Top 20 Misconceptions about Citrix MetaFrame and Microsoft Terminal Server

We’ve probably read more than 100,000 posts on the official Citrix support web forums and noticed some basic misunderstandings with Citrix or Terminal Services.

As the “Three Musketeers” (Stefan, Jeff, and Thomas) in the official Citrix support web forums, we have written about 20,000 posts over the last two years. During that time we’ve probably read more than 100,000 posts and noticed some basic misunderstandings with Citrix or Terminal Services. Sometimes answering the same questions get really frustrating for us! Therefore, we’ve written this “Top 20“ list of misunderstandings. Contrary to what you may believe, all of these 20 statements are TRUE.

Note: For easy linkability (is that a word?), this article is available at https://www.brianmadden.com/opinion/Top-20-Misconceptions-about-Citrix-MetaFrame-and-Microsoft-Terminal-Server

Top 20 Citrix and Terminal Services Facts that many people incorrectly think are myths

1. Citrix MetaFrame is just an ADD-ON for Microsoft Terminal Services.

2. A Citrix MetaFrame connection license does NOT include a Microsoft Terminal Services client access license (TSCAL).

3. With Windows 2000 and above you MUST deploy a Terminal Server licensing server (TLS). Period. No exceptions. (Warning: An initial "grace period" may fool you into thinking otherwise!)(read more)

4. Windows 2000 Professional and Windows XP Professional do NOT have a "built-in" TSCAL licenses. (They can however get free licenses when used with Windows 2000 Terminal Servers.)(read more)

5. Citrix’s NFuse / Web Interface (WI) is basically a web-enabled Program Neighborhood (PN) that delivers custom ICA files on demand.

6. ICA connections via Citrix Secure Gateway (ICA in SSL) are completely different from HTTPS connections, even though both work over port 443 and use SSL encryption.

7. There is a different MetaFrame FR-3 version for Windows 2000 and Windows 2003. Also, MetaFrame XP FR-3 is the first version that supports Windows 2003.

8. With Windows 2003 acting as a Terminal Server, you need a Terminal Server licensing server running on a Windows 2003 server.

9. There is NO Web Interface Extension (WIE) for Web Interface 3.0! You have to use MSAM.

10. You need application licenses (Office, etc.) for EVERY user that could possibly start the application on the server. (read more)

11. As a default, Windows 2003 allows only ONE session per user.

12. When using NAT to access a MetaFrame server you have to run ALTADDR on the server to configure Citrix to use the external IP.

13. Speaking of NAT, EVERY server requires it’s own public IP address if using NAT.

14. Port 1604 UDP (Broadcasts) is NOT required anymore. It was replaced a long time with the Citrix XML service on TCP port 80.

15. TCP port 2598 is the NEW port for session reliability with MPS3. It should be disabled at the server and Web Interface if not used.

16. Citrix Secure Gateway 1.1/2.0 does NOT support port 2598 for session reliability. (read more)

17. An application MUST reside on the same server as the application that calls it unless you are using PNA and content redirection.

18. Citrix Secure Gateway 2.0 does officially NOT support the “relay mode.” Therefore you cannot use PN or an ICA file to connect through CSG.

19. When using Citrix Web Interface, Hotkeys are enabled and disabled by editing the template.ica on the WI server.

20. Microsoft hotfixes are FREE of charge. (You just have to call the technical support number to get them.) Also, you should NOT download Microsoft hotfixes from any third-party website, because these sites do not use the same version control as Microsoft and you have no idea whether you’re getting the most recent Hotfix or not.

Join the conversation

48 comments

Send me notifications when other members comment.

Please create a username to comment.

13. Speaking of NAT, EVERY server requires it’s own public IP address if using NAT.

A workaround is changing ICA port from every server, for using just a public IP.

I mean

change server1 ica port to 1494 -> public_ip:1494 -> server1_privateIP:1494

change server2 ica port to 1495 -> public_ip:1495 -> server2_privateIP:1495

and so on...
Cancel
That is called port address translation PAT (WI admin guide page 65) and you have to open every port on the FW.
Cancel
TCP/IP Network endpoints are IP and port, not only IP, so PAT is (at least) an artificious word. But this is just terminology.

