Citrix and the Battle of Print Sharing!

Have you ever had one of those problems that, once you find the solution, makes you want to want to facepalm whoever caused the problem so very, very hard?  I ran into something like that the other day, which drove me absolutely crazy!  And the worst part about it, is that the final solution that was discovered made absolutely no sense…

The Problem

The problem began when I had a user approach me one day, telling me that she was having a hard time printing.  Her computer had been connected to a third party company’s Windows Server, using Citrix for remote connectivity.  Her printers were shared through Citrix, which allowed her to print to any of her local printers from the Windows Server.  When we set up her printers, we renamed one of her printers, prepending her name to the beginning of the printer name, so that we could easily find it when attempting to print, and having to select the right printer to print to.

What was happening was that when the user opened Adobe Reader through the remote OS, and attempted to print a document, Adobe Reader completely locked up, preventing any further action.  I eventually had to open up the Task Manager and kill Adobe Reader.

After some extensive testing, I landed in the Event Viewer.  I noticed that every time a document successfully printed, there was an Event #10 posted in the Event Viewer, stating that the document successfully printed.  I also noticed the document appear in the print queue on both the Citrix remote Windows Server, and on her local computer.  However, whenever Adobe Reader failed to print and locked up, and Event #13 appeared in the event log, which stated that the document was deleted.  Also, nothing ever appeared in either of the two print queues.  Odd…

Now, I suppose it’s worth pointing out at this point that I am not very familiar with Citrix.  I can make it work, and it works fine, but I have much more experience with Remote Desktop, and TeamViewer.  So, troubleshooting was a bit of work, especially because the Citrix setup was done by a third party company, and they were going down the wrong path in trying to solve the problem.  Consequently, it was completely up to me to try to determine what the heck was wrong, and what to do to fix it.

The Process

I wasn’t sure where to start with figuring out the problem, so I just decided to jump in head first, and test everything I could find.

I started back in Citrix, seeing what was wrong.  I noticed that I could open up notepad, type up something, hit Print, and it would print just fine to the printer.  I also noticed that if I opened up Adobe Reader and hit print, it would print fine as well!  BUT, if I changed a single setting in Adobe Reader (“Choose paper source by PDF size”), and hit print, the entire thing locked up!

To make things even more complicated, we had another user who was sharing the same network printer, also logging into Citrix, and also printing using that flag, and it worked just fine.  So, something was fishy.  Why would attempting to print on one computer, using that flag, lock up, where as on another computer, or not even using that flag at all, printed just fine?  Frustrating!

I then brought a third computer into the mix.  I logged into this computer, logged into Citrix, printed with the flag to the printer, and it worked.  Thinking that it maybe had something to do with the fact that this other user was not an administrative user, I decided to log into her computer myself and try it.  I logged in, set up connectivity to the same network printer, logged into Citrix, tried to print, and it worked…  I then logged back in as the other user, tried it again, and everything still locked up again.

At this point, the last thing I could think of was that her profile was corrupt on the computer she was on, and so somewhere along the line it was corrupting network traffic, and causing things to lock up.  So, I completely blew away her profile, and let it recreate when she logged in again.  And again, after logging in and trying to print – the damn thing locked up.

Fark

At this point, I’m completely confused.  Nothing makes sense, and it should all be working.  I give up, throw in the towel, and decide to go for broke, and completely wipe the Windows OS, and completely reformat and reinstall Windows.  After doing so, I reconnect the computer to the domain, have the user log in again, connect to the network printer, rename it so we can find it, connect to Citrix, try to print, and……..it locks up again!

At this point I’m pissed.  What could be more clean that a freshly reformatted computer? Everything should have worked fine!  So, I begin to wonder if it’s an issue with the Citrix server, wondering if it tracks MAC addresses that communicates with, throwing some configuration parameter somewhere now that it recognized her computer / username, etc.  Or, I’m wondering if our Active Directory is messing something up in the process, keeping it from working, intercepting network traffic, etc.  I’m absolutely confused, and am ready to just purchase a brand new computer for her and get rid of this one and call it a day!

The Solution(!!!)

It is at this point that I decide to give it one last hurrah, and have the user log into the other user’s computer who has not been having this problem at all.  I have her log into the computer, verify that the network printer is configured, log into Citrix, try to print, and select the printer, and BAM!  It works!

Now I’m completely, and utterly confused.  Why would it not work on her own computer, even after a complete reformat / reinstall, whereas it would work when I logged into her computer, and yet it would work for her on someone else’s computer?  Then suddenly, it all became clear to me…

It was the name of the printer!!!

