Universal Print Server policy settings
The Universal Print Server section contains policy settings for handling the Universal Print Server.
SSL cipher suite
This setting specifies the set of SSL/TLS cipher suites used by the Universal Print Client for encrypted print data stream (CGP) connections.
To control the cipher suite package used by the Universal Print Client for encrypted print web service (HTTPS/SOAP) connections, see [SCHANNEL].
Default value: ALL
This setting has the following values: ALL, COM or GOV.
The cipher suites corresponding to each value are listed below:
ALL:
TLS_ECDHE_RSA_AES256_GCM_SHA384
TLS_ECDHE_RSA_AES256_CBC_SHA384
TLS_ECDHE_RSA_AES128_CBC_SHA
COM:
TLS_ECDHE_RSA_AES128_CBC_SHA
GOV:
TLS_ECDHE_RSA_AES256_GCM_SHA384
TLS_ECDHE_RSA_AES256_CBC_SHA384
SSL compliance mode
This setting specifies the level of compliance with NIST Special Publication 800-52 that is used by the Universal Print Client for encrypted print data stream (CGP) connections.
Default value: None.
This setting has the following values:
None.
The encrypted print data stream (CGP) connections use the default compliance mode.
SP800-52.
The encrypted print data stream (CGP) connections use the NIST Special Publication 800-52 compliance mode.
SSL enabled
This setting specifies whether SSL/TLS is used by the Universal Print Client for print data stream (CGP) connections and for web service (HTTP/SOAP) connections.
When you set Universal Print Server enable to Enabled with fallback to Windows’ native remote printing, fallback connections are made by the Microsoft Windows Network Print Provider. This setting does not affect these fallback connections.
Default value: Disabled
This setting has the following values:
Enabled.
The Universal Print Client uses SSL/TLS to connect to the Universal Print Server.
Disabled.
The Universal Print Client uses SSL/TLS to connect to the Universal Print Server.
SSL FIPS mode
This setting specifies whether the SSL/TLS cryptographic module used by the Universal Print Client for print data stream (CGP) connections will run in FIPS mode.
Default value: Disabled
This setting has the following values:
Enabled.
FIPS mode is on.
Disabled.
FIPS mode is off.
SSL protocol version
This setting specifies the SSL/TLS protocol version used by the Universal Print Client.
Default value: ALL
This setting has the following values:
ALL.
Use TLS versions 1.0, 1.1 or 1.2.
TLSv1.
Use TLS version 1.0.
TLSv1.1.
Use TLS version 1.1.
TLSv1.2.
Use TLS version 1.2.
SSL Universal Print Server encrypted print data stream (CGP) port
This setting specifies the TCP port number of the Universal Print Server encrypted print data stream (CGP) port. This port receives data for print jobs.
Default value: 443
SSL Universal Print Server encrypted web service (HTTPS/SOAP) port
This setting specifies the TCP port number of the Universal Print Server encrypted web service (HTTPS/SOAP) port. This port receives data for print commands.
Default value: 8443
Universal Print Server enable
This setting enables or disables the Universal Print Server feature on the virtual desktop or the server hosting applications. Apply this policy setting to Organizational Units (OUs) containing the virtual desktop or server hosting applications.
By default, the Universal Print Server is disabled.
When adding this setting to a policy, select one of the following options:
- Enabled with fallback to Windows native remote printing. Network printer connections are serviced by the Universal Print Server, if possible. If the Universal Print Server is not available, the Windows Print Provider is used. The Windows Print Provider continues to handle all printers previously created with the Windows Print Provider.
- Enabled with no fallback to Windows native remote printing. Network printer connections are serviced by the Universal Print Server exclusively. If the Universal Print Server is unavailable, the network printer connection fails. This setting effectively disables network printing through the Windows Print Provider. Printers previously created with the Windows Print Provider are not created while a policy containing this setting is active.
- Disabled. The Universal Print Server feature is disabled. No attempt is made to connect with the Universal Print Server when connecting to a network printer with a UNC name. Connections to remote printers continue to use the Windows native remote printing facility.
Universal Print Server print data stream (CGP) port
This setting specifies the TCP port number used by the Universal Print Server print data stream Common Gateway Protocol (CGP) listener. Apply this policy setting only to OUs containing the print server.
By default, the port number is set to 7229.
Valid port numbers must be in the range of 1 to 65535.
Universal Print Server print stream input bandwidth limit (kpbs)
This setting specifies the upper boundary (in kilobits per second) for the transfer rate of print data delivered from each print job to the Universal Print Server using CGP. Apply this policy setting to OUs containing the virtual desktop or server hosting applications.
By default, the value is 0, which specifies no upper boundary.
Universal Print Server web service (HTTP/SOAP) port
This setting specifies the TCP port number used by the Universal Print Server’s web service (HTTP/SOAP) listener. The Universal Print Server is an optional component that enables the use of Citrix universal print drivers for network printing scenarios. When the Universal Print Server is used, printing commands are sent from Citrix Virtual Apps and Desktops hosts to the Universal Print Server via SOAP over HTTP. This setting modifies the default TCP port on which the Universal Print Server listens for incoming HTTP/SOAP requests.
You must configure both host and print server HTTP port identically. If you do not configure the ports identically, the host software will not connect to the Universal Print Server. This setting changes the VDA on Citrix Virtual Apps and Desktops. In addition, you must change the default port on the Universal Print Server.
By default, the port number is set to 8080.
Valid port numbers must be in the range of 0 to 65535.
Universal Print Servers for load balancing
This setting lists the Universal Print Servers to be used to load balance printer connections established at session launch, after evaluating other Citrix printing policy settings. To optimize printer creation time, Citrix recommends that all print servers have the same set of shared printers. There is no upper limit to the number of print servers which can be added for load balancing.
This setting also implements print server failover detection and printer connections recovery. The print servers are checked periodically for availability. If a server failure is detected, that server is removed from the load balancing scheme, and printer connections on that server are redistributed among other available print servers. When the failed print server recovers, it is returned to the load balancing scheme.
Click Validate Servers to check that each server is a print server, that the server list doesn’t contain duplicate server names, and that all servers have an identical set of shared printers installed. This operation may take some time.
Universal Print Servers out-of-service threshold
This setting specifies how long the load balancer should wait for an unavailable print server to recover before it determines that the server is permanently offline and redistributes its load to other available print servers.
By default, the threshold value is set to 180 (seconds).
In this article
- SSL cipher suite
- SSL compliance mode
- SSL enabled
- SSL FIPS mode
- SSL protocol version
- SSL Universal Print Server encrypted print data stream (CGP) port
- SSL Universal Print Server encrypted web service (HTTPS/SOAP) port
- Universal Print Server enable
- Universal Print Server print data stream (CGP) port
- Universal Print Server print stream input bandwidth limit (kpbs)
- Universal Print Server web service (HTTP/SOAP) port
- Universal Print Servers for load balancing
- Universal Print Servers out-of-service threshold