Friday, December 23, 2011

Upgrade to IE9 kills Citrix Web Interface

 

After an upgrade to IE9, You are given a prompt to Open, Save, or Cancel the launch.ica connection file. But when you save the file you get a .partial file instead of the .ica file.

You can fix this with a change to how IE9 uses ActiveX filtering but the smart money is on just performing a Citrix client update.

Today the Citrix client is called a receiver, download it here: http://www.citrix.com/English/ss/downloads/index.asp

 

Here is a Citrix article on it. http://support.citrix.com/article/CTX129082

Friday, December 02, 2011

Often in logon scripts you test for versions and releases

Official Windows operating system version numbers.

Operating system Version number
Windows 7
Windows Server 2008 R2
6.1
Windows Vista
Windows Server 2008
6.0
Windows XP 64-Bit Edition
Windows Server 2003 R2
Windows Server 2003
5.2
Windows XP 5.1
Windows 2000 5.0

Windows build numbers.

Windows 7
Windows 2008 R2

7600
7601(SP1)

Windows Server 2008

6001
6002(SP2)

Windows Vista

6000
6001(SP1)
6002(SP2)

Windows 2003
Windows XP (x64)
3790
Windows XP 2600
Windows 2000 2195
Windows NT4 / NT4 TS 1381

image


There
is
an
exhaustive
list
here:
http://en.wikipedia.org/wiki/Windows_NT

Wednesday, November 30, 2011

Keyboard Shortcuts in a Remote Desktop Session

 

Key Combinations for Client Computer Equivalent Keys for Remote Desktop Session Description
ALT+TAB
ALT+PAGE UP

Switches between programs from left to right.

ALT+SHIFT+TAB
ALT+PAGE DOWN
Switches between programs from right to left.
ALT+ESC ALT+INSERT Cycles through the programs in the order they were started.
  CTRL+ESC

Switches the client between a window and full screen.

CTRL+ESC
ALT+HOME

Displays the Start menu.

  ALT+DELETE

Displays the Windows menu.

PRINT SCREEN
CTRL+ALT+MINUS (–) symbol on the numeric keypad

Places a snapshot of the active window in the Remote Desktop session on the clipboard.

CTRL+ALT+DEL
CTRL+ALT+END

Displays the Task Manager or Windows Security dialog box. (Only use CTRL+ALT+END to issue this command. CTRL+ALT+DEL is always interpreted by the client computer.)

ALT+PRINT SCREEN

CTRL+ALT+PLUS (+) symbol on the numeric keypad

Places a snapshot of the entire Remote Desktop session window on the clipboard.

This is from link: http://technet.microsoft.com/en-us/library/bb457106.aspx

Tuesday, November 29, 2011

Time Configuration for AD in Australia

 

The time configuration is very important for Active Directory. With just a few minutes deviation on the client to the server a client will no longer be able to authenticate to servers in the domain. This is why time should be based on a well known Internet time sources for Domain Controllers in the core data centres.

Domain Controllers outside primary data centres can receive time from the other DCs or a local NTP server. Each of these local DCs can then act a local time servers for clients and servers within that site.

Some of the key public NTP servers for Australia are listed below:

  • NSW ntp.nml.csiro.au Stratum two
  • NSW ntp.syd.connect.com.au Stratum two
  • NSW ntp1.tpg.com.au Stratum two
  • VIC ntp.mel.connect.com.au Stratum two
  • SA ntp.adelaide.edu.au Stratum two
  • VIC time.deakin.edu.au Stratum two
  • VIC time.esec.com.au Stratum two
  • SA ns.unisa.edu.au Stratum three
  • ACT ntp.can.connect.com.au Stratum three
  • QLD ntp.bri.connect.com.au Stratum three
  • SA ntp.ade.connect.com.au Stratum three
  • WA ntp.per.connect.com.au Stratum three

To explain the different types of time servers, they are listed below:

  1. Stratum 0: Atomic clocks (caesium, rubidium), GPS clocks or other radio clocks, these are not connected to the internet directly
  2. Stratum 1: Computers attached to stratum 0 devices. Normally they act as servers for timing requests from Stratum 2 servers via NTP
  3. Stratum 2: Computers that send NTP requests to Stratum 1 servers and communicate with peer stratum 2 computers for accuracy
  4. Stratum 3: Functionally the same as Stratus 2 serve as the next in a possible 256 tiers of time servers

Good luck and be on time.

Monday, November 28, 2011

User State Virtualisation (Roaming Profiles / Folder Redirection)

 

Folder Redirection provides a way to selectively synchronise parts of the user environment (Documents, etc). This is especially useful in a XenDesktop and XenApp environment to make the experience seamless.

This is so much better then the old profile (NTUser.dat and file) that had to be copied in XP and earlier. The disadvantage is that by default the user cannot use the redirected folders when disconnected. But you can setup the user to have a cached copy of redirected files and folders.

To Set up the Folder Redirections using GPO

  • Edit a Group Policy Object that is targeted to your users and navigate to User Configuration, Policies, Windows Settings, Folder Redirection, Documents

By default all folders that are redirected are automatically made available offline so that users can still access their files if when disconnected from the server. In Windows 7 the folder synchronisation is done in the background not on logon/logoff. Also Windows 7 has ‘Fast First Logon’ allows users to logon to their computer without having to wait for the folder to be moved first.

Prof redir1

  • In the advanced options you can select a different folder based on the users group membership. Think about this for load balancing or WAN issues.

prof redir2

  • Disable ‘Grant the user exclusive rights to Documents’. Because if an administrator needs to access these files they will need to ‘take ownership’ which removes the users’ permissions.
  • Also you can ‘Redirect the folder back to the local userprofile location when policy is removed’. Which means if a user is no longer affected by the GPO it will copy this back to the computer and can take minutes or hours depending on the size.

Repeat for any other redirected folders.

References

http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx

http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/

 

Friday, November 18, 2011

Virtual Domain Controllers

This is still coming up so lets just recap what you need to know.

Time synchronisation

Time in Active Directory is critical to everything, Domain Controllers, servers and clients. In Active Directory, Kerberos issues a ticket during login, this ticket is default valid for 8 hours, and prevents constant authentication on Domain Controllers, every time a user accesses resources. However, the encryption and security between the client and the domain controller issuing the ticket, requires an exchange of passwords and setup of a secure channel. To prevent anyone from being able to listen on the network and reuse the packets of authentication from the client from before, all packets include a timestamp. If the timestamp coming from the client is out by more than default 5 minutes from the Domain Controllers time, it will discard the packet as fake.

The ”Maximum tolerance for computer clock synchronisation” Group Policy can change this, but don't.

In a domain, all DC’s will automatically synchronise time with the Domain Controller that has the PDCe role running. The DC with the PDCe role should then be configured to use an external or internal NTP source. The time service on Domain Controllers is the time server for all clients in the domain that logon via that DC.

Windows Servers, will by default sync every 45 minutes until 3 successful sync’s, then every 8 hours.

So you have two choices:

  1. Configure NTP on the ESX hosts
  2. Install and configure VMware tools and configure it to synchronise time with the ESX hosts

or

  1. Ignore the time on VMware
  2. Disable VMWare tools time sync
  3. Enable NTP on ALL DCs (or the PDCe)
  4. Only use ONE or TWO common NTP servers for all DCs in the environment.