Yes, that’s right, the blasted name of the printer…

Here’s what happened:  every time I attempted to print from her user account on her computer, I was using the printer that I had renamed in order to find it easily on the Citrix server.  What I simply did was to append her first name (let’s call her Peggy) to the start of the printer name.  In this way, when she went to print through Citrix, she merely had to look for “Peggy LaserJet 1234” printer, and select it.  This differed from when I did it by logging into my own account, because I didn’t rename the printer.  I had merely left it as-is when doing my troubleshooting.

This problem of the renamed printer also carried over into her profile.  When I blew away her profile and recreated it, it somehow pulled in “Peggie LaserJet 1234” from the previous profile, or somehow that printer got configured in the default profile, so that it was pulled in every time a new profile was created.  Note that this didn’t affect my profile when I logged in, since I had previously logged in before that printer had been configured in the default profile.

This problem also didn’t affect the other user, because the third party company incorrectly told her that she needed to have that printer set as her default printer, if she wanted to be able to print to it through Citrix.  In the case of my problematic user, however, she would be printing to that printer very infrequently, and would be printing to a different printer much more often.  In that case, I thought it was asinine and unnecessary for her to set this specific printer as her default printer, just for those occasional uses where she needed to print to the printer through Citrix.  So, the better solution was to simply rename the printer to add her name to the front of it, so that she could easily find it at a later time when she wanted to print!

Conclusion

To recap – there’s apparently a bug in place somewhere, either through Citrix, or  Windows Server 2003, or Adobe Reader 7 (yes, the Citrix remote computer is still using Adobe Reader 7), that is causing this issue to be apparent.  Furthermore, the issue only affects users if they are trying to print by using the “Choose paper source by PDF page size” flag, and their printer name is over a certain length.

What is that length, you ask me?  Well, I could spend hours figuring out the exact details of this issue, and give specific answers, but I’ve spent enough of my time dealing with this problem!  All I can give you is that the following name worked:

HP LaserJet 1234 PCL6

Furthermore, attempting to prepend the name of the printer with her initial also worked:

P HP LaserJet 1234 PCL6

But by attempting to put her entire name at the beginning of the printer name did not work:

Peggie HP LaserJet 1234 PCL6

So, it appears that somewhere between 23 and 28 characters is what caused the printer to lock up.  However, note that I believe Citrix expands onto the name of the printer, with something like:

Peggie HP LaserJet 1234 PCL6 Auto Created on wl_abcdefgabcdefg

Where it “Auto creates” any printers through the Citrix interface, and adds a session ID onto the end of it as well.  So, the overall string that works or doesn’t work in someone else’s situation may be dependent on what name the Citrix client eventually gives to the printer itself.

As I mentioned when I started this post, the solution to the problem we experienced makes absolutely no sense.  While I would understand if the printer didn’t work AT ALL, because it was too long of a name for the Citrix client / Windows Server / Adobe Reader, what doesn’t make sense is the fact that it only doesn’t work if the name is too long, AND if that one print configuration flag is checked when printing.  Everything else outside of that situation works just fine.

My apologies for the long-winded post today.  However, I felt it was worth adding all that information, so that anyone searching the Googles for a similar problem will be better able to determine if this problem is the same as theirs or not.  If the time spent typing up this blog post can save someone else at least an hour’s worth of time who’s running into the same problem, then it’s completely worth it!

Until next time!

– Admin

Keeping Files in Sync in Windows 7

For any of you who know, it’s incredibly frustrating to use Windows 7’s Offline File synchronization capabilities.  While it does work, and it does keep files in sync, it does so in a weird, round-about way.

To start with, let’s look back at XP (I’m going to skip Vista, because I never used its file synchronization capabilities.  With XP, you would enable offline files for a specific directory.  You could then make changes to the files within that folder to your heart’s content.  Once you were done, you would simply log off of the computer, or shut down.  It was during this logoff process that the computer would then synchronize any changes from the remote folder to your computer, for offline viewing at a later time, if necessary.  It worked well, and people usually didn’t have a problem with it.

Imagine the following workflow:

  1. A user turns on his laptop, and connects to a network.
  2. The user then makes modifications to his folder on a remote location (a shared drive on a server, for example).
  3. At the end of the day, the user shuts down his laptop to go home for the night.
  4. During the shutdown process, the system syncs any changed files from the server to the user’s laptop.
  5. The user then takes the laptop home, and decides to do more work at home.
  6. The user opens up the computer, makes the changes to the offline files, and then shuts down.
  7. The next day the user comes back into the office, turns on the computer, and the files are automatically synchronized back to the server, once the computer detects that it’s connected back to that network.

