Citrix Remote PowerShell SDK error: “Could not establish trust relationship for the SSL/TLS secure channel with authority ‘localhost’.”

If you see the following error when trying to run cmdlets from the Citrix Remote PowerShell SDK

Check and make sure you are running PowerShell in its 64-bit flavour, and not 32-bit (x86).


I had this issue recently when automating some tasks with Jenkins talking to Citrix Cloud, using the Citrix Remote PowerShell SDK:

On the same host as Jenkins, if I ran a PowerShell shell, and ran the exact same script, it’d work fine.

If I ran it in Jenkins, it would fail with an error like this:

Root Cause

The root cause is there’s something up with 32-bit PowerShell and the Citrix Remote PowerShell SDK.

Jenkins runs the 32-bit version of PowerShell because Jenkins itself is 32-bit. The reason the script worked in a PowerShell shell on the Jenkins host, was because the default on Windows is 64-bit PowerShell. As soon as I forced PowerShell 32-bit, I could reproduce the problem.

The Fix

The fix is to force Jenkins to use PowerShell 64-bit. There’s two options I found:

  1. You can workaround it with some good tips here:
  2. Or you can fix it fully by making Jenkins run on 64-bit Java:

A quick Citrix microapp hack to get notifications when there’s a Citrix Security Bulletin

Credit to Gabe Carrejo and the Patrick Quinlan for their work on this.

It’s possible to use the Citrix Support Security Bulletin RSS feed with Citrix microapps to notify you (or a group) when there’s a new Security Bulletin from Citrix

Rough Steps:

  1. Copy this RSS URL:
  2. If you want to narrow the feed down to a specific product or category, look for the category tags in the RSS feed and add them when you add the RSS integration in step 3
    • Some examples, in case they help:
  3. Follow the RSS microapp guide here and replace the blogs RSS URL with the Security Bulletin URL:

Of course, you don’t need to use microapps to get Security Bulletins (you could just use an RSS reader) but it’s a very neat use case – and combined with Push Notification with Workspace, means you get a notification to your phone when there’s a new Bulletin. Great idea, Gabe!

A full list of feeds available from Citrix Support are here:

Building a simple Citrix microapp that shows blog posts from a WordPress RSS feed


This post will cover how to setup a simple microapp that anyone with access to the Citrix microapps service can build, using public URLs, with no authentication requirements. We’ll be using the RSS integration to talk to a WordPress RSS feed and build a microapp from that.

Here’s roughly how it’ll look in Workspace, when it’s finished:

Why bother?

I’ve spent the last few months learning about microapps, and implementing them into Citrix Engineering’s pre-release Workspace environments – and honestly, I wish I had a guide like this to follow when I first started. So here we are 🙂

My hope is that following this guide will help you get familiar with the concepts, before you dive into the heavier stuff, like accessing internal API endpoints for enterprise systems, or figuring out the details around Oauth 2.0 authentication.

By following this post you’ll learn:

  • How to add an Integration and a microapp
  • How to make changes to how a microapp displays data

What are we building?

We’ll build a Citrix Blog posts microapp, which uses the RSS Out-of-the-box integration to connect to the Citrix Blogs RSS feed, which happens to be in a WordPress format and:

  • Notifies Workspace when there’s a new blog post
  • Enables colleagues to view blog posts from Workspace
  • Allows colleagues to view a list of blog posts in a searchable table

Before you start

This guide assumes that you already have access to the Microapps service in your Citrix Cloud account. If you do not, you can request access to a Test Instance here:

First, familiarise yourself with the following microapps concepts by reading the documentation that covers Terminology

Specifically you’ll need to learn the meanings of:

  • Integration
  • Microapp
  • Notification
  • Page
  • Action

I’ll be using the above terms liberally, so knowing what they mean will help.

Let’s build it!

We’re going to:

  1. Add an RSS Integration to sync Citrix Blog posts
  2. Change the name of the microapp so it’s more intuitively named in Workspace Actions
  3. Change the sort order of Blog posts to: Date, Descending
  4. Change the Description field of the Item Detail page to show HTML content for prettier viewing
  5. Set the Title of the blog post to be in the header of the page
  6. Add a “View Post” button, that goes to the Blog Post online
  7. Setup the Synchronization Schedule
  8. Add Subscribers to the microapp (so they can see Notifications and Actions)

Add the Integration

Go to the Microapps Admin page, and choose “Add New Integration”

If asked, you want to use a Citrix-provided template

Choose the RSS Integration

Give the Integration a name, such as Citrix Blogs (RSS), and enter the URL to the WordPress RSS feed. In this example, for Citrix Blogs, the URL to the RSS feed is:

You’ll then be taken to the Microapps list of integrations, and you’ll see the new integration. Inside, it’ll already have a microapp configured called “Items”, and you’ll see it has Synchronized. We’ll be modifying this microapp to make it fit our needs.