Dont “suspend” or “pausing” a Domain Controller

If the Domain Controller has been offline for too long, it will have objects on it that were supposed to have been deleted by the tombstoning process. If this happens the Domain Controller will stop replication with it’s partners. You will see an event in the logs with:

ID 2042, Source NTDS Replication, Description: It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

Instead of pause, shutdown any Domain Controllers. VMotion/Live Migration is OK as it is so quick.

Don't Snapshot a Domain Controller

If you revert to an old snapshot of a Domain Controller you break consistency in your Active Directory domain. Don't ever do it unless you want to cross the streams, you know, Cats and Dogs living together .

Friday, November 04, 2011

Looking to move from XXX for Virtualisation?

Interesting article: http://www.theregister.co.uk/2011/11/03/v_index_server_virtualization_q3_2011/ 
(I have cleaned up this it is not a direct quote)

Virtualisation market faces shake-up, By Timothy Prickett Morgan

Posted 3rd November 2011 21:41 GMT

This info comes from the latest V-Index survey from Veeam Software, a maker of add-on management tools for VMware's ESXi hypervisor, which is conducted on a quarterly basis in the US, UK, France, and Germany.

The survey only of large companies – those with 1,000 or more employees. About a third of the companies surveyed had more than 3,000 employees.

In the September V-Index, 86.5 per cent of the 578 organisations that participated in the poll had some sort of server virtualisation in their data centres. And across all enterprises, including those who did not have server virtualisation at all, an average of 38.9 per cent of servers were virtualised, and they had an average of 701 servers in their data centres.

Primary server virtualisation hypervisors, by vendor

The penetration of various hypervisors on x86-based servers depends on whether virtualisation is being used to run virtual desktop infrastructure (VDI) or more traditional server workloads.

On traditional server stuff

  • VMware with 67.6 per cent of those companies that have hypervisors ESX or ESXi is their primary hypervisor
  • XenServer 14.4 per cent going for
  • Hyper-V 16.4 per cent from Microsoft.
  • Others category, which accounted for a meagre 1.6 per cent.

When you shift to talk about hypervisors running on servers to specifically stream VDI desktops:

  • ESX 54.2 per cent
  • XenServer 24.9 per cent
  • Hyper-V by 20.3 per cent

Now here's the interesting bit: 38 per cent of companies using virtualisation for traditional workloads say they are planning to change their hypervisor next year (2012).

The cost of the current hypervisor platform was cited as the main reason for the jump by 58.9 per cent of the jumpers, with nearly half saying that they didn't like their current vendor's licensing model, and they did like the features offered with alternative suppliers or that the alternatives had matured enough that they could contemplate making a shift.

Thursday, November 03, 2011

W2K8 R2 Server Core Commands

 

Yes it has been out for ages, and yes everyone knows, but I am putting these all together as a reference. Enjoy or ignore. ;)

Rename computer

  • hostname
    • WIN-C6UDA2DS5FF2
  • netdom renamecomputer WIN-C6UDA2DS5FF2 /newname:HyperV1
  • shutdown /r

Join the domain

  • netdom join HyperV1 /domain:PebblyHill /userd:Administrator /passwordd:*
  • shutdown /r

IP Address details

  • ipconfig
    • Windows IP Configuration
    • Ethernet adapter Local Area Connection 1:
    • Connection-specific DNS Suffix  . : pebblyhill.com.au
    • Link-local IPv6 Address . . . . . : ae70::0d04:dea2:b323:4db5
    • IPv4 Address. . . . . . . . . . . : 192.168.0.20
    • Subnet Mask . . . . . . . . . . . : 255.255.255.0
    • Default Gateway . . . . . . . . . : 192.168.0.1

Allow ping and RDP through the firewall

  • netsh firewall set icmpsetting 8
    • Ok.
  • netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
    • Updated 1 rule(s).
    • Ok.
  • netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
    • Updated 16 rule(s).
    • Ok.

Or disable the firewall:

  • netsh firewall set opmode mode=disable

Enable remote desktop

  • cscript C:\windows\system32\scregedit.wsf /ar 0
    • Registry has been updated.

Install Hyper-V

  • start /w ocsetup Microsoft-Hyper-V
  • shutdown /r

If you did not join a domain, using GPOs for update settings and need to manually setup windows update the following commands are for you (This will use the default time of 3am to check for patches)

  • Cscript c:\windows\system32\scregedit.wsf /au 4
  • Net stop wuauserv
  • Net start wuauserv

Update right now

  • Wuauclt /detectnow

Check the update status

  • Cscript scregedit.wsf /AU /v

From here on in you can use the RSAT tools on a client to do the rest

Tuesday, November 01, 2011

SCVMM 2008 R2 converting VMware ESX Error (2912)

 

I have Windows Server 2008 R2 hosts running HyperV.  Using SCVMM 2008 R2 to migrate existing VMware ESX VM's. I copied the VMDK and VMX files to the SCVMM Library and then tried to do a V2V and get the following errors when trying to migrate a VMware VM:

“Error (2912)
An internal error has occurred trying to contact an agent on the MyServerName.DNS.com server.
(Unknown error (0x8004232c)).”

The conversion gets to 66% and fails on the task 1.3 “Make operating system virtualizable[sic]”

Turns out this stage is trying to START the VM to remove VMware tools and and install the Integration Services. But there was no NIC card selected so it fails.

Try again with a network card and voilĂ .

Friday, October 28, 2011

A hotfix rollup (build 4.0.3594.2) is available for Forefront Identity Manager 2010 (FIM2010)

Original link: http://support.microsoft.com/?id=2520954

This hotfix rollup package replaces the following hotfix rollup packages:
2502631  2417774  2272389  2028634  978864 

Fixed issues in Workflow Engine

  1. An error message: Cannot enlist in the transaction because a local transaction is in progress on the connection.
  2. The time stamp is the same as the time when the operation fails.

Fixed issues in Sync Engine

  1. Fixes an SQL query construction issue that occurs during an import. This issue affects a DB2 database that uses a non-Unicode character set.
  2. Fixes many "Export not reimported" errors that might occur because of errors in SQL.
  3. An ExpectedRulesEntry (ERE) object is associated to a child synchronisation rule of a Metaverse object. If the ERE object has a Remove action, deprovisioning of the object is also being triggered. which causes the deletion of the Metaverse object.
  4. Fixes an access violation when a custom extension calls a COM+ object.
  5. An earlier hotfix introduced a special Extensible Connectivity Management Agent (ECMA) mode to keep unconfirmed exports in escrow instead of awaiting confirmation. An issue with that hotfix causes delta sync to add new items that are not merged with an escrowed export into a pending export. After you install the hotfix that is mentioned in this article, if the ECMAAlwaysExportUnconfirmed registry entry is set to 1, the escrowed and pending changes are merged.
  6. Improves the performance of all Sync Engine operations.
  7. A password reset that uses the ADMAEnforcePasswordPolicy registry setting fails when the user is in the Administrator group but is not an administrator.