Now, let’s look at Windows 7, and it’s unique, but critical difference to that of XP.  In Windows 7, the files no longer synchronize when the computer is shut down.  Rather, it synchronizes upon startup!  While this seems OK when you take into consideration the fact that you no longer need to wait for the synchronization to finish when you decide to shut down for the evening, you run into a problem when you try to actually do so.

Follow this scenario:

  1. A user turns on his computer and connects to the network.
  2. All files from the network are synchronized with his laptop that have been configured for offline access.
  3. The user then makes any changes to the files on the server.
  4. At the end of the day the user shuts down his computer to go home.
  5. The user takes the computer home, and decides to do some work in the evening.
  6. The user turns on the laptop, opens up his offline files, and sees that all of his changes that he made during the day are not there.  Crap!

You can quickly see that this is a problem.  Relying on the operating system to keep the files in sync with the files on the server no longer work properly.  Since it’s not synched except for on startup, you can no longer follow your traditional workflow.  Rather, you need to manually run the file synchronization before shutdown, to make sure that the files are synched.  This becomes a headache, because it requires user intervention every day.

And as we all are aware of, if it requires user intervention and manual process, it will never be done (at least it won’t be done during the instance that it needs to be done!).

So, what is the solution?

There are a number of various solutions that involve some complicated scripts, some scheduled tasks that you can create that would run at some arbitrary / triggered time, etc.  However, I’ve stumbled across a great solution that works like a champ, and makes me wonder why Microsoft didn’t configure it that way to begin with!

The solution?  A Group Policy Object!

This could be done as a setting on each specific computer you would like it changed on, individually (I think).  However, in my case, I went ahead and did it through our primary Windows Server (we run Active Directory, and manage all of our computers that way).

To do so, perform the following steps on your computer / server:

  1. Open up Group Policy Management (Start –> Administrative Tools –> Group Policy Management).
  2. Select a Group Policy Object that you are enforcing, and right-click it and select Edit.
  3. Navigate to the following location (Computer Configuration –> Policies –> Administrative Templates –> Network –> Offline Files).
  4. From here, select the “Synchronize all offline files before logging off” Setting, and double-click it to edit it.
  5. Select “Enabled”, and then OK to apply the setting.
  6. Back on your other computer, you may either wait until the group policy settings are pushed out, or you can force them immediately by opening a command prompt and typing “gpedit /force”.

That’s it!

Now, where I get a bit confused is Window’s description of what that setting is supposed to do:

Determines whether offline files are fully synchronized when users log off. […] If you enable this setting, offline files are fully synchronized. […]

Tip: To change the synchronization method without changing a setting, in Windows Explorer, on the Tools menu, click Folder Options, click the Offline Files tab […].

Now, here’s why I’m confused.  The setting itself is titled as though it has to do with logging off.  That is, it sees that one needs to perform the “logoff” action, at which time the system will sync the files, before fully logging on.  However, this does not seem to be the case.  Instead, it appears that it always maintains synchronization between the computer’s offline files, and the files on the server.

In this case, one could essentially make whatever changes he or she wished to the files on the server, and then IMMEDIATELY disconnect the computer from the network.  At this point, the files should already be in sync, and the user can already start working offline, since the files were synched.

This point seems to be reflected in the description of the setting, where it says that the files are “fully synchronized”.  I assume that to mean that they are always synched, and you don’t need to log on / log off in order to make it work.  However, the description also continues on to explain how to do it remotely, using Tools –> Folder Options –> Offline Files.  However, for the life of me on Windows 7, I couldn’t find “Offline Files”.  So, I’m not exactly sure what to believe in the description, and what not to believe!

As you can see, I don’t know why in the heck Microsoft didn’t decide to make this the default setting.  It makes complete sense to me to always have offline files synched with their respective target, and not rely on logon / logoff to perform the sync.  There are many use cases where a user may disconnect the computer from the network without performing either of those actions.  Why you wouldn’t want it to be automatically synched is beyond me.

Anyway, give this setting a shot, and it will fix your problems (and your user’s problems!) with Windows 7’s synchronization process.  No longer will you discover once you’re off the network, that you’re missing that critical file, or you don’t have the most recent changes on the file that you just worked on, that you need immediately.  (Presentations, anyone?)

Enjoy!

– Admin

Google Calendar – Problems sharing outside of domain

So I discovered something new today.  I’ve known for quite some time that Google had their Google Apps capability available for businesses, for a cost of $50.00 per year, per user.  So when I started thinking a bit more about actually putting forth some effort into this domain, I started thinking about paying that, in order to have the suite of Google Apps at my disposal.  But, I wasn’t looking forward to paying the $50.00 a year.

