Citrix Virtual Apps and Desktops

Acrobat products support deployment on Citrix Virtual Apps and Desktops (formerly XenApp and XenDesktop) on Windows machines. Since there are many ways to configure Acrobat products as well as Citrix servers, these instructions are intended as basic examples. Administrators may need to tailor these instructions to meet the requirements of their own environment.

Session vs. application virtualization

Session virtualization where installed applications are streamed to clients is supported. Application virtualization where a Streamed Profile package is delivered either to the Citrix Server or the end users computer is not. While Citrix supports both session virtualization and application virtualization, only the former where the application is hosted on a server is well tested. While streaming is unsupported, some forum users have figured out how to create a package and stream it to clients.

System requirements

• Product system requirements

Note that while testing occurs with the product listed below, intermediate Citrix versions are supported.

• Acrobat release Oct. 2018: Citrix 7.15 and Win Server 2016.

• Acrobat release Oct. 2016: Citrix XenDesktop 7.9, XenApp 7.9 and the latest hot fixes with 64-bit Win 7, 8, and 10, (pooled non persistent VMs).

• Acrobat release May 2016: Citrix XenDesktop 7.6 and the latest HotFixes with Win 7 64-bit and Win 8 64-bit (pooled non persistent VMs).

• October 13, 2015 update: Citrix XenApp 7.6 with Win 2012 Server Standard edition 64-bit.

Tested environments

Because there is an unlimited number of possible execution environments, Adobe confines its testing to common scenarios. For Citrix deployments, the environments used for testing were as follows:

• A user account was set up using Active Directory domain user group. The Anonymous User profile was not tested.

• The user account was set up on the server as non-privileged accounts. The user can operate the computer and save documents, but they cannot install programs or make changes to the system files or settings.

• The server machine was running typical enterprise software. For example, testing scenarios often include installing the latest versions of Microsoft Office Professional, Microsoft Internet Explorer, Microsoft Visio Professional Version, Microsoft Office Publisher, Microsoft Office Project Professional, Lotus Notes, and McAfee VirusScan Enterprise.

Citrix tuning

How you tune your environment depends on a number of factors such as the number of users, requisite features, PDF content, and so on. It is advisable to use this documentation as well as that provided by Citrix at https://support.citrix.com/search/basic/?searchQuery=Adobe+Acrobat&searchbtn.x=0&searchbtn.y=0.

Note

Admins may want to consider eliminating setup redundancy by using a provisioning server. You can configure the settings on that server and then use it to populate all other Citrix servers with the identical configurations.

• Disable Memory Optimization on 64-bit systems. For details, see https://support.citrix.com/article/CTX136287.

• Enable CPU Fair Sharing. Certain Acrobat operations can be very CPU hungry. Enabling Fair Sharing ensures that one or two processes do not hog the server’s CPU resources. See https://support.citrix.com/proddocs/topic/xenapp6-w2k8-admin/ps-cpu-utilization-features-v3.html.

• Microsoft: Apply all critical and recommended hotfixes and all hotfix rollup packs that Microsoft provides.

• Apply all critical and recommended hotfixes and all hotfix rollup packs that Citrix provides. Refer to https://support.citrix.com/article/ctx129229

Tuning for virtual envs

Tune the installer prior to imaging and deployment.

Tuning helps mitigate performance issues, simplifies the end user experience, and allows you to disable features and behaviors that should not be accessible to end users in an IT-managed environment.

• Install the latest product.

• Disable the updater.

• Accept the EULA on behalf of all users by setting the appropriate registry key.

• Use SUPPRESSLANGSELECTION on the command line at install time to disable user’s ability to change the language.

• If the product language should be different than the OS languages, set the language.

• Supress registration (there are multiple ways: Wizard, cmd line property, PRTK tool).

• Disable push notifications: Set bToggleNotifications to 0.

