Introduction This document explains the different scenarios in which user customization may be missing from Virtual Computer Services (VCS).   Applicability This article applies to anyone using or supporting Virtual Computer Services (VCS) user profiles.   Details Generally there are two scenarios where profile items may be missing.   Scenario 1: Certain profile items may be missing such as mapped network drives, mapped network printers, Google Chrome bookmarks, custom wallpaper. But files on the Desktop, Documents, Downloads folders are still there. 95% of the time, this is caused by not logging off before the VCS virtual machines are restarted every Sunday morning at 1:00 am, and is often noticed Monday morning. If a proper Windows log off (Start ->Sign Out) is not done, then these profile items are not saved to the profile server for use next time. Be sure to sign out from your VCS desktop prior to Sunday @ 1am.   Scenario 2: If a user profile cannot be loaded for whatever reason, the user may get signed into Windows, but be provided with a temporary profile. Usually this happens for a couple reasons: The user logged off of one virtual machine, and immediately logged into a new one. The old profile may not have been synced back to the profile server, before it is requested to be synced to a new machine. Usually waiting about 30 seconds - 1 minute after logging off before launching a new machine is recommended. The user profile may have components that are corrupt, and cannot be synced. Examining the Application Event Log may provide more information as to why the profile could not be loaded. The Event log may provide the solution in the action item, or potentially, the profile may need to be rebuilt. An incident ticket to IST will be required in this case.   Keywords: VCS, Virtual Computer Services, profile, missing, drives, printers, bookmarks

Introduction Follow these steps to connect to a VCS (Virtual Computer Service) virtual machine from an Android based device.   Applicability This article applies to anyone using or supporting VCS.   Details To connect to VCS from an Android device, you'll need to get the Citrix Workspace App from the Google Play store. Citrix WorkSpace App Once you have it installed on your device, open it, and you'll see a fairly blank screen. We will need to enter the URL for Citrix Workspace App to connect to. Press the + sign in the bottom right to add a URL, which will bring up the following screen. Enter "https://vcs.med.ualberta.ca" (no quotes) and enable the option "Add account type as Web Interface", as you see in the screenshot below. Once you connect, you'll be presented with the username/password login screen as if you were connecting from a desktop/laptop, and if you're connecting your device from off campus, you'll be prompted for the multifactor authentication (MFA) prompts if necessary.   Keywords: VCS,Virtual Computer Services,android

Introduction This article will show you how to force a specific keyboard layout within VCS (Virtual Computer Services).   Applicability For anyone using or supporting VCS where keyboards type the wrong characters.   Details By default, VCS will try to determine the type of keyboard you have, and make that same keyboard layout available within VCS. While the vast majority of people use a US-English keyboard layout, sometimes some computers may come with a Canadian-French keyboard. In some cases, you may need to specify the keyboard layout you want to use within VCS, as the auto-detection will not work properly. This may lead to unintended problems such especially if you end up using two or more computers that have different keyboard layouts. This may especially present problems if you set a password on a keyboard layout that you don't normally use. For people connecting to VCS from an Apple product, or someone using Linux, the keyboard layout detected within VCS commonly may not be the same keyboard layout as what you have specified on your client machine. For this you will need to edit a configuration file on your endpoint machine, to force a specific keyboard layout into VCS. MacOS Be sure you are not connected to VCS while doing this step. Open Finder Click on the Go menu at the top Click on Go to folder... type in the path /users/username/library/Application Support/Citrix Receiver, replacing username with your user account Edit the config file with the OSX text editor Change the line "KeyboardLayout=(User Profile)" to "KeyboardLayout=US" Save the file In some cases, doing the step above, doesn't always resolve the issue, so additional steps may be required. Again, make sure you are NOT connected to VCS while doing this step. Open Finder Click