Citrix Session Remote Start

Configure Citrix Virtual Apps and Desktops REST API Credentials

January 15, 2025

Contributed by:

This configuration is required to launch resources identified by “tags” or by “AD groups” when using the scheduling service.

Overview

During the batch pre-launch process, if the tags or AD groups are specified, Session Remote Start uses the Citrix Virtual Apps and Desktops REST API to query resources associated with those tags.

This section focuses on the steps required to configure Session Remote Start to use the Citrix Virtual Apps and Desktops REST API. It can be skipped if there are no tag-related requirements.

Confirm that Session Remote Start server can connect to Citrix Virtual Apps and Desktops REST API Service

First, check whether Session Remote Start can reach the Citrix Virtual Apps and Desktops REST API Service. Normally, this service is hosted on the DDC.

Run the test script in the package:

For Citrix Virtual Apps and Desktops, run the 'CvadApiConnectivityCheck-OnPrem.ps1'
For Citrix DaaS, run the 'CvadApiConnectivityCheck-Cloud.ps1'.

Citrix Virtual Apps and Desktops REST api service

Create a user and store the Citrix Virtual Apps and Desktops REST API credentials

Session Remote Start requires a Citrix Virtual Apps and Desktops API credential to issue API requests to the REST API Service. The credential is stored under a user in the Windows Credential Manager.

For security reasons, avoid using a domain user if batch launch by AD group is not needed. Instead, create a local user.

Domain user

On the Domain Controller, create or use an existing Domain Service Account with the Read all user information permission delegated.

Open the Active Directory Users and Computer.
In the left pane, expand the directory tree and right-click your domain.
Select Delegate Control… from the context menu to open the Delegation of Control Wizard.
On the Session Remote Start server, navigate to the SessionRemoteStart folder in the installation package. Run the PowerShell script store-cred.ps1 as an administrator to configure the CVAD REST API credentials.
For the On-prem environment, provide the admin credential. For more information, see Citrix Virtual Apps and Desktops REST APIs.
For the DaaS environment, provide the client identity. For more information, see Citrix Cloud APIs.

A success message is displayed upon completion.

Create successful

Local user

The create-cred.ps1 script handles both tasks, creating the local user and storing the credential.

From the installation package, under the SessionRemoteStart folder, run the script create-cred.ps1 as an administrator. This will:

Create a local user for hosting Session Remote Start.
Configure the Citrix Virtual Apps and Desktops REST API credentials.
- For Citrix Virtual Apps and Desktops environment, provide the admin credential. (More details are here)
- For the Citrix DaaS environment, provide the client identity. (More details are here)

Configure Session Remote Start Application Pool

Overview

By default, IIS runs an application (site or service) under the ApplicationPoolIdentity for each unique application pool. Configure Session Remote Start to run under the previously created user identity by setting the Session Remote Start application pool to use the custom user:

Highlight SrsAppPool from the Application Pools and select Advanced Settings under the Edit Application Pool. Scroll down to Process Model > Identity and click the three dots.

Select Custom account, click Set, and enter the username and password of the user created for hosting Session Remote Start.

Note:

To manage AD groups instead of the user list, use the Domain Service Account configured in Create a user and store the CVAD REST API credentials.
Ensure the Application Pool’s setProfileEnvironment attribute is enabled.
- Navigate to the %windir%/system32/inetsrv/config folder.
- Open the applicationHost.config file.
- Locate the <system.applicationHost><applicationPools><SrsAppPool><processModel> element.
- Confirm that the setProfileEnvironment attribute is not present, which defaults the value to true, or explicitly sets the attribute’s value to true.

Note:

Ensure to restart SessionRemoteStart in IIS Manager UI or run iisreset command from the command prompt.

Configure Inbound Firewall Rules: Customers can specify the IP addresses and host names of the trusted services and StoreFront ensures that only these sources can communicate with Session Remote Start, see Configure Inbound Firewall Rules for steps.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Configure Citrix Virtual Apps and Desktops REST API Credentials

January 15, 2025

Contributed by:

January 15, 2025

Contributed by:

Configure Citrix Virtual Apps and Desktops REST API Credentials

Overview

Confirm that Session Remote Start server can connect to Citrix Virtual Apps and Desktops REST API Service

Create a user and store the Citrix Virtual Apps and Desktops REST API credentials

Domain user

Local user

Configure Session Remote Start Application Pool

Overview

In this article