Because the RSS Integration is deliberately generic – we need to make a number of tweaks to make the Blog microapp nicer to use and look at.

Change the name of the Microapp

We change the name of the microapp, because this is how it appears in the Actions pane in Workspace. If we keep it as “Items”, its naming isn’t particularly user friendly. In our pre-release environments, we rename this microapp to Citrix Blogs, so people will know what they get when they click the Action.

To change the Microapp name:

  1. Click on “Items”
  2. Go to Properties
  3. Change the App Name, and the App Description to something more meaningful such as “Citrix Blogs” and “Shows posts from Citrix Blogs”
  4. Click Save

Here’s a comparison of how they’d look in Workspace. I much prefer it to say Citrix Blogs. rather than Items 🙂

Change the sort order of Blog posts to Date, Descending

Out of the box, the Items table is not sorted by Date. Let’s fix that so it’s suitable for a Blog post list that shows the latest posts at the top of the table.

In the Citrix Blogs microapp, click on Pages, then click on Items

Click the Table, so that it’s highlighted (a blue x will appear in the top-right of the table). Then click Set Order, or Edit Order, under Data Order

  1. Set the Order by to: items, published_at, Descending.
  2. Click Save

Bonus points: Change the table Label from Items to Blog Posts. Again, this just makes it look nicer.

Displaying HTML content from the blog posts

Just FYI: This HTML component is in the product at GA because I had issues with showing blog content in the microapp page, and the Product Management team did amazing work to accelerate their plans for this functionality. It sounds small, but it’s just one tangible example of what I (and my team) do inside Citrix – we use the product, we feedback, we help make things better

Out of the box, the RSS Integration shows raw text. It works really well for many kinds of feeds/data, but for some RSS feeds, the fields have HTML embedded in them.

Out of the box, it looks like this:

And we’re going to tidy it up so it looks like this:

Add the blog title to the header of the Page

Set the Blog Title as the page title and remove the existing title. This makes the title look much nicer:

  • Go to Pages, then click on Item Detail
  • Click the Back button in the Builder viewer
  • In the right-hand pane, set the Title Template from blank, to {{title}}
  • Click the Title text in the main body of the Builder viewer, and delete it (because the title is now shown at the top of the page)
  • This will now show the Blog post title in the Page header (and looks much nicer)

Replace the Description default Test component, with the HTML Content component:

  • Drag the HTML Content component so it goes above where the current Description text component is
  • Set the Label (you can make it blank – it’s not required) and set the Data Table to “Items” and the Data column to “Description”
  • Delete the other Description component, by clicking on it, then clicking the X in the top=right hand corner.

It’ll then populate the HTML component and look much nicer!

Personally, I remove the Categories Table, as it serves no purpose in this view. Click it and remove it with the X in the top-right corner of the Categories Table.

Add a button to link to the Blog Post

Finally, let’s add a button to link to the Blog Post. This is a nice way to allow people to open the blog post if they want to read more than just the lede.

Drag the “Button” button to the bottom of the page:

Then, set the button up like so…

Change the Button Label from Button, to “View Post” (or whatever you’d like it to say :))

Now we setup the link part.

Click Actions, on the right hand side:

Then on the Drop down, choose “Go to URL”

Expand the Goto URL, then click on Insert Variable

From the dropdown, choose “url” and click Insert:

You’ll then see the field populated with {{url}}. This will insert the Blog Post’s URL into the button, and will launch the site when clicked.

Preview the microapp to see your handiwork:

Looks good!

Set a Synchronization Schedule

Now we’ve made the microapp, with its pages, we should set a Synchronization Schedule.

The schedule is up to you and the feed you’re pulling in. For Citrix Blogs, we set this to once every hour, which is a good balance between keeping things up to date, but not hitting the website too much with requests.

After a sync happens, if a new blog post entry is found a notification is sent to Subscribers to that microapp, and it appears in the Workspace feed (and, if enabled, a Push Notification to the person’s device with Citrix Workspace app, too)

Please note: The first time you sync – no Notifications will be generated. So when you look in your feed, there won’t be any Notifications yet. This is because notifications are generated the next time a sync occurs and there’s new blog posts. The first sync will simply load up the microapps cache. You’ll need to wait for a new blog post to be posted into the RSS, and for a sync to happen, for a notification to be generated.

You set the Synchronization by going to the Microapp Integrations page, clicking the three dots next to the integration and choosing Synchronization

Adding Subscribers to the microapp

The final step of this process: Giving people access to the microapp itself. Without being granted this, people won’t see the microapp, or the notifications

To give people access, Click the three dots next to the microapp, and choose Subscriptions

In the example below, I’m showing that you can add Security Groups, as well as individual users. This can help you test, and gradually roll out the microapp in a live environment in phases, to help ensure quality and user acceptance.