• Disable the Help > Repair Acrobat Installation menu by setting:

  • 32 bit machines: [HKLM\SOFTWARE\Adobe\(product name)\(version)\Installer] "Disable_Repair"

  • 64 bit machines: [HKLM\SOFTWARE\Wow6432Node\Adobe\(product name)\(version)\Installer] "Disable_Repair"

Scrolling performance

If scrolling performance is poor in graphic intensive documents, try the following:

1. Go to Edit > Preferences > Rendering.

2. Uncheck Smooth line art and Smooth images. Alternatively, you can set these preferences during pre-deployment configuration:

HKCU\Software\Adobe\Adobe Acrobat\<version>\Originals\bAntialiasGraphics: 0x00000000
HKCU\Software\Adobe\Adobe Acrobat\<version>\Originals\bAntialiasImages: 0x00000000

Distiller performance

• In some environments, Distiller performance may suffer if the messages.log file becomes too large after a number of Distiller operations. Delete this file periodically. It is located at \Application Data\Adobe\Acrobat\Distiller <version>\messages.log.

• Remove unused fonts from the Windows installation.

Folder permissions

Protected Mode will only work when the USERS group has the following permissions on the product installation folder: Read and execute, List folder contents, Read. For a default installation, the path might be C:\Program Files (x86)\Adobe\Acrobat Reader DC.

Other settings

There are over 500 other registry preferences documented in the Preference Reference . Use the Wizard or manual/scripted methods to customer the product.

Cursors

Citrix does not support scalable cursors. Disable scalable cursors by setting HKLM\SOFTWARE\WOW6432Node\Policies\Adobe\(product name)\(version)\FeatureLockdown\bShouldUseScalableCursor to 0.

Licensing

Only licensed users should have access to the virtual Acrobat instance. For more information, refer to the Software license terms.

Citrix deployments support the following licensing options:

• Named user licensing

• Serial numbers

• Feature restricted licensing

Enabling group access

Citrix offers the option to assign an application to a specific group of users irrespective how the application is deployed and provisioned. This can be done in the Limit Visibility section under Delivery Group in the Studio which lets you configure application users. In this scenario, the application is published globally but is visible only to the users listed in the Delivery Group.

Named user licensing

Named user licensing (NUL) is the preferred activation method.

DC products support NUL and user management via the Admin Console. The Console supports managing single user and group entitlements for all Adobe products as well as Single Sign-On. It also provides tools for managing software, users, and devices and support multiple ID types. With NUL, end users simply “activate” Acrobat by logging in to any VM or machine. License-related data is saved in the <user>/AppData/Roaming/Adobe/ folder which is synced to the VM on login.

Note

Trial installs and the Classic track do not support named user licensing.

Image-based deployment

1. Set up profile redirection. User profile data in <user>/AppData/Roaming/Adobe/ as well as the HKCU hive must sync to the VM instance on which the user logs in. Admins should ensure that such data is saved on user logout or disconnect. Some systems provide VM tools; for example, Citrix (Citrix Profile Management) and VMware Horizon (View Personal Management). At a minimum, sync the following:

• File: C:\Users\<User>\AppData\Roaming\Adobe\AdobeUserInfo

• Folders

  • C:\Users\<User>\AppData\Roaming\Adobe\OOBE

  • C:\Users\<User>\AppData\Roaming\Adobe\SLData

• HKCU\Software\ registries:

  • Adobe

  • Microsoft\Internet Explorer\Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93}

  • Microsoft\Internet Explorer\MenuExt

  • Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj

  • Wow6432Node\Google\Chrome\NativeMessagingHosts\com.adobe.acrobat.chrome_webcapture

2. Log in to the master image.

3. (Optional) Customize the installer with the Customization Wizard.

4. Install Acrobat on the master image by calling the default exe or the one you modified with the Wizard. Use the following command:

Setup.exe  /sALL /msi ROAMIDENTITY=1 ROAMLICENSING=1

5. Verify the following registry keys are present and the string (REG_SZ) values are 1 on the master image. If not, create the key and set the value as 1.