on the Go menu at the top Click on Go to folder... type in the path /users/username/library/Application Support Delete any folder starting with Citrix, such as the screenshot below. Leave the Finder window open, as we'll need to come back here. -{OPTIONAL}- You may want to take this opportunity to upgrade to the latest version of Citrix Workspace App that is compatible with your version of OSX if you haven't done so for a while. Use these KBs for assistance VCS Downloads  Installing Citrix Workspace App Launch VCS, this will create a new set of Citrix files in the /users/username/library/Application Support with the default factory values Disconnect from VCS Go into the Citrix Receiver folder in Finder Edit the config file with the OSX text editor Change the line "KeyboardLayout=(User Profile)" to "KeyboardLayout=US" Save the file Launch VCS   Linux Be sure you are not connected to VCS while doing this step. Open terminal Type nano /.ICAClient/wfclient.ini Change the line KeyboardLayout = (User Profile) to KeyboardLayout = US Save the file, press Ctrl X then press Y then press Enter to overwrite the same filename.   Keywords: VCS,Virtual Computer Services,OSX,linux,keyboard,keys

Introduction This article contains steps to connect to a VCS (Virtual Computer Services) desktop from an iOS device as well as some troubleshooting advice. Applicability Anyone using or supporting VCS, wanting to connect from an iOS device such as an iPad, or iPhone.   Procedure To connect to VCS from an iOS device (iPhone or iPad), you'll need to get the Citrix Workspace App from the App store on your device. After it is downloaded and installed, open up the Citrix Workspace App, and press the Get Started button. Instead of entering a Store URL right away, we'll need to click on the ellipsis button in the top right, then down to Manual Setup You'll need to enter 3 things on this next screen. Enter https://vcs.med.ualberta.ca in the address field. For Description, you can enter VCS and then ensure Web Interface has a checkmark next to it. Then press Save in the top right. A sample is shown below: After hitting Save, it'll take you right to the login screen asking for your username and password. If you are connecting from off-campus, then you may need to provide the multifactor authentication part as well. Troubleshooting Virtual Desktop Connections If you encounter problems launching a virtual desktop at the desktop selection screen, and get an error #183. You may need to change a setting in the Workspace App. These instructions will work for both Android and iOS devices, as the process is almost identical. Click on the Ellipses or Gear button in the top right corner of the Workspace App, and go to Settings. Once in the settings menu, press TLS Versions. Then select TLS 1.2 You should now be able to launch a virtual desktop.   Keywords: VCS,Virtual Computer Services, iOS,, iphone, ipad, Apple

Introduction This article discusses multifactor authentication (MFA) for Virtual Computer Services (VCS) instructions that can be used to access VCS while off-campus. Applicability This document applies to anyone who uses or supports external connections to VCS where multifactor authentication is required. Procedure Table of Contents 1. Getting Started 1.1 What is Multifactor Authentication (MFA)? 1.2 Downloading the SecureAuth Authenticator App 1.3 Connecting to VCS on Campus for the first time 1.3 Logging into VCS off Campus for the first time 2. Enrolling your Mobile device for MFA 2.1 Logging into the MedID Portal 2.2 Enrolling with a QR Code 2.3. Enrolling with a URL 2.4. Enrolling with a Yubikey 3. Connecting to VCS with MFA 3.1. Authenticating with push notifications 3.2. Authenticating with time-based passcodes 3.3. Authenticating with a Yubikey 4. Frequently Asked Questions VIDEO TUTORIAL 1. Getting Started 1.1. What is Multifactor Authentication (MFA)? Multifactor Authentication (MFA) is a security technique where an additional method is used to identify a user when they're logging in. Usually with a secondary device like a phone. Multifactor Authentication is used when connecting to VCS from locations outside the FOMD, UWS, or AHS networks. This is used to enhance security for remote connections. IST has set up the application SecureAuth Authenticator to be used when logging into VCS. The first step to setting up remote access to VCS when working offsite is to get the SecureAuth Authenticate application on your Android or Apple smartphone. If using a mobile phone is not an option, a hardware USB device can be used instead. Please contact the Service Desk at 780-492-8000. 