Fixed issues in Sets and Query

  1. Fixes an issue that would sometimes cause incorrect Set calculations. This resulted in lots of set corrections. Also revised the Sets Correction job so that it does not change special sets that are maintained by another system maintenance job.
  2. Revised the FIM "Query and Sets" features to treat underscores and precent signs as literals instead of as SQL wildcard characters.

Fixed issues in Certificate Management

  1. Enables the random number generator in the server key generation function.
  2. Improves the performance when enrolling a smartcard that has not previously been used with FIM Certificate Management (CM).

Fixed issues in FIM Management Agent (MA)

  1. Fixes an issue in which the FIM synchronisation service configuration for synchronisation rules and codeless provisioning was not correctly written to the FIM Service database.

Fixed issues in FIM Service

  1. Fixes an issue with SQL Server deadlocks that might occur during periods of high concurrency of requests or approvals.
  2. Fixes an issue in which unexpected data in the FIM Service database could result in the FIM MA causing the Synchronisation service to fail during import, and a stopped-server error occurred.
  3. Fixes an issue when you add or remove a value for a multivalued string attribute. If the request was subject to authorisation such as request reevaluation, the request would fail after approval.
  4. Some ExpectedRuleEntry objects and DetectedRuleEntry objects in FIM 2010 can become "orphaned" over time. When a DetectedRuleEntry object is not referenced in the DetectedRulesList of any object in the system, that object is determined to be orphaned. Similarly, when an ExpectedRuleEntry object is not referenced in the ExpectedRulesList of any object in the system, that object is also determined to be orphaned.

You still need KB979214 if you turned on the AD trashcan: http://davestechnology.blogspot.com/2011/07/w2k8-r2-ad-recycle-bin-and-fim.html

Turned on the Active Directory trash can only to find out the FIM (Forefront Identity Manager) has not stoped synchronising some objects? Well fear not, they are in sync, but to the trash folder!

Below shows an object that is in sync, but to the delete item. There is a hotfix for it that installs on the DC. KB979214 is the patch.

Monday, October 24, 2011

Single or dual CPU in VDI?

This is a really interesting article that shows in limited testing that additional CPUs for the client session will give a better overall performance to the VDI pool. Nice to see it tried and counter intuitive result that shows consuming more resource is better overall for the environment.

From this results, I can certainly say, an additional CPU will:

  • boost the streaming/boot up process
  • improve responsiveness and registration of virtual desktops
  • with an increased cost of the CPU hit on the hypervisor

So the takeaway will be:

  • If you are planning to go big with huge number of VMs lifecycling every day…
  • If you have large amount of working shifts which you may need to provision in advance…
  • If your cycling window need to be the shortest possible…

…in all those cases, an additional CPU will improve your cycling processes, reducing the registration gap of virtual desktops, with an additional cost of higher peak of host CPU utilisation, improving your infrastructure uptime.

Source: http://blogs.citrix.com/2011/10/23/will-2-vcpu-desktops-improve-your-uptime/

Friday, October 21, 2011

How to Optimise XenDesktop Machines

 

Original link:http://support.citrix.com/article/CTX125874 (Citrix Article)

The TargetOSOptimizer tool reconfigures various Windows functions to optimize the performance of the operating system for virtual desktops. Optimisation of the master VM is typically performed before the desktop catalogue is created.

Procedure

To optimise your master virtual machine, select the option to optimise the desktop when you install the Virtual Desktop Agent. This applies a predetermined set of optimisations specifically recommended for pooled and dedicated machines as part of the Virtual Desktop Agent installation process.

To apply additional optimizations to the master virtual machine at a later date, run the TargetOSOptimizer tool manually.

Optimisations are applied either through changes to the Windows registry or programmatically by disabling specific features. Some optimisations are only applicable to certain versions of Windows or, for physical machines, specific hardware such as particular network adapters.

A backup file named optimisations.reg is stored in the installation folder for the TargetOSOptimiser tool, typically located at C:\Program Files (x86)\Citrix\TargetOSOptimiser. Apply this file to the Windows registry to revert the most recent set of optimisations on the master virtual machine..

Specific Optimisations Performed by the Virtual Desktop Agent Installer

Disable Windows Autoupdate
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
WindowsUpdate\Auto Update]
"AUOptions"=dword:00000001
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Start"=dword:00000004

Disable Offline Files
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache]
"Enabled"=dword:00000000

Disable Disk Defragmentation BootOptimizeFunction
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction]
"Enable"="N"

Disable Background Layout Service
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
OptimalLayout]
"EnableAutoLayout"=dword:00000000

Disable System Restore
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001

Disable Last Access Time Stamp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisableLastAccessUpdate"=dword:00000001

Disable Hibernate
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
Various keys and values are set according to the version of Windows detected.

Disable CrashDump
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
"CrashDumpEnabled"=dword:00000000
"LogEvent"=dword:00000000
"SendAlert"=dword:00000000

Disable Indexing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cisvc]
"Start"=dword:00000004

Reduce Event Log File Size to 64 kB
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\
Application]
“MaxSize"=dword:00010000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\
Security]
"MaxSize"=dword:00010000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\
System]
"MaxSize"=dword:00010000

Reduce Internet Explorer Temporary File Cache
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CacheLimit"=dword:00000400 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Content]
"CacheLimit"=dword:00000400 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CacheLimit"=dword:00000400
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Content]
"CacheLimit"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\Cache\Paths]
"Paths"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\Cache\Paths\path1]
"CacheLimit"=dword:00000100
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\Cache\Paths\path2]
"CacheLimit"=dword:00000100
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\Cache\Paths\path3]
"CacheLimit"=dword:00000100
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\Cache\Paths\path4]
"CacheLimit"=dword:00000100

Disable Clear Page File at Shutdown
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000000

Disable Superfetch (Windows 7)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysMain]
"Start"=dword:00000004

Disable Windows Defender (Windows 7)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run]
"Windows Defender"=hex(2):00

Disable Windows Search (Windows 7)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSearch]
"Start"=dword:00000004

Disable Scheduled Disk Defragmentation (Windows 7) Programmatic optimisation.

Additional Optimisations Available When Running the Tool Manually

Disable Move to Recycle Bin (Windows XP)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\BitBucket]
“UseGlobalSettings"=dword:00000001
"NukeOnDelete"=dword:00000001

Disable Move to Recycle Bin (Windows 7)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRecycleFiles"=dword:00000001

Disable Machine Account Password Changes
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\
Parameters]
"DisablePasswordChange"=dword:00000001

Disable UDP Checksum Offload (Only When a Broadcom NIC Is Detected)
Programmatic optimisation.

Friday, October 14, 2011

Citrix Licence server and Repeaters

According to: support.citrix.com/proddocs/topic/licensing-119/lic-fs-accessing-firewall-c.html

Firewall Considerations

If there is a firewall between your product and the license server, you need to configure port numbers. This configuration process entails:

  • Open up the firewall ports. Open any ports on the firewall that you modified so that traffic can flow. For Windows Server 2008, the license server Version 11.5 or later configures the built-in firewall automatically.

This is not my experience and instead needed to do so manually. If you use default port numbers for use by Licensing components you will need to manually create IP/TCP port exceptions for the following:

  • TCP/27000 License server (Citrix apps, XenDesktop etc.)
  • TCP/7279 Vendor daemon (Repeaters)
  • TCP/8082 Console Web (optional).

