Teams on VDI 2x2 Gallery View feature will enable to view up to four attendees videos in 2x2 Gallery View on VDI clients from Citrix, VMWare when Teams client in VDI optimized mode. Microsoft Teams in a virtualized environment supports chat and collaboration. And with the Windows Virtual Desktop, Citrix, and VMware platforms, calling and meeting functionality is also supported. Teams in a virtualized environment supports multiple configurations. These include VDI, dedicated, shared, persistent, and non-persistent modes. The Windows and Mac Citrix Workspace clients support Team optimization at the time of writing this article with Linux on the way. Installing Teams on a VDI environment When installing Teams on a VDI environment, it must be installed a certain way.
Average time to read:4minutesHow I tricked the HdxBrowserCef.exe (Chrome Browser) process into presenting itself as an Edge Browser enabling the best of both worlds.
This is a guest post, written by Dennis Smith.
We needed to be able to make a Microsoft Teams video call via our VDI. But since the Citrix HDX optimization for Microsoft Teams is still not released, my chances of getting it to work were slim to say the least. But I’m one of those people who won’t take ‘no’ for an answer.
The situation
Our organization uses, like many production environments do, the Citrix Virtual Workspace 7.15 LTSR CU3. We host a VDI and make the VM’s available via a Netscaler.
We thought, maybe we can get it to work usingthe browser (teams.microsoft.com) and Citrix ‘Browser Content Redirection 2.0’,using Fernando Klurfan’s guide here;
We had set up the environment and contentredirection with YouTube worked.
Under the hood
A close inspection on how this system really works was needed to find a solution to our problem. Just like flash redirection a few years ago, I know that the URL that has to be displayed is passed on via the ICA client, ahhum, sorry, I mean the Workspace App, of course.
On the client side, Citrix uses theHdxBrowserCef.exe to render the pages locally.
This immediately raised some questions, whatdoes CEF stand for?
After setting the necessary policies/reg keysto enable redirection, as shown below;
And installing the Chrome extension;
We were able to successfully run teams locally, and everything worked…
Except video calling.
No video calling using Chrome, no Browser redirection using Edge
It seems that browser video calling is notpossible using Chrome, I don’t know why, because technically it’s not an issue,at all. I know that Microsoft Teams in-browser video conferencing on Edgeworks. Must be a political thing. Apparently, on the server side Microsoftchecks what browser you’re using and only allows Edge browsers to do videoconferencing. However, the issue remains, Edge does not support browserredirection.
After some tests, I found that Chrome could befooled into presenting itself as if it was Edge by setting the User Agent to aEdge identifier. Using shift-control i,and select, network conditions, User agent;
Now if I could only fool the local browser inpresenting itself with a Edge user agent. The local browser is in this case isthe ‘HdxBrowserCef.exe’, it comes with the Citrix Workspace App (Receiver).
Further inspection on the HdxBrowserCef.exerevealed that it uses the open source lib called Chromium Embedded Framework(CEF). It does not use the local Google Chrome. Now we know what CEF stands forin HdxBrowserCef.exe.
The question is, is it possible for CEF tochange the user agent, and does CEF support webcam access?
Yes, it is, and here’s how!
and;
(source https://ourcodeworld.com/articles/read/425/how-to-enable-webrtc-access-camera-and-microphone-for-cefsharp-in-winforms)
But to re-write the whole HdxBrowserCef.exe isa bridge too far, we only needed it to present itself as Edge.
I started searching for User Agent strings in the Citrix Workspace App folder that holds the HdxBrowserCef.exe. And found it in the ‘libcef.dll’. We dove into the file using a hex editor (https://hexed.it/), searched for ‘mozilla’, because that’s in all User Agent strings;
Changed this into;
Adding an Edge user string to the User Agentstring. Saved the .dll, and tested this using www.whatismybrowser.comto see if we successfully fooled the HdxBrowserCef.exe into presenting itselfas Edge. And it worked! Notice that strings are stored using &h00 as ‘endof string’, and &h20 as ‘space’.
The next test was, will in-browser Teams videocalling work?, the icon was there so it looked promising.
After a few video calls, I concluded thiswork-around works. Please keep in mind that using this setup every redirectedweb-page, including youtube, will be requested as Edge.
Dennis Smith – Gourami.eu
Disclaimer: this article is intended as atechnical proof of concept. We do not recommend doing this yourself.