1.2. Downloading the SecureAuth Authenticator App To install the SecureAuth application; go to your device's application store, and search for "SecureAuth". Alternatively, provided links have been provided to the application in the Android and iOS App Stores as well. After installing SecureAuth, you will need to connect to the MedID Portal to link the app to your MedID. Following downloading the SecureAuth Authenticate app on your mobile device, you'll need to enroll your device with the VCS enrollment site, which is only available from with VCS. Follow sections 1.3 or 1.4 for help with connecting to VCS for the first time. Android iPhone SecureAuth for Android SecureAuth for iOS 1.3. Connecting to VCS on Campus for the first time You can connect to VCS from on campus with your MedID and password once your MedID has been enabled. And you will not need MFA, however it is a good idea to set it up while you're on campus help make logging in easier when you're off campus. If you are off-campus, you can still log in, but you will need to contact the service desk to log in; please proceed to section 1.4 Connecting to VCS off campus. Citrix Workspace app is required to connect to VCS, and will be prompted to install when you sign into the VCS website. Additional support for installing Citrix Workspace App can be found at KB0013163. Go to https://vcs.med.ualberta.ca; then enter your MedID and Password. At the desktop selection screen, click on Windows 10. The Desktop viewer screen will show up and begin to log you into VCS. 1.4. Logging into VCS off Campus for the first time You can still connect to VCS from off campus with your MedID and password once your MedID has been enabled. However, prior to setting up MFA, you will need to contact the service desk to log in. Citrix Workspace app is required to connect to VCS, and will be prompted to install when you sign into the VCS website. Additional support for installing Citrix Workspace App can be found at KB0013163. You will need to call the service desk at 780-492-8000 to receive a temporary PIN to grant you access to VCS. Otherwise you will not be able to log in. Please call them immediately prior to logging in to receive the PIN. After receiving the PIN, go to https://vcs.med.ualberta.ca then enter your MedID and Password. When you connect, you'll need to specify whether you are on a Public Computer or a Private Computer, then enter your MedID and click Submit. The difference between "public computer" and "private computer" is that selecting 'this is a public computer' will force the VCS website to forget your computer's "fingerprint" when you close the browser. Whereas selecting 'this is a private computer' will have the site remember your computer's "fingerprint". The fingerprint is a way that the VCS website remembers trusted devices, so you are not prompted for MFA every time you login. Select the Personal Identificaiton Number (PIN) option and click Submit. Enter the PIN you received from the service desk. Then click Submit. Enter your MedID password. Then click Submit. At the desktop selection screen, click on Windows 10. The Desktop viewer screen will show up and begin to log you into VCS. 2. Enrolling your Mobile device for MFA 2.1. Logging into the MedID Portal Within the VCS virtual desktop, open a web browser and browse to the following website; https://medid.med.ualberta.ca Enter your MEDID and then click Submit. At this point you'll only have one option to receive the 6 digit passcode, which is by email. Select Email, then click Submit. If you get an error here, most likely a work email address must be added to your MEDID account. Please contact the Staff Service Centre at 780-492-8000 to have it added. Check your email for the FOMD passcode. Enter the passcode from your email into the text field. Then click Submit. Followed by entering your MEDID password. Then click Submit. 2.2. Enrolling with a QR Code This is the default method to enrol your device for MFA. However if your phone's camera does not work or you encounter any errors then skip to the next section. Log into VCS, and connect to the MedID portal using the instructions in "Section 2.1 Logging into MedID Portal". From the MedID portal, select Mobile App Enrolment. On the Mobile App Enrollment screen, open the SecureAuth Authenticate app on your mobile device. On your phone, tap Yes or Allow on any pop-ups requesting access to your camera or to send notifications. Using your mobile device, scan the QR code you see on your computer monitor. Note: if your phone fails to scan the QR code, you may need to refresh the website to generate a new QR code. Note: If this still fails, or you can not scan the QR code at all, proceed to Section 2.3. Enrolling with a URL. Once your mobile device