Development Planning for the Citrix Self-Service Session Reset Tool

by Jeremy Saunders on February 19, 2025

The Citrix Self-Service Session Reset Tool is software that I write and manage in my own time. It is often challenging to find the time to work on it as I have many projects on the go. And life in general often gets in the way. I get a lot of queries asking me when the next release will be available and if the feature they are looking for will be included. Rather than continually updating the main article, and responding to queries, I wanted to document where the project is at and what further work is to be completed.

SSSRT Kanban

Version 1.9 was the last public release back on 1st June 2022.

Why not ditch my APIs and use the Citrix Virtual Apps and Desktops REST APIs that are now included with on-prem Delivery Controllers from version 2209 or later?

I work in the Mining Industry where we have OT (Operational Technology) networks, also known as PCN (Process Control Network). This is a typical setup within the mining, oil and gas industries, as well as utilities such as water and electricity. Some have their own AD domain with no trusts. But they all typically have a separate Citrix Site due to risk mitigation and change management requirements. In a large mining company many of these sites are still 2203 LTSR or less. Until these platforms have been upgraded to 2402 LTSR or later, I cannot leverage the built in Citrix APIs, and will continue to leverage the PowerShell SDK that my APIs are built on. Apart from that, I also wanted to be inclusive and did not want to place others at a disadvantage that are still running older versions.

But if you are running 2209 and above, or just using Citrix DaaS (Cloud), the APIs are there for you to leverage. So all you need to do is create a cool user interface (UI) using a Blazor Server Application.

I’m working on the following before the next version can be publicly released, which I’m planning for June 2025:

  • Securing the API secret information in the CtxSites.xml file
  • JavaScript Bug
  • Refactor Code
  • Enable/Disable Maintenance Mode API
  • Citrix PowerShell SDK Bug

I then plan on doing another small release with the following changes:

  • Citrix PowerShell SDK Max Record Count Limits
  • Refactor Code

The following are larger changes that will take time to complete:

  • New Blazor User Interface
  • Help Desk Version (may not be a free product)
  • Refactor Code

Securing the API secret information in the CtxSites.xml file

From a Cyber Security requirements point of view, Customers would like the API secret information further secured. I came up with the the following 2 options:

  1. Reverse the client secret. If your secret is 12345, you would enter it as 54321 ? I would add a property to Web.Config so I know to reverse the string or not. I feel it’s a bit of a lazy solution.
  2. We can encode it with your algorithm of choice. I would need to add a property to Web.Config so it knows which algorithm to use to decode it. If your secret is 12345 and you encode it with SHA256, the hash for your client secret would be 5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5. You can use tools like the Online MD5 Hash Calculator to create the hash. I would add a property to Web.Config for you to set so I know what algorithm to use to decode it.

For both solutions I would also add instructions so the new settings in the Web.Config are encrypted by using the aspnet_regiis.exe command line tool. This will make reverse engineering more difficult and should satisfy Cyber Security requirements.

JavaScript Bug

I believe I’ve found a bug with the version of jQuery I’m using in the SSSRT. Sometimes the SSSRT doesn’t initialise correctly in Edge or Chrome. We only see the logoff option. And when a user tries to logoff a session, it doesn’t work. It would be related to the fetch with an async await section. Perhaps a timing or race condition. I’m changing the code around a bit to see if I can address it formally. As I’m unable to make it fail, it will be difficult to know if the issue has been addressed without ongoing feedback.

Refactor Code

The CreatePipeline() API is informally deprecated. I am changing the code over to use [PowerShell]::Create() instead, which also creates a runspace. There is also quite a bit of code clean-up I want to do. However, refactoring is a continual job, so this will be done gradually over the next few releases.

Enable/Disable Maintenance Mode API

I had added the code in readiness for the Help Desk version.

I will probably also leverage this API functionality for a separate tool I’ve created called the Computer Restart Service. The VDA’s don’t have the smarts to place themselves into maintenance mode using the good old “drain mode” process locally, so the Computer Restart Service that will run on the VDA’s will have the smarts to use this API to do just that.

Citrix PowerShell SDK Bug

I was working on the code for the Help Desk version some time ago, when I found a bug in the Citrix PowerShell SDK.