Wednesday, October 12, 2011

Citrix Branch Repeater VPX setup

Default login and set an IP Address

Login: admin
Password: password

Give it an IP, DNS and Name:

set adapter apa -ip YourIPaddress -netmask 255.255.255.0 –gateway YourRouter
set dns-server YourDNSserver
set hostname YourVPXname

Display details:

show interface
show adapter

Set admin password and create a new Admin:

add user -name UserName –password Password -privilege admin
set user -name admin –password YourPassword -privilege admin

Restart and test:

restart

 

Then go to a web browser: https://YourIPaddress  to licence via a central license server going to the

“System Tools: Manage Licenses”

  • License Server Location: Remote.
  • Remote License Server Address: Enter the IP address of your license server.
  • Remote License Server Port: The default will work unless you chose a non-standard port for your license server
  • Model: match the selection to the BW limit in your license, that is “Citrix Branch Repeater V10” refers to a 10 mbps license.

NOTE: #

69520. Description: After adding licenses to a license server that previously had
none, any Branch Repeater VPX units will fail to notice the new licenses for
24 hours
.

Recommended action: Restarting Branch Repeater VPX will cause the new
licenses to be noticed immediately. Stopping the license server for at least
15 minutes and then starting it again will also work.

Tuesday, October 11, 2011

Windows 7– lost thumbnail view

This has been killing me, but I found the answer, sorry I can’t credit the original poster.

  1. Open Control Panel
  2. Choose Folder Options
  3. Click the Views tab
  4. Uncheck "Always show Icons, never thumbnails"
  5. Uncheck "Display file icon on thumbnails"
  6. Click Reset Folders button.

Thank goodness !

SSH to a Citrix Repeater (Linux or VPX)

You can SSH to it using putty etc but the user name/password, does not work  and you get “Access Denied”.

Ahh, the user name is ‘CLI’

Then it will ask for the real user name, such as:

login as : cli

login: admin

password: ShhhhSecret11

image

Hey Presto!

Monday, October 10, 2011

XenDesktop pools verse dedicated machines

Choosing pooled verses dedicate machines depends mainly on the access and control you want to grant the user of the virtual desktop.

Pooled – good for task workers

  1. Pooled machines provide desktops that are allocated to users on a per-session, first-come first-served basis. For pooled-static machines, users are assigned a specific machine from the pool when they first log on to XenDesktop. Users are connected to the same machines for all subsequent sessions. This allows users of pooled-static machines to be associated with specific VMs, which is a licensing requirement for some applications.
  2. Pooled-random machines are arbitrarily assigned to users at each logon and returned to the pool when they log off. Machines returned to the pool are available for other users to connect to.

Pooled desktops are freshly created from the master VM when users log on via the provisioning server.

Any changes that users make to their desktops are stored for the duration of the session, but are discarded when users log off. Of course you can use profile manager to help with this and store the user details.

This solution maintains a manually created single master VM in the data centre dramatically reduces the time and effort required to update and upgrade users' desktops. This allows you to periodically replace this master for patches etc.

Dedicated – good for power users and administrators

  1. Dedicated machines provide desktops that are assigned to individual users. Machines can be assigned manually or automatically assigned to the first user to connect to them. Whenever users request a desktop, they are always connected to the same machine, so you can allow users to personalise their desktops to suit their needs.

Dedicated desktops are pre-created from the master VM via the snap-shot and the first time that users log on, they are assigned this machine. Several users can access the same machine (at different times).

Maintains an automatically created snap-shot of the catalogue master VM. But as for changes, the user has to look after the computer or you re-mint them a new image as needed.

Sources: http://support.citrix.com/proddocs/topic/xendesktop-rho/cds-choose-scheme-type-rho.html

Wednesday, October 05, 2011

Removing Licences from the Citrix Licence server

This is handy if you are using the Desktop Controller that lets you add licences such as the Repeater VPX but does not allow you to delete them. You can see them in the web console but not delete them.

You can manually delete license files that are no longer in use from their Windows directory and restart the service.

The license files are stored in:

  • C:\Program Files (x86)\Citrix\Licensing\MyFiles
  • Stop the Citrix Licensing services
  • Delete the old license files
  • Restart the Citrix Licensing Services

image

XenDesktop 5.5 and vSphere 5

Yes it is (almost) fully supported. Including the Virtual Distributed Switch (vDswitch). However you do need to upgrade the Provisioning Server (PVS) to v6 to support it as 5.6 fails if vDwitches are used.

If you are using the Machine Creation Service (MCS) then you don't need to do anything. However if you upgrade VMWare tools, you need to re-install the Citrix Virtual Desktop Agent VDA.

There is a short whitepaper here: http://support.citrix.com/article/CTX130681

We will be upgrading today.

Additional Information Sources:

http://blogs.citrix.com/author/johnfa

http://blogs.citrix.com/author/richm

Thursday, September 29, 2011

XenApp 6.5 reboot schedule

Man, it used to be a tick in a box, but now it is a policy but can still be done. Here is how:

XenApp 6.5

Create the Worker Group

  • Right-click Worker Groups and select Create Worker Group.
  • In the Name field, type: Weekly Reboot
  • Click Add, and select the servers

Create the Citrix Policies

Launch the Delivery Services Console.
Click Policies, Computer, New, In the Name field, type: Weekly Reboot

In the Search All Settings field, type: reboot.

Scroll to:

  • Reboot Logon Disable Time and click Add.
  • Reboot Schedule Frequency and click Add.
  • Reboot Schedule Start Date and click Add.
  • Reboot Schedule Time and click Add.
  • Scheduled Reboots and click Add.
  • Click Enabled and then OK.

Click Add for Worker Group.

Click Add and type: Weekly Reboot

Save. Repeat the steps above for each additional Worker Group.

From a command prompt on one of the XenApp servers, type: gpupdate /force. Or just wait until the allocated time.

image

 

Source: http://support.citrix.com/article/CTX126043

XenDesktop on Hyper V–HostingUnitService error

 

Either using quick XenDesktop 5/55 deployment wizard or the standard desktop deployment you get this error:

 
"The environment for this connection type is incorrect. If connection type is SCVMM, SCVMM Admin console need to be installed on the same machine as the HostingUnitService is installed on.”

image

According to Citrix this means you need the SDK for SCVMM.

According to Microsoft the SDK for SCVMM is the PowerShell CMDlets. So to get the PowershellCMDlets install the SCVMM Administrator Console on the Desktop Delivery Controller computer.

Dispute a HostingUnitService sounding like a VMhost…

Wednesday, September 28, 2011

Issue licencing the Citrix Branch Repeater VPX?

Citrix are officially crap with the way they licence their software and always have been, but if you have used Citrix ever you know that but today they add another crap feather to that cap.

If you have a licence server it has a name, lets call it a hostname, that is what Citrix call it to and for a XenDesktop and XenApp licence that is what it is, but for the Branch Repeater the hostname is actually a FLEXnet Host ID that you get from a utility they provide not the hostname that they ask for.

image

So instead of the hostname go to the licence server, open a command windows as Administrator, go to C:\program file (x86)\Citrix\Licensing\LS and run “lmutil lmhostid”. The output number is what you need for the Citrix licence website.

image

IMPORTANT: In Branch Repeater VPX software release 5.6, only Express, Eval, NFR and IOUL licenses can
be installed locally. Use a remote / network Citrix license server for Production (RETAIL) licenses.