successfully reads the QR code, you'll be sent to a dashboard showing your webcode as "LOCKED". This is expected, as you will need to create a new PIN in order to unlock your account. To create a PIN, tap on the LOCKED webcode. You will be shown a pop-up asking you to setup your PIN, tap on Go to App Lock to proceed. You will be taken to the App Lock screen to enable methods to unlock the SecureAuth app to help ensure that other people cannot use your phone to access your MedID. Tap on Passcode to create a PIN. You will be taken to a screen to create a new PIN for this application. Enter a 4-digit PIN that you will remember, then you will be asked to confirm your PIN, enter the exact same PIN to confirm. Do not give out this PIN to anybody, and IST will never ask you for this PIN when assisting you. This PIN is only used when exposing the 6 digit code on the SecureAuth Authenticor app on your mobile device if using the One Time Passcode login method as shown in section 3.2 You will be taken back to the App Lock page, feel free to enable other forms of security for this application (such as Touch ID/Fingerprint recognition or Face ID/Face recognition). You can use these in lieu of the PIN. Afterwards, you can close the App Lock page to return to the dashboard. If you can see the 6-digit passcode, then you have enabled security within the application successfully. Finally, you will need to perform a final step to enable your MedID to use MFA. Return to the MedID website within VCS, and enter the 6-digit passcode on your phone in the text box under "3. Confirm". Then click Enable. Your mobile device has now been enrolled. For all future attempts to log in off-campus, your phone will receive a notification to prompt you for authentication. Note: If push notifications are not working. You can use the passcode you entered in Step 12, though you will be asked to enter the PIN or use other forms of security that you set up previously. 2.3. Enrolling with a URL If using the QR code method for enrolling does not work, you can specify a URL for enrollment directly in the Authenticate App. This following section will be done in-lieu of Step 5 from the previous section. Complete Step 1 through Step 4 in the previous section, "2.2. Enrolling with a QR Code". From the Authenticate mobile app start by tapping Other Pairing Options. On the next screen enter the following URL into path: "https://secureauth.med.ualberta.ca/secureauth20" then tap on Pair. You'll be directed to a login page where it will ask for your MedID. Enter your MedID and then tap on Submit. Next, you'll be sent a 6 digit passcode to the email we have associated to your MedID (most often is your Ualberta email address). After receiving the code in your email, enter the 6 digit passcode in your email and then tap Submit. in the next screen on your mobile device, then tap on Submit. Next, it will ask for your MedID password to confirm your identity. Enter your password and tap Submit. You will now be enrolled! Please continue the steps from the previous section from Step 6 through 12. 2.4. Enrolling a Yubikey for MFA This is for those who either have a phone that will not work for this purpose, or cannot use their phone for their MedID. IST offers a device called a "YubiKey", which is a USB device that performs the same functions as the SecureAuth application; however it will need to be plugged in on any and all computers that you will sign in to VCS with. So ensure that you keep it with you on all times. Request a YubiKey from IST via the service portal found at the Staff Service Centre; or call the service desk at 780-492-8000 to have them help you with submitting a request. After you have received a YubiKey. Follow Section 2 "Enrolling your Mobile device for MFA using a QR Code" from Step 1 through Step 6. On the https://medid.med.ualberta.ca website, choose Yubikey Enrollment. Plug the YubiKey into your computer, then press on the little gold Y button on the YubiKey itself with your finger, which will automatically fill in the text field with a code for that Yubikey. Then click Submit. Once you see the Yubikey saved successfully, after being verified, then you can close the browser tab. 3. Connecting to VCS with MFA Now that you have set up MFA on your mobile device, you should test it by logging into VCS. You have two options Push Notifications and Time-based Passcodes. By default you should receive push notifications as it is the easier method; but we offer time-based passcodes as a fallback. 