When using the Get-BrokerDesktopGroup and/or Get-BrokerCatalog cmdlets from the SDK and connecting to a 7.15 Delivery Controller, the Scopes property is returned with no objects! However when running these locally on the Delivery Controllers the output is correct. Connecting to 1912 and 2203 Delivery Controllers do not present such an issue. When I was working on this, my employer at the time still had 18 sites on 7.15, so I wanted to allow for that backward compatibility. The reason behind this was to use the scopes to allow me to delegate remote management of the Session Hosts through my tool, without using Director. This would make it easier for supervisors/team leaders/line managers to clear sessions holding files and licenses open when people go off-shift. This is a problem in a mining company where the platform is used 24×7.

I burnt many many hours on this before realising that it was a bug and escalating to Citrix.

After an investigation Citrix found that the ScopeReference is defined in a different namespace between 7.15 and 1912. They actually moved it to a different namespace without thinking, which broke things! So when the broker service sends the response, the PowerShell client side can not deserialize properly, thus it get a null value for Scopes for Get-BrokerDesktopGroup and Get-BrokerCatalog. As Citrix had made significant changes to the PowerShell modules, this was unable to be fixed/reversed.

Thankfully the workaround is to use the Get-BrokerScopedObject to get Scope name. It’s a bit more messing about with code, but it works.

However, given the amount of time that has passed and with 7.15 being out of support, I may just continue on with the Get-BrokerDesktopGroup cmdlet and not be concerned about backward compatibility.

Citrix PowerShell SDK Max Record Count Limits

Even though Citrix reneged on their Announcing Remote PowerShell SDK Record Limits and will no longer implement changes to impose SDK record limits, they still strongly encourage every customer to use filtering or a reasonable MaxRecordCount. They state that their data indicates that customers with the best response times have MaxRecordCount less than 5000. Therefore I’ve re-written the usages of Get-BrokerSession to make them more efficient.

Language Localization

Using the i18next JavaScript framework, I was able to create the functionality so the text instructions can be pulled from a language translation files based on the Web Browser language settings. This was very challenging, but I did eventually get it working well.

New Blazor User Interface

After fighting too many unexplained JavaScript and jQuery challenges, and inspired by Dave Brett’s PROFiLiX Server project, I have decided to move the interface to Blazor. I’ve been super impressed with version 8 and 9. All the work I’ve completed for the i18next JavaScript framework will not go to waste as it was a huge learning curve for me.

The plan is to build the Blazor interface so that it leverages my own APIs as well as the Citrix Virtual Apps and Desktops REST APIs.

Help Desk Version (will not be a free product)

As mentioned under the Citrix PowerShell SDK Bug section, I’m working a Help Desk version that will use the Scopes against Delivery Groups to allow groups of people like Help Desk, Team leaders, Line Managers to clear sessions on behalf of others.

Jeremy Saunders

Jeremy Saunders

Technical Architect | DevOps Evangelist | Software Developer | Microsoft, NVIDIA, Citrix and Desktop Virtualisation (VDI) Specialist/Expert | Rapper | Improvisor | Comedian | Property Investor | Kayaking enthusiast at J House Consulting
Jeremy Saunders is the Problem Terminator. He is a highly respected IT Professional with over 35 years’ experience in the industry. Using his exceptional design and problem solving skills with precise methodologies applied at both technical and business levels he is always focused on achieving the best business outcomes. He worked as an independent consultant until September 2017, when he took up a full time role at BHP, one of the largest and most innovative global mining companies. With a diverse skill set, high ethical standards, and attention to detail, coupled with a friendly nature and great sense of humour, Jeremy aligns to industry and vendor best practices, which puts him amongst the leaders of his field. He is intensely passionate about solving technology problems for his organisation, their customers and the tech community, to improve the user experience, reliability and operational support. Views and IP shared on this site belong to Jeremy.
Jeremy Saunders

@jeremysaunders

Jeremy Saunders

Tagged as: Blazor, C#, Citrix Self-Service, Citrix Self-Service Session Reset, Citrix Virtual Apps & Desktops, Citrix Virtual Apps and Desktops, JavaScript, jQuery, PowerShell SDK

Previous post:

Next post: