This is a guest blog post from Senthil Arumugam, Sr. Partner Solutions Architect at Amazon Web Services.

When a customer runs into issues while migrating Citrix infrastructure to cloud, it’s usually around creating the image from scratch. Customers who want to test or do a POC often ask me how they can get their production image imported to their AWS account so they don’t have to build their image from scratch. Because the image has been maintained for years, it’s hard to recreate the image to match the production quality. It’s also a complex and lengthy process.

In this blog post, I’ll show you how to export your production domain joined image and import it into AWS in your test/POC domain. This prescriptive guidance calls out the usual issues you will face when importing your image from one domain to other and the workarounds for the same, enabling you to make your cloud journey faster and easier.

The first step is to export your image into AWS cloud as an EC2 (Elastic Cloud Compute) AMI (Amazon Machine Image). Keep reading to learn more about exporting the image.

Using the Import/Export Tools

VM Import/Export offers several ways to import your virtual machine into Amazon EC2. The first is to import your VM image using the AWS CLI tools. To get started, simply:

  • Download and install the AWS Command Line Interface.
  • Verify that your VM satisfies the prerequisites for VM Import, prepare it for import, and export it from its current environment as an OVA file (or VMDK, VHD, or RAW).
  • Upload the VM image to S3 using the AWS CLI. Multi-part uploads will provide improved performance. As an alternative, you can also send the VM image to AWS using the AWS Import.
  • Once the VM image is uploaded, import your VM using the ec2 import-image command. As part of this command, you can specify the licensing model and other parameters for your imported image.
  • Use the ec2 describe-import-image-tasks command to monitor the import progress.
  • Once your import task is complete, you can use the ec2 run-instances command or Launch instance from the AWS console to create an Amazon EC2 instance from the AMI generated during the import process.

Alternatively, if you use the VMware vSphere virtualization platform, you can use the AWS Management Portal for vCenter, which provides you with a simple graphical user interface to import your virtual machines. Learn more about the AWS Management Portal for vCenter.

Disclaimer

Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix/AWS cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk, and be sure to back up the registry before you edit it.

Get Started

Now that you have your image as an Amazon Machine Image,

  1. Launch new instance from the AMI that was imported into the AWS account.
  2. RDP into the server with a local admin account
  3. Clean all the unwanted cached profiles from the previous domain. (This can be done from the Advanced System Properties.)

The image you built will be attached to new domain, and cached profiles in the images are only for disk space utilization.

  1. Uninstall unwanted drivers and tools like VMware tools, XenTools, systems management tools, backup client, etc.
  2. Disjoin the domain and add it to Workgroup (before rebooting the server, perform all the steps until step 11).
  3. Open Registry and delete these keys, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft key in the left pane and expand it.
  4. Locate the MSLicensing key, right click it, and choose Delete from the menu.
  5. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\Current\ControlSet\Control\Terminal Server\RCM.
  6. Right click permissions → Add Local Administrator Account with Full permission rights.
  7. Expand the RCM key, and locate the GracePeriod. Now delete or rename the GracePeriod key.
  8. Reboot the server, log back in to the server as local admin, and join it to your target domain (Test/Dev/POC).

Delete the MSLicensing key to clear the RDS CAL (remote desktop service client access license) cached in the image. Because the server is disjoined from the previous domain, the cached license will be invalidated because the server cannot reach the RDS licensing server to validate it. By clearing this cached license, the RDS server will get a new temporary CAL, which can be validated against the new RDS licensing server in the target/destination domain.

In Windows Server 2012 R2 and earlier versions, when a user logs on to a terminal server, the RCM contacts the domain controller (DC) to query the configurations that are specific to the remote desktop on the user object in Active Directory Domain Services (AD DS). This information is displayed in the Remote Desktop Services Profile tab of the user object properties in the Active Directory Users and Computers MMC snap-in.

Starting in Windows Server 2016, RCM no longer queries the user object in AD DS. If you require RCM to query AD DS because you are using the Remote Desktop Services attributes, you must manually enable RCM.

The next step is to clean up the VDA installed in the image,

  1. Uninstall all Citrix VDA by running the VDA cleanup utility. (Refer to CTX209255 if you need further details on this utility.)
  2. After the VDA uninstall, the server will reboot, and it will NOT allow RDP connections. Your RDP client will receive an error like the screenshot shown below.

The above error is caused because the RDP listener may get corrupted with domain disjoint, RDS CAL reset, and VDA uninstall. To fix this error, reset the RDP listener. To resolve this error, you need another server in the network where you can RDP in to and connect to the remote registry of the server for which you are preparing the image for.

  1. RDP in to another server in the network, then open the registry editor.
  2. Click on File → Connect to Network Registry.

  1. Under the Network Registry, navigate to, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp
  2. There are two values of significance:
    • CitrixBackupRdpTcpLoadableProtocolObject (REG_SZ)
    • LoadableProtocol_Object (REG_SZ)

  1. For W2K12R2 and above, modify the Registry entry LoadableProtocol_Object and set its value as {5828227c-20cf-4408-b73f-73ab70b8849f}, including the curly braces.
  2. Delete the CitrixBackupRdpTcpLoadableProtocolObject value
  3. Restart the Remote Desktop Services on the affected machine. This can also be done remotely, open the Services console on another server and right-click Services (Local), select Connect to another computer, enter the name of the affected server, and click OK.

Once connected to the remote server services, find “Remote Desktop Services”(RDS) and right click the service and restart the service (refer the screen shot below)

After restarting the RDS service on the server, the RDP should work as expected.

  1. RDP in to the VDA Server and uninstall all versions of VC++ Redistributable packages from the programs and feature Control Panel.
  2. Reboot the server.
  3. Once the VDA server is up again, RDP in to the VDA server, log in as the local administrator, and add “<Your Domain>\Domain admins” and “<Your Domain>\ required AD group” to Local Administrators and Remote Desktop Users.

  1. Reboot the server.
  2. RDP as “<Your Domain>\Admin
  3. Open RegEdit and browse to the key HKLM\Software\WOW6432Node\Citrix and add <Your Domain>\admin –> full control in permissions

In this document I am installing VDA version 7.15. These instructions apply to any 7.x version of VDA you choose to install in your image.

  1. Install Citrix VDA 7.15.
  2. While you run the installed for VDA, you may receive this error. If you don’t get this error, you can skip step 29.

  1. Browse to XD 7.15 CU5 LTSR\x64\Virtual Desktop Components\TS folder in your Install media and install IcaTS_x64.msi. If you notice “unable to register .tlb,” click ignore to continue. After the install of IcaTSx64, re-run Citrix VDA 7.15 setup. This time the install should finish successfully.
  2. Reboot the server and log in as Admin.
  3. Open the registry editor and browse to this key: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\VirtualDesktopAgent. Create a String Value named “ListOfDDCs” and set the value. The value should be FQDN of the XenDesktop Delivery Controller “DDCServerName.<Your Domain>.com“.

  1. Reboot the server.
  2. Login to Citrix Studio and create required Machine catalogs, Delivery Group and Published applications.

Conclusion

It’s time consuming to build a Citrix VDA server image from scratch, even with the required applications installed. A faster approach is to lift and shift your image to your POC or test environment when you are planning your cloud migration. This post will help you to get started on your Citrix migration to AWS cloud faster and to address challenges you might face.

Additional Resources