Pat yourself on the back

You just made your first microapp!

You learned how pages work, how to modify those pages if you need to, you learned about changing and adding variables to buttons and components, how to order data in tables, add buttons that link somewhere else, and finally how to add subscribers to a microapp, schedule synchronizations and how to preview it.

There’s a lot to take in, but hopefully running through this will make it easier on you when you come to do more heavy-weight microapps that might need things like authentication, and on-premises connections with the Connector Appliance.

Happy microapping 🙂

Install Citrix Cloud Connector on Server Core 2016


This post will provide some quick notes on installing the Citrix Cloud Connector on Server Core 2016.

Conceptual overview

  • We’re going to take our domain-joined Server Core installation and install the Citrix Cloud Connector on to it.
  • You can’t simply run the installer from the Server Core UI, because Server Core doesn’t have all the bits required for the Connector wizard to work.
  • So to work around this we’ll get an API Access key from Citrix Cloud admin UI and use that to install the connector silently on the command line.

Pre-requisites and considerations

  • It’s assumed you have installed Server Core 2016 and joined it to the domain.
  • I believe you’ll need an API access secure client entry for each controller you’re setting up. Happy to be corrected on this, but it feels like that’s the best way to go about this.
  • The API access key is tied to the Citrix Administrator. If that Adminstrator account is later revoked access or permissions changed, the API keys will stop working. More on this here.
  • As of right now (September 2018) installing the Cloud Connector on Server Core is not supported – however, the team is aware of appetite for this, and have a workstream open to do some testing with all the components.


Create an API Access secure client entry for the connector

Go to > Identity and Access Management > API Access tab

Enter a descriptive name of your Server Core VM in the “Name your Secure Client box” and click Create Client – I typically use the VM hostname so it’s easy to track which controllers are using which credentials. If you want to add more contextual info, do so. The field isn’t tied or reliant on the VM name at all.

Store the ID and the Secret given to you in a secure place. You’ll never be given the Secret again, so I’d recommend storing it securely.

Gather required information

To install the connector from the command line you’ll need the following information:

  • Citrix Cloud Customer ID
    • You’re told this just before you make the API access credentials, when entering a secure client name.
  • API Access secure client ID
    • You’re told this when you make the API access credentials
  • API Access secure client Secret
    • You’re told this when you make the API access credentials
  • The ID of the Resource Location you’re installing the connector into.
    • This is the UUID of the Resource Location, not its friendly name. You’ll find it in the Resource Locations – click on “ID” to view it.

Download the Connector onto the Server Core VM

Log in to the Server Core VM and run the following, replacing “yourcustomeridhere” with your Customer ID

Install the connector silently

Now, from the same command line, build your silent install command, replacing yourcustomeridhereyourclientidyourclientsecret, and yourresourcelocationid with the information you gathered earlier, and run it:

That’s it. You won’t get confirmation that it worked, so you’ll need to check via Citrix Cloud

Check your Resource Location to verify connectivity

Go back to the Citrix Cloud UI and check your Resource Locations to verify if the connector is being setup. It can take a few minutes to complete.

Uninstalling the Cloud Connector

Should you need to Uninstall the Cloud Connector from Server Core, you can run:

It looks like this isn’t documented (not mentioned if you use /?) but it does work.

Further reading


Base image automation – download the latest installers for common apps with PowerShell


Long overdue, and inspired by @xenappblog and @CIT_Bronson, I’m finally documenting this.

In the Citrix RTST environment, we are frequently updating our base images with the latest common apps. To help with this, I cobbled together some scripts that will grab the latest version of apps like Chrome Enterprise, Firefox, VLC, Visual Studio Code, NotePad++, and FileZilla.

PowerShell Scripts

Below is a list of super-basic PowerShell snippets that will get the latest versions of software commonly installed on base images in a Citrix XenApp-Virtual Apps and Desktops-type environment. They include the URLs used; useful if you just need the URLs for your own purposes.

The key to all of these is the URLs used – most installers have special URLs you can use to get the latest installer, but the challenge is finding them!

Some of the techniques used in these scripts may be useful to help build scripts for other apps you may need for your environment.

You’ll need to change $output or -OutFile location to match where you want the installer to be saved.

Get Latest Google Chrome Enterprise

This will get you the latest stable build of Enterprise Google Chrome:

Get Latest Firefox

Get Latest VLC

Get Latest Visual Studio Code

Get Latest NotePad++

Get Latest FileZilla

Other resources

The End-User Computer (EUC) community, including Citrix Technology Professionals (CTPs) are already sharing their techniques for getting other apps, including Adobe Reader DC, XenServer tools, and Firefox. If you’ve got something to share, let me know in the comments and I’ll get it added!