[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Licensing\UserSpecificLicensing]"Enabled"="1" (REG_SZ)
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Identity\UserSpecificIdentity]"Enabled"="1" (REG_SZ)

6. If you are using a Federated ID or connectors (like Dropbox), enable third party cookies:

   1. Choose Internet Explorer > Settings > Internet Options > Privacy > Advanced.

   2. For First-party cookies, choose Accept.

   3. For Third-party cookies, choose Accept.

7. Shut down the master image.

8. Take a snapshot of the master image.

9. Update all VM desktops with the new snapshot.

Note

Unlike serialized deployments, do not launch Acrobat on the master image.

Serialized deployments

Note

On November 30, 2019, some customers may see their serial numbers expire. To avoid interruption and to access the latest versions of the apps, migrate to named user licensing or update your serial number.

To image a machine with Acrobat, first generate a prov.xml file on an online machine and then create a permanent offline exception that is not machine specific. Note the following:

• Supported for volume licenses only.

• Acrobat need not be installed.

• The target machine must be online.

Steps:

1. Download the latest Adobe Provisioning Toolkit Enterprise Edition.

2. Open an elevated prompt (run as administrator).

3. Generate a prov.xml file on any machine connected to the internet using the following APTEE tool command line with the following options:

   • serial: The serial number

   • regsuppress=ss: Optional (but recommended); suppresses registration

   • eulasuppress: Optional; suppresses the EULA prompt

   • locales: Optional; specify from the limited list of locales in the formal xx_XX or ALL

   • provfile: Optional; path of the folder where prov.xml is created. If this parameter is not specified, prov.xml is created in the folder in which APTEE resides.

   • LEID:

     • Continuous Track: V7{}AcrobatCont-12-Win-GM

     • Classic Track 2020: V7{}AcrobatESR-20-Win-GM

     • Classic Track 2017: V7{}AcrobatESR-17-Win-GM

     • Classic Track 2015: V7{}AcrobatESR-12-Win-GM

adobe_prtk --tool=VolumeSerialize --generate --serial=<serialnum> --leid=<LEID of product> [--regsuppress=ss] [--eulasuppress]
[--locales=list of locales in xx_XX format or ALL>] [--provfilepath=<Absolute path to prov.xml>]

4. Install Acrobat on the master image.

5. On the master image, copy the prov.xml file created above.

6. Serialize and activate Acrobat using the following APTEE tool command line:

adobe_prtk --tool=VolumeSerialize [--provfile=<Absolute path to prov.xml>] --stream

7. For Acrobat Classic 2020 deployments, create and set IsNGLToAMTEnforced to 1.

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Adobe\Adobe Acrobat\2020\Activation]"IsNGLToAMTEnforced"=dword:00000001

For Acrobat DC deployments, create and set IsNGLToAMTEnforced to 1.

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Adobe\Adobe Acrobat\DC\Activation]"IsNGLToAMTEnforced"=dword:00000001

8. Launch Acrobat once for about a minute and close.

Note

Granting an offline exception using the Customization Wizard for an imaged OS deployment method is not supported. Use the PRTK tool.

Feature Restricted Licensing

Acrobat supports Feature Restricted Connected and Offline Licensing (FRL) in most virtual environments, including Citrix, VMWare, RDS/WTS, and App-V. Use this package type for end-users who:

• Cannot adopt named user licensing since they are not allowed to use online services.

• The users are periodically connected to the Internet (FRL connected).

• Restricted environment with no internet (FRL offline).

Support is limited to:

• Connected packages created via the Admin Console

• FRL offline

These high level steps do not supersede the details on the FRL page or the deployment steps below, but in general, use the Admin Console to create an FRL-enabled Acrobat package:

• Create license-only package from the Admin Console and deploy Acrobat from a standalone installer, OR

• Create an FRL package that embeds Acrobat.

Then, deploy as usual:

1. (Optional) Customize the installer with the Customization Wizard.

2. Log in to the master image.

3. Install the package on the master image. If you have created a license-only package, first run the Acrobat installer followed by the license-only package.

4. Shut down the master image.

5. Take a snapshot of the master image, and update all VM desktops.

Troubleshooting steps:

• Verify that FRL package is applied properly on the master image.