If you are using a firewall the License Server default ports are more then just 27000:

  • 27000 - Used by XenApp servers to communicate with the License Server
  • 8082 - The License Management Console (LMC) uses this port to communicate with the License Server
  • 7279 - Static port for the Citrix vendor daemon

OR disable the firewall if you don't love security.

Citrix do have an article on this: http://support.citrix.com/article/CTX128875

Tuesday, September 27, 2011

WAN with a latency?

 

There is a simple and free WAN simulator that Tara consulting have open sourced. This is how to use it for a quick and dirty 300ms delay simulation (in my case simulating India to the UK).

Software home page: http://wanem.sourceforge.net/

Link to download the virtual appliance: http://wanem.sourceforge.net/vma-server.html (or look for the v2.3 ISO)

The setup guide: http://downloads.sourceforge.net/project/wanem/Documents/WANemv11-Setup-Guide.pdf

Windows route change:
route add DestinationIPaddress mask 255.255.255.255 WanEmIPAddress

Linux route change:
route add –host DestinationIPaddress netmask 0.0.0.0 gw WanEmIPAddress

Ping the DestinationIPaddress and the response should be higher then the latency that you have configured.

Friday, September 23, 2011

Catalogues in XenDesktop v5.5 hide some details

 

So if you are trying to find what the original source VM for that catalogue in XenDesktop was, you can but it is ugly?

Get-ProvTask

Star looking, you can find your pool name and then the machine names, and hey presto, the MasterImage is right there:


TaskId                             : 4864f7c5-5fb7-46fc-bc05-eb6712bd051c
Active                             : False
Host                               : SYDVDI01
DateStarted                        : 18/07/2011 1:25:25 PM
Type                               : NewVirtualMachine
Metadata                           : {Citrix_DesktopStudio_DesktopCatalogId = 5, Citrix_DesktopStudio_ImagesToCopyCount
                                      = 1, Citrix_DesktopStudio_StartTime = 634465917882529544, Citrix_DesktopStudio_Ta
                                     skGroupId = c0e304b0-d5a7-41f3-8112-52eca1616465...}
WorkflowStatus                     : Completed
MasterImage                        : XDHyp:\HostingUnits\Sydney VDI\vid-7-soe-xxx.vm\Citrix_XD_xxx.snapshot
ProvisioningSchemeName             : xxx hey VDI
ProvisioningSchemeUid              : ac4a2cc8-6b19-496c-8f0d-f0cfb7c58b36
TaskState                          : Finished
TaskStateInformation               :
HostingUnitUid                     : db5fad7c-d053-47a3-85d2-f0bd8bcb715b
HostingUnitName                    : Sydney VDI
IdentityPoolUid                    : 80859e24-15b2-49dd-97b6-59738b0eb7d3
IdentityPoolName                   : POOL NAME
VirtualMachinesToCreateCount       : 5
VirtualMachinesCreatedCount        : 5
VirtualMachinesCreationFailedCount : 0
CreatedVirtualMachines             : {VDIexx004, VDIexx001, VDIePassxx003, VDIexx002...}
FailedVirtualMachines              : {}
ProvisioningJob                    : 098e166a-2ed4-45a6-808f-a02d8415ab34
ProvisioningStatus                 : Completed

XenDesktop MCS updating master


If you are using the Machine Creation Services (MCS) to created dedicated images, this does not really matter, but if you update the master and want to mint more VMs in the same catalogue (without affecting the current). This is how it works.

The MCS in XenDesktop 5.5 is pointed to a master image when a Catalogue is created. You can be pooled or dedicated:

  • Dedicated virtual desktops retain all changes, software installations, local data, in a local difference disk.
  • Pooled Catalogue virtual desktops do not retain changes, the difference disk is reset upon reboot.

When using pooled desktops, the base image can be updated allowing changes from the master disk to be replicated to the deployed VMs, providing for centralised patch and application management. Each deployed image, whether pooled or dedicated, will also contain an identity disk.

Master Image - Once a master image is identified (when the catalogue is created), a private-use clone of the VMDK is created for use by all the catalogue machines.

This cloned disk is separate from the Master Image VM, allowing that VM to be updated or deleted with no impact on the deployed virtual desktops.

This master image clone is copied to each VMware Data-store automatically.

Each catalogue is linked to its own master image clone. If multiple catalogues are defined, then multiple master clones will be generated.

A master image can be changed to a different disk using the following command in PowerShell: Publish-ProvMasterVmImage. This will only impact new machines created in the catalogue, not existing machines already generated.

I hope this helps explain the disks under the covers.

image

Sources:
http://forums.citrix.com/thread.jspa?messageID=1534982
http://www.thegenerationv.com/2011/03/xendesktop-5-deep-dive-machine-creation.html

Need to change the XenDesktop network?

 

When you install XenDesktop the installer asks you the default network during the installation, and does not let you change it in the GUI, but like everything it can be done via PowerShell:

Here is the offending entry below.

image

So, open powershell as administrator

Add the Citrix snapins

Asnp Citrix.*

You can see all the options with.

Get-Command –Module Citrix.*

But this is what we run to get out

get-item -path XDHyp:\HostingUnits\*

PSPath                 : Citrix.Host.Admin.V1\Citrix.Hypervisor::XDHyp:\hostingunits\VDIhost
PSParentPath           : Citrix.Host.Admin.V1\Citrix.Hypervisor::XDHyp:\hostingunits
PSChildName            : VDIhost
PSDrive                : XDHyp
PSProvider             : Citrix.Host.Admin.V1\Citrix.Hypervisor
PSIsContainer          : True
HostingUnitUid         : e1bd6ca2-a30b-40b1-8200-518e262da208
HostingUnitName        : VDIhost
HypervisorConnection   : MelbVDI
RootPath               : XDHyp:\Connections\MelbVDIm.d\M C P.cluster\VDI.res
                         ourcepool
RootId                 : resgroup-6718
NetworkPath            : XDHyp:\Connections\MelbVDI\m.d\M C P.cluster\VDI.res
                         ourcepool\VM Network.network
NetworkId              : Network:network-82
Storage                : {XDHyp:\Connections\MelbVDI\Melbourne.datacenter\M C P.cluster\VDI.re
                         sourcepool\MEL-T3-VMDK01.storage, XDHyp:\Connections\MelbVDI\m.d\M C P.cluster\VDI.resourcepool\MEL-T3-VMDK02.storage}
VMTaggingEnabled       : True
UseLocalStorageCaching : False
Metadata               : {}

Now you know your hosting unit name and the format for the network connection format for the VMware network name look at Virtual Centre.

image

Then set it using the new details


set-item xdhyp:\hostingunits\vdihost -networkpath "XDHyp:\Connections\MelbVDI\m.d\M C P.cluster\VDI.resourcepool\VDI restricted network.network"

Refresh the Desktop controller and voilĂ 

image

References:

http://support.citrix.com/article/CTX128057

http://fourteenninetyfour.blogspot.com/2011/06/to-change-network-interfaces-on.html

Wednesday, September 21, 2011

Size does matter to Active Directory

I am working on a 200,000 user AD (large by Australian standards, about 10GB) and it got me thinking of limits and scale.

Domains and Domain controllers

  • There is a limit of 1,200 domain controllers due to SYSVOL FRS limits. This can be removed by moving to DFSr replication
  • Each domain controller in an Active Directory forest can create 2.15 billion objects during its lifetime
  • There is a limit of approximately 1 billion security identifiers (SIDs) over the life of a domain
  • OU names are limited to 64 characters
  • There is no limit to the depth of the OU structure
  • There is no limit to the number of users or other objects per OU
  • The maximum number of domains in a forest is 1200

Users and Groups

  • Display names are limited to 256 characters
  • Common names are limited to 64 characters
  • The SAM-Account-Name attribute (pre–Windows 2000 user logon name) is 256 characters in the schema. However, for backward compatibility the limit is 20 characters
  • Users, groups, and computer accounts can be members of a maximum of approximately 1,015 groups
  • Groups can have millions of members, and Microsoft scalability testing reached 500 million members. Use W2K8 mode.
  • The maximum recommended size for a Kerberos ticket is 65,535 bytes and when you get large tokens (think SIDHistory) this can cause issues with Sharepoint/IIS authentication.
  • A limit of 999 Group Policy objects (GPOs) that you can apply to a user account or computer account

Naming and locating

  • Fully qualified domain names (FQDNs) in Active Directory cannot exceed 64 characters in total length, including hyphens and periods (.) Longer DNS names are available BUT not valid in AD as resources
  • NetBIOS computer and domain names are limited to 15 characters.
  • Domain Name System (DNS) host names are limited to 24 characters.
  • LDAP bind operations limit the distinguished name (also known as DN) of the user to 255 total characters
  • Kerberos clients can traverse a maximum of 10 trust links to locate a requested resource in another domain. more than this and the attempt to access the resource fails

 

Sources: Primarily http://technet.microsoft.com/en-us/library/active-directory-maximum-limits-scalability%28WS.10%29.aspx

And other places…

Thursday, September 15, 2011

Removing VMware Storage from XenDesktop 5.5

 

Have you added but need to remove storage from XD55? Well there are instructions but they are a little obtuse? Here is how I did it. I have underlined the key parts.

http://support.citrix.com/static/kc/CTX127254/help/Remove-HypHostingUnitStorage.htm

 

PS C:\> get-item -path XDHyp:\HostingUnits\*


PSPath                 : Citrix.Host.Admin.V1\Citrix.Hypervisor::XDHyp:\HostingUnits\VDIhost
PSParentPath           : Citrix.Host.Admin.V1\Citrix.Hypervisor::XDHyp:\HostingUnits
PSChildName            : VDIhost
PSDrive                : XDHyp
PSProvider             : Citrix.Host.Admin.V1\Citrix.Hypervisor
PSIsContainer          : True
HostingUnitUid         : e1bd6ca2-a30b-40b1-8200-518e262da208
HostingUnitName        : VDIhost
HypervisorConnection   : MelbVDI
RootPath               : XDHyp:\Connections\MelbVDI\M.datacenter\M C P.cluster\VDI.resourcepool
RootId                 : resgroup-6718
NetworkPath            : XDHyp:\Connections\MelbVDI\M.datacenter\M C P.cluster\VDI.resourcepool\VM Network.network
NetworkId              : Network:network-82
Storage                : {XDHyp:\Connections\MelbVDI\M.datacenter\M C p.cluster\VDI.resourcepool\melsan01:melvmdk06.storage, XDHyp:\Connections\MelbVDI\Melbourne.datacenter\M C P.cluster\VDI.resourcepool\melsan01:melvmdk07.storage, XDHyp:\Connections\MelbVDI\M.datacenter\M C P.cluster\VDI.resourcepool\MEL-T3-VMDK01.storage}
VMTaggingEnabled       : True
UseLocalStorageCaching : False
Metadata               : {}

PS C:\> remove-hyphostingunitstorage -literalpath xdhyp:\hostingunits\vdihost -StoragePath XDHyp:\"Connections\MelbVDI\M.datacenter\M C P.cluster\VDI.resourcepool\melsan01:melvmdk06.storage"

HostingUnitUid         : e1bd6ca2-a30b-40b1-8200-518e262da208
HostingUnitName        : VDIhost
HypervisorConnection   : MelbVDI
RootPath               : /M.datacenter/M C P.cluster/VDI.resourcepool
RootId                 : resgroup-6718
NetworkPath            : /M.datacenter/M C P.cluster/VDI.resourcepool/VM Network.netwo
                         rk
NetworkId              : Network:network-82
Storage                : {/M.datacenter/M C P.cluster/VDI.resourcepool/melsan01:melvmd
                         k07.storage, /M.datacenter/M C P.cluster/VDI.resourcepool/MEL
                         -T3-VMDK01.storage, /M.datacenter/M C P.cluster/VDI.resourcep
                         ool/MEL-T3-VMDK02.storage}
VMTaggingEnabled       : True
UseLocalStorageCaching : False
Metadata               : {}

Quick refresh in Citrix Desktop Studio and you will see they are gone. 

Wednesday, September 14, 2011

Citrix Client version from a VBS

 

Dim WshShell, objFSO, strOCXLocation, strICAVersion

Set WshShell = WScript.CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
strOCXLocation = WshShell.RegRead("HKCR\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32\")
strICAVersion = objFSO.GetFileVersion(strOCXLocation)
Wscript.echo strICAVersion

 

Enough said.

 

Original article: http://support.citrix.com/article/CTX229784

Need to run an Oracle server in a VDI session?

 

Why, is a different questions, but if you do you will know about the listener.ora and the tnsnames.ora files that both reference the local computer name. You cant just set them to localhost.

But you can via a local GPO, startup script check them, replace them with some pre-formatted files and then pop in the local computer name and restart Oracle. Here is the VBS to do it.

PS: Yes I could use functions and subs but I didn’t so don't be a punisher. Long live the VBS batch file!

 

' Get domain, host name

Set WshNetwork = WScript.CreateObject("WScript.Network")

'WScript.Echo "Computer Name = " & WshNetwork.ComputerName

' "User Name = " & WshNetwork.UserName & vbCrLf & "Domain = " & WshNetwork.UserDomain

CompName=WshNetwork.ComputerName

DomName=WshNetwork.UserDomain

' WScript.Echo DomName &"\"& CompName

' check to see if the computer name is right

Const ForReading = 1

Set objRegEx = CreateObject("VBScript.RegExp")

objRegEx.Pattern = CompName

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.OpenTextFile("D:\oraclexe\app\oracle\product\10.2.0\server\NETWORK\ADMIN\tnsnames.ora", ForReading)

Do Until objFile.AtEndOfStream

strSearchString = objFile.ReadLine

Set colMatches = objRegEx.Execute(strSearchString)

If colMatches.Count > 0 Then

For Each strMatch in colMatches

' Wscript.Echo "found computer name: " &strSearchString & " Quiting."

' FTW quit.

