (more than 255), the address rolls over to the next octet (127.0.1.0), to the maximum of 127.255.255.255.
A process requires virtual loopback in either of the following cases:
- The process uses the Windows socket loopback (localhost) address (127.0.0.1)
- The process uses a hard-coded TCP port number
Use the virtual loopback policy settings
for applications that use a loopback address for interprocess communication. No additional configuration is required. Virtual loopback has no dependency on Virtual IP, so you do not have to configure the Microsoft server.
- Virtual IP loopback support. When enabled, this policy setting allows each session to have its own virtual loopback address. This setting is disabled by default. The feature applies only to applications specified with the Virtual IP virtual loopback programs list policy setting.
- Virtual IP virtual loopback programs list. This policy setting specifies the applications that use the virtual IP loopback feature. This setting applies only when the Virtual IP loopback support policy setting is enabled.
You can use the following registry settings to ensure that virtual loopback is given preference over virtual IP; this is called preferred loopback. However, proceed with caution:
- Preferred loopback is supported only on Windows Server 2008 R2 and Windows Server 2012 R2.
- Use preferred loopback only if both Virtual IP and virtual loopback are enabled; otherwise, you may have unintended results.
- Editing the registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
Run regedit on the servers where the applications reside.
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\VIP (HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\VIP for 32-bit machines)
- Name: PreferLoopback, Type: REG_DWORD, Data: 1
- Name: PreferLoopbackProcesses, Type: REG_MULTI_SZ, Data: <list of processes>