Open File Security Warning – Enable or Disable

Have you seen the below message appearing on your Citrix servers and just wished you could turned that OFF. I did, not once but quite a few times that I have decided to document it so that I can quickly revisit the page when I deploy Citrix next time.

The annoying error looks like the below and it is plain ugly to say the least.



I tried a few things that Internet had to offer but nothing worked for me until I tried a combination of the below 2 GPOs




The GPOs could be found here

User Configuration - Administrative Templates - Windows Components - Internet Explorer - Internet Control Panel - Security Page
  • Intranet Sites: Include all local (intranet) sites not listed in other zones
  • Intranet Sites: Include all network paths (UNCs)


The popup should now go away!

How to disable Click here to restore the language bar on “Server Name” when running Citrix published apps directly

For a recent deployment of XenApp 6.5, I have been asked by the customer to remove/disable the language bar that appears in the notification area of Citrix servers.


To fix this, all you need to do is to setup a registry key in the HKLM node. I used the group Policy preferences to do this



Value=0x00040000 (Hex) or 262144 (decimal)

Give the servers a reboot and you are all done. That should take the little pen icon away from the notification area.


microsoft office can’t find your license for this application. A repair attempt was unsuccessful or was cancelled. microsoft office will now exit – Resolved

Users getting the below error message while working in Office/Outlook. In our case, it was Outlook 2013 client.

microsoft office can’t find your license for this application.  A repair attempt was unsuccessful or was cancelled.  microsoft office will now exit



Fix is to start/restart the SOFTWARE PROTECTION service on the servers/clients from where Office is run.

In my case, it was a XenDesktop Hosted Shared catalog and faulty servers exhibited the below.



All I have to do is to restart the Software Protection service on the servers. the executable is sppsvc.exe. I had to open task manager to kill the exe before i could restart the service.


ISS Roles Required for Citrix Desktop Director

Desktop Director runs on top of Microsoft IIS. The below are the IIS roles required for Desktop Director to function properly.


  • Web Server > Common HTTP Features >
Static Content
Default Document
HTTP Errors
HTTP Redirection
  • Web Server > Application Development >
.NET Extensibility
ISAPI Extensions
ISAPI Filters
  • Web Server > Health and Diagnostics >
HTTP Logging
  • Web Server > Security >
Request Filtering
  • Web Server > Performance >
Static Content Compression
Dynamic Content Compression
  • Web Server > Management Tools >
IIS Management Console
Management Service
  • Web Server > Management Tools > IIS 6 Management Compatibility
IIS 6 Metabase Compatibility

Tweaking Netscaler for XenApp/XenDesktop via TCP Profiles

I have recently come across this super blog from Citrix folks on the NetScaler Traffic Management classes. I thought i would rather add this in my blog for easy reference.

NetScaler has a highly scalable TCP stack which is built to take care of varying network conditions and various types of clients/servers. In any communication channel over TCP what makes difference is the client side stack, server side stack, intermediaries and network conditions. Beyond these core aspects the application layer as well impacts with the nature of application, size of request/response and how it makes difference to TCP connection characteristics.

For most cases what we have in default TCP stack holds well but if you know more about your application, client/servers and network conditions then you can use one of the built-in TCP profiles. These TCP profiles have fine-tuned TCP parameters which make significant difference in terms of lower latency, faster response time and better bandwidth utilization in given Application and network environment. NetScaler also allows you to create your own TCP profiles with these core TCP parameters which can optimize the TCP stack for your deployment. The TCP profile can be used globally which has system wide impact and it can also be used per vserver and service to localize the impact. Which means you can have different virtual TCP stacks for multiple vservers and services within same NetScaler, isn’t it really interesting?

The built-in profiles are aimed at common deployment scenarios based on different network and application characteristics. Let us understand the system supplied built-in TCP profiles:


  • Nstcp_default_profile
    • Default TCP profile impacting system globally
    • Any changes impacts the global TCP settings
    • Does not need to be bound to explicit vserver/services
    • Gets overridden by the vserver/service level profiles
  • Nstcp_default_tcp_lfp
    • This profile is recommended to be used in networks with
      • High bandwidth
      • Low packet loss
      • High Round-Trip Time (RTT)
    • Suitable for WAN kind of environments
    • Useful when there is dedicated bandwidth
    • Enterprise use cases across WAN
  • Nstcp_default_tcp_lnp
    • This profile is recommended to be used in networks with
      • Low bandwidth
      • High packet loss
      • High Round-Trip Time (RTT)
    • Suitable for WAN kind of environments
    • Useful when there is restricted bandwidth
    • Online use cases across WAN in shared bandwidth
  • Nstcp_default_tcp_lan
    • This profile is suitable for the LAN
    • Mostly to be used with servers in same datacenter
    • Useful when access is limited to same local network
  • Nstcp_default_tcp_lfp_thin_stream
    • Similar to Nstcp_default_tcp_lfp
    • Tuned for Small packets flow
  • Nstcp_default_tcp_lnp_thin_stream
    • Similar to Nstcp_default_tcp_lnp
    • Tuned for Small packets flow
  • Nstcp_default_tcp_lan_thin_stream
    • Similar to Nstcp_default_tcp_lap
    • Tuned for Small packets flow
  • Nstcp_default_tcp_interactive_stream
    • This profile is recommended to be used with
      • Chatty applications like telnet
      • Application virtualization environment
      • Small packet and quick feedback based Apps
    • Should work with different kind of networks
  • Nstcp_internal_apps
    • This profile is recommended only for Internal services
    • Should not be used for any other network service

Full credit to Citrite “Abhilash Verma” for taking time to write this stuff and the original writing could be found here