The 'so called' PAT (for me, plain NAT ;-) ) _IS_ a solution, anyway.


>> and you have to open every port on the FW

???

What the hell??? why? just open the ones you wanna use!


So, this solution is not the best, but is a workaround to have just a public IP.



Cancel
17. An application MUST reside on the same server as the application that calls it unless you are using PNA and content redirection.

Or (obviously) a File Server (IE, an external SMB Server with the exes).

The aplication, must _run_ on the same server.
Cancel
Sorry.. you meant -> every == each one you wanna use. Sorry again

About <a href="http://winplanet.webopedia.com/TERM/P/PAT.html">PAT </a>:

<code>

Short for port address translation, a type of network address translation. During PAT, each computer on LAN is translated to the same IP address, but with a different port number assignment.

PAT is also referred to as overloading, port mapping, port-level multiplexed NAT or single address NAT.

</code>
Cancel
That one was included because so many people think that publishing an application automatically makes it available to the entire farm as if it was installed locally. It's amazing how some people get upset when they learn differently.
Cancel
For app deploying on the farm, i suggest to relay on MSI + Active Directory Technologies, (or the solution for the poor, a File server :-D ).

Cheers.
Cancel
Sorry this goes on the up-thread :-S (i've got the twistedfinger syndrome :-DDD )

Sorry again.
Cancel
The list is to show what absolute newbies, who get stuck with maintaining a farm for the first time encounter. (mostly happens on new jobs etc).
For advanced citrix admins, the list is a joke, and will probably just create a smile on their face, or trigger the reaction to post other ways to get the same accompliched.

For hardcore discussions, visit briforum.
Cancel
Let me put it differently. With advanced admin, i mean sbc consultants who do installations and troubleshooting for a living. For those people the list should look familiar for situations where they were send in to fix things.
About 70 to 80% of the forum visitors ask the above from the list. A small portion does some advanced stuff, and those posts are very educating. (at least for me)
Cancel
With Windows 2003 acting as a Terminal Server, you need a Terminal Server licensing server running on a Windows 2003 server.

Don't jump down my throat, but how is this a myth? You can somehow have a 2003 Terminal Server use a Terminal Server license server running on Windows 2000?

From Brian's article:

"In Windows 2003 Terminal Server environments, the TS licensing service must be installed on a Windows 2003 server. That server can be any server in your environment, and it doesn’t have to be a server that’s running Terminal Server. Most companies install the TS licensing service on a standard Windows 2003 file and print server."

Also with #3, unless you mean the 120 grace period, this statement isn't particularly effective. You WILL need a license server if you want to use it long term.

agressiv
Cancel
"Don't jump down my throat, but how is this a myth? You can somehow have a 2003 Terminal Server use a Terminal Server license server running on Windows 2000?"

There is quite a number of people upgrading their TS/Citrix server to 2003, asuming the Lisensing stay's the same as it was. (read free, because they use win2k/XP pro clients) On day 121 they come to the forum.

There is also a number of people convinced that they don't need a TS license server, because they use citrix, which has it's own licensing, and what on earth does TS licensing has to do with an ica connection.
Cancel
it only emphasizes my point. #8 made it seem like you didn't need a 2003 license server with 2003 term serv. Maybe its just poorly worded, IMO.

Its certainly not a myth:

You DO need a server running 2003 for licensing in the long run if you wish to stay with 2003 term serv. So I'm actually agreeing with the "myth", as it is stated.

agressiv
Cancel
guess i was reading them as "myths" rather than misunderstandings.

Ignore my previous posts :)

agressiv
Cancel
I should point out that the author of the above post (xs4citrix) is Stefan, one of the authors of this article. So what he was saying was coming from the point of why they made this list. He was not bashing it.
Cancel
If your going to go through the trouble of setting up PAT, then use the Fricken CSG product that Citrix basically gives away for FREE.

Joe
Cancel
Does this mean that I don't need a TSCAL to access my MPS box? Could someone expand on what #2 actual means.