Wscript.quit

Next

End If

Loop

objFile.Close

' Plan b

wscript.echo "put the files in place to update"

Set filesys=CreateObject("Scripting.FileSystemObject")

FolderLocation="D:\oraclexe\app\oracle\product\10.2.0\server\NETWORK\ADMIN\"

'wscript.echo FolderLocation & "*.prepped", FolderLocation & "*.ora"

filesys.CopyFile FolderLocation & "tnsnames.prepped", FolderLocation & "tnsnames.ora", true

filesys.CopyFile FolderLocation & "listener.prepped", FolderLocation & "listener.ora", true

set filesys=Nothing

'Stop Service

'wscript.echo "stoping"

strServiceName = "OracleServiceXE"

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

Set colListOfServices = objWMIService.ExecQuery("Select * from Win32_Service Where Name ='" & strServiceName & "'")

For Each objService in colListOfServices

objService.StopService()

Next

strServiceName = "OracleXETNSListener"

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

Set colListOfServices = objWMIService.ExecQuery("Select * from Win32_Service Where Name ='" & strServiceName & "'")

For Each objService in colListOfServices

objService.StopService()

Next

wscript.sleep 5000

' Update the text files with the computer name

Const ForWriting = 2

FileLocation1="D:\oraclexe\app\oracle\product\10.2.0\server\NETWORK\ADMIN\tnsnames.ora"

OldText="<servername>"

NewText=CompName

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.OpenTextFile(FileLocation1, ForReading)

strText = objFile.ReadAll

objFile.Close

strNewText = Replace(strText, OldText, NewText)

Set objFile = objFSO.OpenTextFile(FileLocation1, ForWriting)

objFile.WriteLine strNewText

objFile.Close

FileLocation2="D:\oraclexe\app\oracle\product\10.2.0\server\NETWORK\ADMIN\listener.ora"

'wscript.echo "changing" & Filelocation1 & Filelocation2 & "to " & NewText

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.OpenTextFile(FileLocation2, ForReading)

strText = objFile.ReadAll

objFile.Close

strNewText = Replace(strText, OldText, NewText)

Set objFile = objFSO.OpenTextFile(FileLocation2, ForWriting)

objFile.WriteLine strNewText

objFile.Close

' wait for the services to finish stoping from above

wscript.sleep 10000

' start them and done.

'Start Service

strServiceName = "OracleXETNSListener"

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

Set colListOfServices = objWMIService.ExecQuery ("Select * from Win32_Service Where Name ='" & strServiceName & "'")

For Each objService in colListOfServices

objService.StartService()

Next

'Start Service

'wscript.echo "starting"

strServiceName = "OracleServiceXE"

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

Set colListOfServices = objWMIService.ExecQuery ("Select * from Win32_Service Where Name ='" & strServiceName & "'")

For Each objService in colListOfServices

objService.StartService()

Next

wscript.quit

Thursday, September 08, 2011

Linux Citrix Client v11

 

Go to Citrix.com, Downloads, over on the right choose the Citrix Receiver (you need to go this way as Linux is not a client if you go via standard downloads).

Download the client

GUNzip the .gz: tar xfvz linuxx86-11.xxx.tar.gz

UnTAR the tar: tar xfvz linuxx86-11.xxx.tar

Change to the folder created

Execute the install script: sudo ./setupwfc

Accept the default options

 

If you need it motif?:

sudo apt-get install libmotif4

 

If you need funky certificate support:

If you have Firefox already installed you can grab them.

sudo cp /usr/share/ca-certificates/mozilla/* /usr/lib/ICAClient/keystore/cacerts/

Wednesday, September 07, 2011

Is there a Command-Line Operation to change Windows 7 theme?

 

Is there a way to change themes from the command-line, without showing the "Personalization" window? The command I use right now is

Code for Classic:

rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"C:\Windows\Resources\Ease of Access Themes\classic.theme"


or if you want the search bar, code for Basic:



rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"C:\Windows\Resources\Ease of Access Themes\basic.theme"


But this makes the "Personalisation" window pop up before changing the theme. There is a VBS that can open, then kill this window.



Set WshShell = WScript.CreateObject("WScript.Shell")



WshShell.Run "rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:""C:\Windows\Resources\Ease of Access Themes\basic.theme"""



Wscript.Sleep 10000

WshShell.AppActivate("Desktop Properties")


WshShell.Sendkeys "%FC"


WshShell.Sendkeys "{F4}"



Or do this via the GPO:



image





Original article: http://www.sevenforums.com/themes-styles/93397-there-silent-command-line-operation-change-theme.html

Two or more local drives in XenDesktop with the MCS

 

Having used the Machine Creation Service it has a nasty habit of throwing away any additional drives you may have added to the source template VM for the VDI deployment. Take a look at the following examples…

1. A standard user with a simple, single drive and partition all looks good the original drive is maintained and a small 16MB personality disk is added by the MCS to track computer names etc.

image

2. But if you assign a second drive, or any other drives, apart from the first disk the MCS discards this and the new VDI computer does not have any other drives apart form the C: and the personality disk (which BTW has no drive letter assigned).

image

3. But if you want two or more disks, assign the extra space, using Windows 7 it will see the space and allow you to use it directly and create a new partition. Windows XP can two but if you want to expand the disk (within just c: – which is not what we are talking about here) you need a W7 boot disk to easily do this.

image

Monday, September 05, 2011

XenDesktop 5 and Windows 7 Default Profile

First, Create the base image, and base application installs.

Second, configure the applications, Desktop, Start menu and any other settings you want every new user to get.

Third, Create a new Local Administrator user account. Note that step two HAS to be done with a LOCAL user. Once everything is set the way you want, login with the new user account. Browse to C:\Users\ Rename "Default" to "Default-OLD" or whatever makes sense to you. Then make a copy of the first Administrator's account folder. Once it has successfully copied Rename it to "Default".

Fourth, Run Sysprep… Yeah I know it is a pain, but so far this is the only way to really make this work every time. To run sysprep logout of the Second Administrator's account and back in to the First. Disable the Second Admin account, and Delete the Users Profile. Now browse to c:\windows\system32\sysprep\ Run sysprep leaving all defaults.

Fifth, Run back through the Windows 7 Setup wizard and you are all set, don't forget to join it to the domain.

Now all you have to do is run the update wizard within XenDesktop 5.

Thanks for reading, Lawrence

Original: http://blog.ntcrash.biz/2011/04/29/xendesktop-5-and-windows-7-default-profile/

Friday, September 02, 2011

Removing the DigiNotar certificates

 

Due to the confusion, lack of transparency, and the potential risk from some 200+ root level domains having had fresh fraudulent certificates created I have gone through and removed DigiNotar from Firefox and Windows whenever I can. This is how.

You will see in IE you cant just delete it like in Firefox, see below

Diginotar Remove from IE

But you can open the MMC, open the Certificate management console, open the local machine and delete it here.

Windows delete diginota

In Firefox it is straight forward.

Firefox delete diginotar

Tuesday, August 30, 2011

Citrix XenDesktop changing from Eval to prod licence

 

Maybe everyone else knows about this, but I wanted to change from the 30 day XenDesktop Express edition licence to the production licence. And Citrix have made it really easy, if you notice that little button up the top right.

Sweet.