• Validate that ASNP, Certificates and Operating Configuration folders are present at C:\ProgramData\Adobe\<folder> on the master image.

• If present, remove HKLM\SOFTWARE\WOW6432Node\Adobe\Adobe Acrobat\DC\Activation\IsAMTEnforced.

Shared Device Licensing

Acrobat does not support Shared Device Licensing (SDL) in virtual environments.

However, SDL may prove useful to you in other business contexts. SDL is a licensing model to deploy and manage Adobe applications in labs and shared device setups, where multiple users use the devices and applications. The software license is assigned to a device or computer instead of an individual. SDL is ideal for computers in labs or classrooms, but is not designed for use on machines used by dedicated users. For dedicated users, we recommend you deploy named-user licenses. For more detail, see https://helpx.adobe.com/enterprise/using/sdl-deployment-guide.html

XenDesktop 7.15 installations

Adobe Acrobat installation scenarios include both Machine Creation Services and Provisioning Services.

Machine creation services

1. Login to the master image.

2. Install and update all the applications you want to provide to end users.

3. Switch off the master machine.

4. Take a snapshot of the master machine from the farm.

5. Update the virtual desktop to the latest snapshot:

   1. Log in to the Citrix Studio Server as an administrator.

   2. Open Citrix Studio.

   3. Inside the farm, click on Machine Catalog.

   4. Right click on the catalog you want to update; for example, Win 7 or 10.

   5. Choose Update Machine.

   6. Choose Next.

   7. Select the corresponding Master Image Latest Snapshot.

   8. Select a Rollout Strategy (Immediately. or Next Shutdown).

   9. Choose Next.

   10. Choose Finish.

Provisioning services

1. Login to the golden image server.

2. Install or update the application.

3. Go to HKLM\Software\WoW6432Node\Network Associate\ePolicy Orchestrator\Agent.

4. Delete the Agent GUID entry. (It makes the antivirus software independent of the machine until the next reboot thereby allowing it to work on the different servers that are booted by that vDisk.)

5. Shut down the server.

6. Log in to the PVS server and open the Provisioning Services console.

7. Go to Device Collection.

8. Check which disk is used to boot the main golden image server.

9. Copy the disk and rename it according to your organization’s naming convention (for recovery purposes).

10. Return to the Provisioning Services console.

11. Right click on vDisk Pool.

12. Click add or import Existing vDisks and add the newly created vDisk.

Recommended Settings:

1. Go to the newly added vDisk.

2. Right click and choose Mount.

3. Open regedit and Click file > load hive.

4. From the list, select System. A new hive named vDisk should now be present inside HKLM.

5. Go to HKLM > vDisk > Controlset001 > Services > tcpip > paramaters and make the following changes.

   1. Clear DhcpDomain.

   2. Clear DhcpNameserver.

   3. Clear HostName.

   4. Clear NameServer.

   5. Clear NV HostName.

6. Make the same changes in all the control sets.

7. Choose File > Unload Hive.

8. Open the PVS console again and unmount the vDisk.

Note

These settings help prevent name resolution conflicts on different servers.

13. Right click the selected vDisk, and choose Load Balancing.

14. Configure load balancing as desired.

15. Go to Collection.

16. Right click on the servers you want to boot the from new vDisk, and select Properties.

17. Go to the vDisk tab.

18. Remove the current vDisk.

19. Add the required vDisk for all the servers individually.

20. Select each server, and send the restart command. Wait for the servers to restart from the new vDisk.

21. Go to the Citrix Studio server.

22. Click on the XenApp server.

23. From the right-hand menu select Add application.

24. From the start menu list, select the applications you want to add and choose Next.

25. Click Finish.

XenDesktop 7.6 installations

1. XenDesktop parent image update process:

   1. Log in to the master image.

   2. Install or update the application.

   3. Take the snapshot.

2. Virtual desktop update process:

   1. Log in to Citrix Studio.

   2. Open Citrix Studio.

   3. Click on Machine Catalog.

   4. Right click on Catalog.

   5. Choose Update Machines.

   6. Choose Next.

   7. Select the Master Image latest Snapshot.

   8. Select a Rollout Strategy.

   9. Choose Next.

   10. Choose Finish.

Client-side Citrix access

This document describes how to use Citrix to access Acrobat via a web interface and the Program Neighborhood Client. Other options are possible. For example, publishing an entire desktop as well as PNA Agent.