Cheers
Cancel
sorry if this is harping on, but i'm with tlyczko on this one.

as a newbie myself, i like the idea, but some of these 20 things appear to be myths, and some appear to be the truth that would maybe be in response to the myth.

eg, 1. seems like the myth, but as far as i'm aware 20 is a true statement. (even if the hotfix hasn't been released on the msft site, if it exists and you have the issue they will supply it with a phone call, for free).

so i'm not sure i can work out wether some of these are the TURE things, or the MYTHS. kinda makes it more confusing... anybody want a quick shot from one to 20 which what's a myth and what's a truth? or are they all myth and i'm just not up on some of them...???
Cancel
These are all true as written. Every single one. So if you think that one is false, then you are a victim of misunderstanding.
Cancel
Could I suggest that you change the title to:

"Top 20 Answers to Citrix and Terminal Services Misunderstandings"

It may help to clear any confusion.

Cheers

The Anony Mouse
Cancel
Since ALL 20 statements are TRUE, it means you NEED also Microsoft TSCAL's and you MUST deploy a Microsoft Terminal Server licensing server (TLS).

Thomas
Cancel
I just changed the text right before the list stating that these twenty items were true. Thanks for the idea.
Cancel
mmmm
Cancel
Even if you do not get charged for the request, you will need to have support contract
Cancel
>you will need to have support contract
No, you do not need a support contract to get a public HotFix.
Cancel
Citrix, on the other hand, charges for their limited release hotfixes.
Cancel
Not true, I called and got a hotfix from Microsoft today... All I had to give was a name and a number.. No support contract needed.
Cancel
Not all apps are .msi... You're better off with something like altiris.
Cancel
Congrats guys...
http://bink.nu/Article3695.bink
Cancel
I actually just spoke to an MS tech today about this. The non-public hotfixes (i.e. contact MS tech support to get it) are just as free as the public ones. They just want to make sure you realize they are not fully regressed and/or may not fix the very specific problem you want them for.

More to the point, you think it's risky installing a public hotfix? At least public hotfixes have some level of knowledgebase behind them (even if it's not in the public KB). The non-public hotfixes are risky enough that MS doesn't want someone to just download them and install without reading the fine print (that never happens, right? :). One a scale of 1-10 I consider a public fix to already be a 9+ risk factor (i.e. don't install if I have plans for the weekend). Non-publics must fix a problem for me that is much worse than spending an entire weekend on the phone with tech support.
Cancel
Ummm...for a newbie with Citrix, I was glad for an article like the three amigo's posted, but after reading the comments I am now more the confused.

Can you like an earlier poster put it in a simpleton layout? Myth first, then truth.
#1 Myth blah blah blah
#1 Fact blah blah blah
and so on.

cheers
tom
Cancel
Oh one more silly question, but is point #1 a myth or fact? If one reads your intoductory paragraph -

"Therefore, we’ve written this “Top 20“ list of misunderstandings. Contrary to what you may believe, all of these 20 statements are TRUE."

How can a misunderstanding be TRUE? Sounds like MS doublespeak to me.

If point one's misconeption is TRUE - then Citrix IS an add on to Terminal Services and not a stand alone product? What about Novell, Linux, or Apple users, they would need Terminal Services to run then...not.

cheers
tom

Cancel
actually there is a registry hack for TS2003 to use a W2k-Server as licensing server - just ask M$ for the hack they give it away
Cancel
>Citrix IS an add on to Terminal Services and not a stand alone product?
Yes Citrix MetaFrame, that is the software part that you install on the server side, is only an add-on for Microsoft terminal services in application mode.

>What about Novell, Linux, or Apple users
They use the Citrix ICA client NOT MetaFrame!

Thomas
Cancel
Good article. As a former CCI I would answer 17-18 of the questions in the first day with one exception.

It was a private on site class located in South East, FL (in a county located between Palm Beach and Miami-Dade). Client was training about a dozen new Citrix administrators to manage about 100 new Citrix severs soon to be installed. One of the soon to be administrators asked what was the CITRIX licensing message error that was being generated on their 3 month old test bench. They did not know about TSCalcs. Glad I did not have to attend that meeting.

How about a similar UNIX article for the two versions of Sun and their two cousins HP and IBM?
Cancel
Good article. As a former CCI I would answer 17-18 of these question in the first day with one exception.

It was a private on site class located in South East, FL (in county located between Palm Beach and Miami-Dade). Client was training about a dozen new Citrix administrators to manage about 100 new Citrix severs soon to be installed. One of the soon to be administrators asked what was the CITRIX licensing message error that was being generated on their 3 month old test bench. They did not know about TSCalcs. Glad I did not have to attend that meeting.

How about a similar UNIX article for the two versions of Sun and their two cousins HP and IBM?
Cancel
I would seriously go back and read up on what Metaframe is. You cannot run Metaframe for windows without Terminal Services. If you are, please let us know because that would be a huge breakthrough. The savings in MS licenses alone would be huge.
Cancel
Apparently they truly are misconceptions....
Cancel
How about Metaframe for UNIX?
Cancel
My post said Metaframe for WINDOWS.
Cancel
I have observed that a lot of CUSTOMERS (i.e. the poor saps who pay us to play with their toys) "get upset" with a lot having to do with Citrix.

With the horde of patches (at least MS will automatically patch for you, if you want -- patching Citrix is like having to invent rubber to fix a slow leak in your tire), plus the dog-slow logins, the incessant problems with printers (even after turning OFF the hinky "autocreate" mess), the dog-slow application launch times (over a GB Ethernet LAN, with a high-end Server & a high-end WS, latest patches, hotfixes, drivers, fully-optimized network settings, etc., etc.), the way apps just sit there sometimes without even a blinking cursor to tell you they're alive...

Give them a couple more decades to get the licensing issues worked out, then a decade or so to fix the performance problems, then several more decades (all that's at the current rate of repairs), and Citrix will be ready for the Real World in the 22nd Century, maybe.

Meanwhile, go find someone who can give you a valid, unbiased Cost-Benefit Analysis at the company level (not just MF vs TS) and you'll see why Linux is becoming so popular!

I just wanted to replicate a User (NOT anonymous!!) and still can't find (what SHOULD be) such a simple instruction as that. I miss Netware! I miss MVS/XA!! Why can't you people get this stuff to work??
Cancel
I have Windows 2003 server and I want to freeze the 120 grace day for Terminal Server License, you know, to get an unlimited time of Terminal server without to pay to Microsoft. could anybody help me?
Cancel


I have Windows 2003 server and I want to freeze the 120 grace day for Terminal Server License, you know, to get an unlimited time of Terminal server without to pay to Microsoft. could anybody help me?

write me to: catolicachiquitos@ucbscz.edu.bo


Thanks
Cancel
Although you'd be in violation of the EULA, you could purchase one 2003 per-User TSCAL and put the TS in per-user mode, which would technically allow you to host unlimited (as many as your hardware supports) RDP Sessions, as the TS just checks for an activated TSLS with any per-user TSCALs installed (when the TS is in Per-USer Mode).  If it finds one, the connection is granted.

I will warn you that this is illegal if you don't have the proper licensing.  If this is for testing purposes, I'd recomend that you script the OS, TS & application install process so you can re-start the 120 day grace period when needed.

You do know that educational institutions usually qualify for Academic licenses, which are about 20-50% (an 50-80% discount) the cost of commercial licenses, i.e. if you had to purchase 1000 TSCALs at a normal cost $120K USD, I think you could get the educational licenses for about $25K-50K USD.
Cancel
csg is free but they get you on the SSL cert you have to get it. it's cheaper to do all the configs for PAT vs spending 1k on an SSL (assuming you dont need that much security)
Cancel

Wait I am confused, are these items in the list things people say that are wrong? Or are these items in the list things people hear that they believe to be untrue but actually are fact??

 

Cancel

My guess is the latter b/c of the "read more" links....

 

Cancel
I would guess that the authors meant for these items to be general misconceptions  since they write "Contrary to what you may believe, all of these 20 statements are TRUE." in the first paragraph.
Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchEnterpriseDesktop

SearchServerVirtualization

SearchVMware

Close