Licence change

EdgeSight Error: 'Service Unavailable'

 

EdgeSight Error: 'Service Unavailable' after reboot from initial installation (CTX126899)


When attempting to access the EdgeSight console

Not: If you attempt to stop and restart the rsshadmin and rsshapp services, an incorrect logon message appears and the service fails to start.

True: In the IIS management console, the EdgeSight Application Pool might be in a stopped state.. The Application Pool starts successfully but reverts to a stopped state after a few seconds.

Resolution
Tried this: Re-type the logon credentials for the rsshasdmin and rsshapp services.
Tried this: Re-type the logon credentials used for the EdgeSight Application Pool identity.
Tried this: Add the EdgeSight Application Pool identity logon account to the EdgeSight server local IIS_IUSRS group.
Tried this: Restart the EdgeSight server.

Turned out the service account was blocked via a GPO from ‘logon as a batch job’. Once the policy was updated and replayed it worked fine.

This is the event viewer that found the problem.

image

Friday, August 26, 2011

XenDesktop 5 unable to connect to vSphere

 

  • The error when connecting:

New-Item -Path 'xdhyp:\connections' -Name 'Melbourne VDI' -HypervisorAddress @('https://youFWDN/sdk') -ConnectionType 'VCenter' -Username 'vdiadmin' -Password '********' -AdminAddress 'localhost'

New-Item : The hypervisor was not contactable at the supplied address.
    + CategoryInfo : InvalidOperation: (:) [New-Item], InvalidOperationException
    + FullyQualifiedErrorId : Citrix.XDPowerShell.HostStatus.HypervisorNotContactable,Microsoft.PowerShell.Commands.NewItemCommand

New-Item : The hypervisor was not contactable at the supplied address.
    + CategoryInfo : InvalidOperation: (:) [New-Item], InvalidOperationException
    + FullyQualifiedErrorId : Citrix.XDPowerShell.HostStatus.HypervisorNotContactable,Microsoft.PowerShell.Commands.NewItemCommand

  • If you open IE and try and connect to:

'https://youFWDN/sdk' – You get a certificate error.

You try an follow the instructions but are missing some details on the ‘local computer’ option. From: http://forums.citrix.com/thread.jspa?threadID=278523

“Open Internet Explorer and enter the address of the vSphere server as https://FQDN of the vSphere server
Accept the security warnings.
Click the Certificate Error in the Security Status bar and select View certificates.
Click Install certificate, and then click Next.
Select Place all certificates in the following store, and then click Browse.
Select the Show physical stores check box. (at the bottom of the dialog)
Expand Trusted People and select Local Computer.
Click OK, and then click Finish.”

  • But you don't see the ‘Local Computer”

image

  • The solution is you are on a W2k8 R2 server so run IE as Administrator and you can then add the cert to the Trusted People, Local Computer.

Solved !

  • Restart IE, go to the URL, no error then go back to XenDesktop.

Thursday, August 25, 2011

XenDesktop Delivery Controller and vSphere 4.1 (certs issue)

 

XenDesktop Delivery Controller and vSphere 4.1

vCenter HTTPS Access

  1. On the vCenter server browse to Program Files (x86)\VMware\Infrastrutuce\VIUpdate 4.0\SSL  (W2K8r2) and copy the rui.crt to your XenDesktop DDC(s) (and provisioning server if used)
  2. Open an MMC and the Certificates snap-in to manage Certificates for the Computer Account on the XenDesktop DDC/PS(s)
  3. Expand Certificates > Trusted Root Certificates > Certificates and import the trusted root certificate for the SSL certificate copied from the vCenter server in step 1. 
    1. Also import the certificate to the Trusted People Store.
  4. Create a host file entry or DNS entry for vmware pointing to your vCenter server
  5. In the Hosting Infrastructure section when creating a desktop group on the XenDesktop DDC (or PS) when the running the XenDesktop Setup Wizard, select VMware Virtualization for the Hosting Infrastructure and enter https://youvmwareserver/sdk for the Virtual Center address.

 

 

Updated and based on this: http://jariangibson.com/2009/10/13/using-xendesktop-with-vmware/

Friday, August 19, 2011

Copy XenServer to USB for installation

 

I used XenServer version 5.6.

  1. Format USB key with Fat32
  2. Ubuntu comes with “syslinux” (or download it from source) http://syslinux.zytor.com/wiki/index.php/Download
  3. Type mount to see where the USB is mounted
  4. Run ‘syslinux.exe /mnt/somewhere ‘ replacing with the mount point of the USB
  5. Copy the contents of the extracted “XenServer-5.X.X-install-cd” folder to the root of the USB
  6. On the USB drive, copy the contents of the /boot/isolinux folder to the root of the USB
  7. On the root of USB drive, rename the ‘isolinux.cfg’ file to ‘syslinux.cfg’
  8. On the root of USB drive, rename the ‘isolinux.bin’ file to ‘syslinux.bin’
  9. If you get an “mboot.c32: not a COM32R image” error, (version 4.x of syslinux) copy the mboot.c32 from your downloaded copy of syslinux to the root of your USB drive

Monday, August 01, 2011

BPOS has lost the licences

 

Yesterday there were 3000, today 50… Lets wait and see.

image

Wednesday, July 27, 2011

W2K8 R2, AD Recycle bin and FIM

 

Turned on the Active Directory only to find out the FIM (Forefront Identity Manager) has not stoped synchronising some objects? Well fear not, they are in sync, but to the trash folder!

Below shows an object that is in sync, but to the delete item. There is a hotfix for it that installs on the DC. KB979214 is the patch.

clip_image001

Here is the KB article:

Consider the following scenario:

You enable the Active Directory Recycle Bin feature in a Windows Server 2008 R2-based domain.
You delete an object from Active Directory Domain Services (AD DS). For example, assume that you delete a user account.
You modify an object that has a relationship to the recently deleted object.
You perform an Active Directory directory synchronization (DirSync) control search to poll for the Active Directory changes in this domain.

In this scenario, the DirSync control search does not return the deactivated linked attributes from the modified object. Therefore, you cannot replicate these changes back to another database if you try to synchronize Active Directory Domain Services (AD DS) and another database.

For example, assume that you delete a user account that has the "testuser" name, and assume that this user account is a member of a group that has the "testgroup" name. Then, assume that you verify that the "testgroup" group does not include the "testuser" user account in the Active Directory Users and Computers window. In this scenario, a DirSync control search that polls for the Active Directory changes and for the request deactivated links cannot detect that the "testuser" account is joined to the "testgroup" group as an inactive member. Additionally, the "testgroup" group in another database does not include the user account "testuser" if you use the returned results from the DirSync control to synchronize Active Directory Domain Services (AD DS) and another database.

CAUSE
The Active Directory directory synchronization (DirSync) API functions do not identify the deactivated linked attributes correctly. This behavior causes the deactivated links not to be returned in the DirSync control search.

RESOLUTION
Hotfix information
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

For all supported x64-based versions of Windows Server 2008 R2
File name    File version    File size    Date    Time    Platform
Ntdsa.mof    Not applicable    227,765    10-Jun-2009    20:34    N/A
Ntdsai.dll    6.1.7600.20621    2,721,280    19-Jan-2010    10:29    x64

Blog Archive