Accessing Acrobat via the Citrix Web Interface

1. Install the Citrix web client locally by running XenAppWeb.msi.

2. Open Internet Explorer and enter the server URL.

3. Enter your credentials.

4. Choose Log On.

5. Double click on any Acrobat or Reader shortcut.

Citrix Maps your local drive with the server. Accessing any local file causes Citrix to open an ICA File Security dialog which asks to allow the server to access your local drive. If you select full access, Citrix maps your both your local drive and printer driver to the server hosted application so that you can seamlessly use the applications.

Accessing Acrobat via the Program Neighborhood Client

1. Install the Citrix hosted client locally by running XenAppHosted.msi. Doing so installs the Web Client, Program Neighborhood Agent, and Program Neighborhood.

2. Use the installation setup details provided by the Citrix administrator.

3. Double click the Citrix Program Neighborhood icon to open Custom ICA Connection dialog.

4. Choose File >Custom Connections Settings.

5. Verify Network Protocol Connection is set to HTTP/HTTPS on the Connection tab.

6. Verify Server Group is set to Primary.

7. Choose ADD.

8. Enter the server details provided by the Citrix administrator

9. Choose OK.

10. Choose Add ICA Connection.

11. Set Custom ICA connection to Local Area Network.

12. Choose Next.

13. Enter a name for the ICA Connection.

14. Set Network Protocol to TCP/IP+HTTP.

15. Select the Server radio button.

16. Enter your server name or select one from drop down list.

17. Choose the Published Application radio button.

18. Select Acrobat or Reader from the drop down list.

19. Select a view for the published application.

20. Choose Next.

21. Leave the Encryption Level as default.

22. Choose Next. In the log-in Window dialog, do not provide any credential information.

23. Leave Windows color as default.

24. Choose Next.

25. Choose Finish.

An ICA connection icon is created with the name you provided. Double click this icon to launch the application.

FAQs

Is AppLocker a supported way to restrict access to Acrobat?

No. While it may work, it is untested. Admins have reported Windows Explorer issues when using AppLocker to restrict access to Acrobat on Citrix.

Is Citrix App Layering supported?

No.

Known issues common to virtual installs

• Push notifications to specific users are unsupported.

• If users sign in on both a virtual environment and a physical machine, then they may be randomly signed out from a physical machine. This is because users can activate Acrobat on multiple virtual machines while only two activations are allowed per user. The current implementation provides an over activation workflow for these environments which does not force users to see or interact with any dialogs.

• Volume licenses are deleted when multiple users launch the product simultaneously before it is activated.

• In the Help menu, signed-in users are not shown as signed-in on subsequent sessions.

• Users may appear as signed-in on the Help menu even if they are signed out from the Creative Cloud Desktop application or signed out of the current session.

• Signing in with IDs having no subscriptions may result in random failures.

Why do I see an error that my license is expired or not activated?

Users must launch Acrobat prior to using “Print to PDF”, the Microsoft Office Acrobat plugin, or any other PDF Maker features.

Citrix-specific known issues

The following are known issues for Acrobat products on Citrix:

• All versions: Acrobat Standard and Reader users can run repair from the help menu on Vista and above. If a reboot is required, the Citrix server hosting the application will be restarted. To prevent this problem, create a JavaScript file (.js) containing (app.hideMenuItem("DetectAndRepair");) and place it in the <root>\Reader <version>\Reader\Javascripts directory.

• All versions: Acrobat’s PDF generation capabilities embedded in 3rd party products (PDFMaker) and Adobe PDF Printer do not currently check Citrix licensing restrictions. Even users who don’t have access to the Acrobat application may be able to use Acrobat PDFMaker and Adobe PDF Printer.