The Citrix Self-Service Session Reset Tool is software that I write and manage in my own time. It is often challenging to find the time to work on it as I have many projects on the go. And life in general often gets in the way. I get a lot of queries asking me when the next release will be available and if the feature they are looking for will be included. Rather than continually updating the main article, and responding to queries, I wanted to document where the project is at and what further work is to be completed.
Version 1.9 was the last public release back on 1st June 2022.
I’m working on the following before the next version can be publicly released, which I’m planning for June 2025:
- Securing the API secret information in the CtxSites.xml file
- JavaScript Bug
- Refactor Code
- Enable/Disable Maintenance Mode API
- Citrix PowerShell SDK Bug
I then plan on doing another small release with the following changes:
- Citrix PowerShell SDK Max Record Count Limits
- Refactor Code
The following are larger changes that will take time to complete:
- New Blazor User Interface
- Help Desk Version (may not be a free product)
- Refactor Code
Securing the API secret information in the CtxSites.xml file
From a Cyber Security requirements point of view, Customers would like the API secret information further secured. I came up with the the following 2 options:
- Reverse the client secret. If your secret is 12345, you would enter it as 54321 ? I would add a property to Web.Config so I know to reverse the string or not. I feel it’s a bit of a lazy solution.
- We can encode it with your algorithm of choice. I would need to add a property to Web.Config so it knows which algorithm to use to decode it. If your secret is 12345 and you encode it with SHA256, the hash for your client secret would be 5994471abb01112afcc18159f6cc74b4f511b99806da59b3caf5a9c173cacfc5. You can use tools like the Online MD5 Hash Calculator to create the hash. I would add a property to Web.Config for you to set so I know what algorithm to use to decode it.
For both solutions I would also add instructions so the new settings in the Web.Config are encrypted by using the aspnet_regiis.exe command line tool. This will make reverse engineering more difficult and should satisfy Cyber Security requirements.
JavaScript Bug
I believe I’ve found a bug with the version of jQuery I’m using in the SSSRT. Sometimes the SSSRT doesn’t initialise correctly in Edge or Chrome. We only see the logoff option. And when a user tries to logoff a session, it doesn’t work. It would be related to the fetch with an async await section. Perhaps a timing or race condition. I’m changing the code around a bit to see if I can address it formally. As I’m unable to make it fail, it will be difficult to know if the issue has been addressed without ongoing feedback.
Refactor Code
The CreatePipeline() API is informally deprecated. I am changing the code over to use [PowerShell]::Create() instead, which also creates a runspace. There is also quite a bit of code clean-up I want to do. However, refactoring is a continual job, so this will be done gradually over the next few releases.
Enable/Disable Maintenance Mode API
I had added the code in readiness for the Help Desk version.
I will probably also leverage this API functionality for a separate tool I’ve created called the Computer Restart Service. The VDA’s don’t have the smarts to place themselves into maintenance mode using the good old “drain mode” process locally, so the Computer Restart Service that will run on the VDA’s will have the smarts to use this API to do just that.
Citrix PowerShell SDK Bug
I was working on the code for the Help Desk version some time ago, when I found a bug in the Citrix PowerShell SDK.
When using the Get-BrokerDesktopGroup and/or Get-BrokerCatalog cmdlets from the SDK and connecting to a 7.15 Delivery Controller, the Scopes property is returned with no objects! However when running these locally on the Delivery Controllers the output is correct. Connecting to 1912 and 2203 Delivery Controllers do not present such an issue. When I was working on this, my employer at the time still had 18 sites on 7.15, so I wanted to allow for that backward compatibility. The reason behind this was to use the scopes to allow me to delegate remote management of the Session Hosts through my tool, without using Director. This would make it easier for supervisors/team leaders/line managers to clear sessions holding files and licenses open when people go off-shift. This is a problem in a mining company where the platform is used 24×7.
I burnt many many hours on this before realising that it was a bug and escalating to Citrix.
After an investigation Citrix found that the ScopeReference is defined in a different namespace between 7.15 and 1912. They actually moved it to a different namespace without thinking, which broke things! So when the broker service sends the response, the PowerShell client side can not deserialize properly, thus it get a null value for Scopes for Get-BrokerDesktopGroup and Get-BrokerCatalog. As Citrix had made significant changes to the PowerShell modules, this was unable to be fixed/reversed.
Thankfully the workaround is to use the Get-BrokerScopedObject to get Scope name. It’s a bit more messing about with code, but it works.
However, given the amount of time that has passed and with 7.15 being out of support, I may just continue on with the Get-BrokerDesktopGroup cmdlet and not be concerned about backward compatibility.
Citrix PowerShell SDK Max Record Count Limits
Even though Citrix reneged on their Announcing Remote PowerShell SDK Record Limits and will no longer implement changes to impose SDK record limits, they still strongly encourage every customer to use filtering or a reasonable MaxRecordCount. They state that their data indicates that customers with the best response times have MaxRecordCount less than 5000. Therefore I’ve re-written the usages of Get-BrokerSession to make them more efficient.
Language Localization
Using the i18next JavaScript framework, I was able to create the functionality so the text instructions can be pulled from a language translation files based on the Web Browser language settings. This was very challenging, but I did eventually get it working well.
New Blazor User Interface
After fighting too many unexplained JavaScript and jQuery challenges, and inspired by Dave Brett’s PROFiLiX Server project, I have decided to move the interface to Blazor. I’ve been super impressed with version 8 and 9. All the work I’ve completed for the i18next JavaScript framework will not go to waste as it was a huge learning curve for me.
Help Desk Version (will not be a free product)
As mentioned under the Citrix PowerShell SDK Bug section, I’m working a Help Desk version that will use the Scopes against Delivery Groups to allow groups of people like Help Desk, Team leaders, Line Managers to clear sessions on behalf of others.
Jeremy Saunders
Latest posts by Jeremy Saunders (see all)
- Microsoft High Performance Computing (HPC) Pack 2019 Service Resilience - February 19, 2025
- Development Planning for the Citrix Self-Service Session Reset Tool - February 19, 2025
- The Micromine Alastri Hub Launcher Tool that leverages a RAM Disk for Temporary Data - February 17, 2025