Teams is actually a really good enterprise messaging and collaboration tool and as its in many O365 subscriptions etc then it’s a no-brainer to use it.
However teams also has an unpleasant after taste for SBC/VDI admins (its not the only app that does mind you) in the way that it is installed. By default, running the installer for Microsoft Teams doesn’t actually install the application but it extracts a package and a json file into the c:program files directory. When a user then logs into a their VDI instance the package is extracted and installed directly into the users profile (around 500mb natively).
For physical devices this doesn’t cause too much of a hassle but for VDI implementations this causes a massive headache. If you consider a typical non-persistent VDI environment which includes some kind of profile solution, Citrix UPM, VMware’s persona manager etc etc you get some highly undesirable effects.
You either have to persist the default locations for theinstallation files within your profile management solution adding at least 500mb’sto each profile (no thank) or users have to accept that on each logon to a nonpersistentfresh desktop the Teams installer will execute providing a non ideal userexperience while the CPU is busy performing the installation actions and whateverelse it has to worry about during a logon.
A great solution to this is FSLogix and Office365 or profile containers to containerise the installer reducing the user impact by persisting the data natively within an OS as far as Windows is concerned. This is one of the reasons why Microsoft purchased FSLogix then provided effectively free licences for anyone who purchases RDS,VDA, E3 and above O365 among others. This obviously covers pretty much about everybody. however the problem will still be the same that while Teams is containerised within FSLogix that is still 500mb x No. of users of storage space that could be put to better use.
Despite the great FSLogix option there’s no denying that Teamsis a badly written application for any kind of non-perisitent solution andeveryone has been commenting on the situation for some time. It appears thatMicrosoft are now starting to do something about it.
Microsoft have released a version of Teams that is a machine based install which does not install the application into a profile location but with in the correct C:program files location with the caveat that it available for VDI instances only. Sorry SBC people you’ll have to have wait a bit longer I think.
Microsoft have recently released this articlewhich includes download links to the x64 and x86 versions of teams and aspecific command line to run in order to install Teams as a VDI friendlyproduct. I wanted to have a look at this executable and see how it installed.
The command line you need to install teams is:
msiexec /i Teams_Windows_x64.MSI /l*v Teams.log ALLUSER=1
The critical difference here which either installs teams inthe standard in profile mode or VDI mode is the ALLUSER=1. DO NOT get ALLUSERconfused with ALLUSERS=1 its not a typo!
In order to find out a bit more about the teams installer Ibroke open process monitor and ran the command line without having preinstalledany typical VDI agent packages into a windows 10 instance. Sure enough theinstaller errors out with an error stating “cannot install for all users when aVDI environment is not detected”.
Looking into the process monitor logs it appears that theteams installer looks for specific VDI agent based registry locations to determinewhether it will install or not.
The installer looks specifically looks for the followingregistry keys
Microsoft Teams For Vdi
HKLMSOFTWARECitrixPortICA
Microsoft Teams On Citrix Vdi
HKLMSOFTWAREVMware, IncVMware VDMAgent
These reg keys are obviously associated with the two big VDIvendors however if you are using another vendor again you may be out of luckfor now. If a VDI agent is not installed then the installer looks for thesekeys only and then fails the install however if the VDA is installed it alsolooks for quite a few other keys so at the moment its not a case of creating asingle key to fool the installer.
However once you have a standard VDI agent installed you will then be able to run the installer command and you will see that rather than putting only the package and json file within the program files location it will now install full application into program files with the only exception to the rule being that the Squirell install log file is placed within the user profile and also a folder is created for Teams addin’s within the C:Users%username%appdatalocalMicrosoftTeamsMeetingAddin.
The change to MSI package are certainly welcome and a good initial step in providing a machine based install for Microsoft Teams which hopefully will also migrate across to the other apps that are guilty of the same behaviour(cough OneDrive). I personally would like it be a choice for the customer whether they want to go to the standard version of teams ensuring that they stay up to date with the latest versions automatically across their estate or take a steadier approach by using the machine based install versions
without the VDI technology search behaviour which would require more administrative effort for IT teams but a further degree of control that most companies find comforting.
A couple of things worth noting is that like its non machine based install counterpart Teams is not yet optimised for VDI voice and video capabilities, such as the HDX realtime pack so Microsoft recommend disabling the calling feature within teams.
The machine based installed is also not automatically updated so IT teams will need to manage the update procedure as they would for any other application.
Teams Vdi Download
Author: Dale Scriven