Fast forward that thought until today.  I was doing a bit of looking online, and I came across the following link: http://www.google.com/apps/intl/en/group/index.html.  Lo’ and behold, I was not aware that they supported a standard (free) edition of their apps to domain holders!  So I immediately signed up.  After signing up and verifying my domain (super easy), I set off on my first task – setting up a calendar, that I could share with my main @gmail.com email account.

I suppose this is a good point where I should back up and explain why I was trying to do this.  At the place where I work, we use an Exchange server, and access it through the standard Microsoft Outlook mail client.  However, I don’t have access to my work email account at home.  So, I have my work account set to forward all meeting invites to my @gmail.com email account.  Unfortunately, this is a bit annoying, because it automatically adds those events to my mail calendar, not one of my secondary calendars.  I wanted to add it to a secondary calendar, so that I could keep it separate from my life calendar.  So, I had created a new calendar, checked the settings, found the private calendar email address, and promptly emailed a meeting invite to it.  And I waited…….. and the meeting invite never showed up in my calendar.  I verified that it was set to automatically add invitations.  But they never showed….  So I logged into another email account that I had from a different domain that was using Google apps. I forwarded a meeting invite from that account to the private calendar, and it showed up immediately.  Back and forth I fought and debugged the problem, and was never able to solve the issue as to why a non-Gmail / Google App domain meeting invite couldn’t send a meeting to a secondary calendar, even though it could successfully to the primary calendar.  I finally gave up that endeavor.

So jumping back to today.  I figured that I could create a personal email account for my domain using Google Apps, set up a primary calendar for that specific email account, and then share that calendar with my @gmail.com email account.  Voila!  All events would show on my primary account, and still give me the ability to keep them separate from my main account calendar.  So, I went to my new email account, went to the calendar settings, went to the calendar share tab, and set to work.  I added the email address of my primary account, gave it permissions to make changes to the event, and clicked “add”.  Horray!  Wait…crap, it didn’t work!  I looked down and noticed that it only showed that the shared email address only had the ability to see only free / busy time on the calendar.  But that wasn’t what I selected!  I was confused….

Being a bit of a new user with the Google Apps domain administration interface, I wasn’t sure where to go, or even what needed to be done to fix this.  I mean, why weren’t the settings being maintained for this shared account I was trying to share the calendar with?  For a moment, I had a fear that it was because I was only using the standard edition, and not the premier account.  But fear not, a quick bit of Googling led me to the following link: http://www.jonathanmacdonald.com/?p=2512.  In case the link is no longer available in the future when this post is read, I’ll post the instructions here as well for you to follow.

Essentially, the root cause of the inability to set the sharing settings to anything other than only showing free / busy availability is the following setting:

In order to solve the issue, you must update your domain settings themselves, rather than the calendar settings which actually seem to be the issue.  By default, Google locks down your domain’s calendar sharing settings outside of the domain.  This is a security mechanism (feature?) to help protect calendar data.  In order to fix the problem, must log into your domain Google Apps settings as the administrative user.  Here, you can open up security on the calendars, allowing them to be shared outside of the domain, up to any security level you wish, out of those three options.  Here you can see the three different options to choose from:

In this situation, I have decided to choose the option that allows me to share calendar details outside of the domain, but not let those users make any changes to the calendar.  You can adjust this to allow them to make changes as well, if your situation requires that capability.

Finally, after making that change, you can now go back to your domain user’s calendar, bring up the user’s calendar settings, and you should be able to update their sharing settings up to whatever level you chose for the domain settings:

One important point to note, is that making the sharing options change sharing globally across the entire domain.  You cannot specify that only certain users, or certain calendars, can have their details shared outside of the domain.  So be careful when making these changes, as they will affect every calendar configured from within the domain.

One small issue I had after making this change, was that it was not immediately available in the domain user’s calendar.  I tried a combination of logging out the domain user, deleting the calendar, re-creating the calendar, disabling sharing on the calendar, re-enabling, etc.  Nothing seemed to work, as it still only gave me the option to see free / busy details of the calendar.  However, I left the computer for about 3 hours and came back, and it appeared to work by that time.  So, it may just take some time for the changes to propagate across the entire environment.  If it doesn’t work for you, first verify that the correct changes were made, and then try again later.

I can’t believe how long-winded this post ended up being.  Hopefully it wasn’t too boring, and hopefully it was helpful for those of you who have run into the same issue that I had.  Enjoy!

– admin