3.1 Authenticating with push notifications Browse to https://vcs.med.ualberta.ca on your computer. If you are on a public computer, then you'll want to set it as being on a public computer, so it doesn't remember your login. Enter your MEDID and then click Submit. To receive a push notification for authentication, choose the option to Send login request to _______ option. If push notifications are not working, then proceed to the following section; 3.2 Authenticating with Time-based Passcodes. On the next screen, you'll see either a randomly generated number or letter, you'll need to tap on the matching character on your mobile device to confirm your identity. Next it will move the login along to the password screen. Enter your MedID password then click Submit. From here you will be at the desktop selection screen. Select Windows 10 or any other virtual computer you need to access. 3.2 Authenticating with time-based passcodes. If push notifications are not available or not working, then we offer the ability to manually enter a 6 digit passcode from the SecureAuth app on your phone. This uses the same techniques as push notifications, however the only difference is that push notifications automatically send the 6-digit passcode to the login servers. Whereas time-based passcodes are entered manually. Time-based passcodes change very 60 seconds. The app on your phone will tell you how much time is left before a password resets, so be aware when a passcode will reset before entering it. Browse to https://vcs.med.ualberta.ca on your computer. If you are on a public computer, then you'll want to set it as being on a public computer, so it doesn't remember your login. Enter your MEDID and then click Submit. Select Time-based Passcode. Then click Submit. On your mobile device, open the SecureAuth Authenticate app, and tap on the account that was created when you enrolled your device. The app will prompt for your PIN that you created when you enrolled. This will then show the 6 digit passcode, from there, enter it into the VCS website, and then click Submit. Then enter your password then click Submit. From here you will be at the desktop selection screen. Choose your VM to launch. 3.3. Authenticating with a Yubikey If you don't have a phone that you can authenticate with, and you have followed the steps in 2.4. Enrolling a Yubikey for MFA then you can use a YubiKey to authenticate. Browse to https://vcs.med.ualberta.ca on your computer. If you are on a public computer, then you'll want to set it as being on a public computer, so it doesn't remember your login. Enter your MEDID and then click Submit. Select YubiKey Device then click Submit. Insert the YubiKey into your computer, then press on the little gold Y button on the Yubikey itself with your finger, which will automatically fill in the text field with a code for that Yubikey. The site will the proceed to the password page automatically. Enter your MEDID password then click Submit. From here you will be at the desktop selection screen. Choose your VM to launch. Frequently Asked Questions I lost my mobile device, what should I do? Contact the Service Desk at 780-492-8000 or log a ticket on the Service Portal and an Analyst will remove the lost device from your user profile. Can I enroll more than one mobile device? Yes, you can enroll up to 5 mobile devices. I'm on a business trip and my mobile device is not working, how can I login? Contact the Service Desk at 780-492-8000 or log a ticket on the Service Portal and an Analyst will generate a One-Time Passcode (OTP) for you. What mobile devices are supported? IOS, Android, Microsoft, and Blackberry devices are supported. Huawei devices are not supported due to U.S. embargo MD-839. My mobile device does not have an internet connection or push alerts are not working, how can I login? You can generate an OTP from the mobile application. Your mobile device does not need an internet connection to generate an OTP. When logging in, do I select public or private computer? If the computer you are using is not your personal computer, you should select public computer. Public computers are not stored as trusted computers in your user profile. Can One-Time Passcodes (OTP’s) be sent to my personal email address? No, for security reasons, OTP's are only sent to your U of A email address. Why I am no longer required to use MFA to login from my personal computer? Personal computers are stored in your user profile as a trusted computer during the first login with a fingerprint. Should the fingerprint change, you’ll be prompted to with multifactor authentication again. I do not have a mobile device to use for MFA, what other options do I have? You can purchase a hardware token from IST. This is known as a YubiKey. Keywords: VCS, Virtual Computer Services, multifactor, authentication, login, off campus, external, 2FA, MFA