Thursday, September 29, 2011

XenApp 6.5 reboot schedule

Man, it used to be a tick in a box, but now it is a policy but can still be done. Here is how:

XenApp 6.5

Create the Worker Group

  • Right-click Worker Groups and select Create Worker Group.
  • In the Name field, type: Weekly Reboot
  • Click Add, and select the servers

Create the Citrix Policies

Launch the Delivery Services Console.
Click Policies, Computer, New, In the Name field, type: Weekly Reboot

In the Search All Settings field, type: reboot.

Scroll to:

  • Reboot Logon Disable Time and click Add.
  • Reboot Schedule Frequency and click Add.
  • Reboot Schedule Start Date and click Add.
  • Reboot Schedule Time and click Add.
  • Scheduled Reboots and click Add.
  • Click Enabled and then OK.

Click Add for Worker Group.

Click Add and type: Weekly Reboot

Save. Repeat the steps above for each additional Worker Group.

From a command prompt on one of the XenApp servers, type: gpupdate /force. Or just wait until the allocated time.

image

 

Source: http://support.citrix.com/article/CTX126043

XenDesktop on Hyper V–HostingUnitService error

 

Either using quick XenDesktop 5/55 deployment wizard or the standard desktop deployment you get this error:

 
"The environment for this connection type is incorrect. If connection type is SCVMM, SCVMM Admin console need to be installed on the same machine as the HostingUnitService is installed on.”

image

According to Citrix this means you need the SDK for SCVMM.

According to Microsoft the SDK for SCVMM is the PowerShell CMDlets. So to get the PowershellCMDlets install the SCVMM Administrator Console on the Desktop Delivery Controller computer.

Dispute a HostingUnitService sounding like a VMhost…

Wednesday, September 28, 2011

Issue licencing the Citrix Branch Repeater VPX?

Citrix are officially crap with the way they licence their software and always have been, but if you have used Citrix ever you know that but today they add another crap feather to that cap.

If you have a licence server it has a name, lets call it a hostname, that is what Citrix call it to and for a XenDesktop and XenApp licence that is what it is, but for the Branch Repeater the hostname is actually a FLEXnet Host ID that you get from a utility they provide not the hostname that they ask for.

image

So instead of the hostname go to the licence server, open a command windows as Administrator, go to C:\program file (x86)\Citrix\Licensing\LS and run “lmutil lmhostid”. The output number is what you need for the Citrix licence website.

image

IMPORTANT: In Branch Repeater VPX software release 5.6, only Express, Eval, NFR and IOUL licenses can
be installed locally. Use a remote / network Citrix license server for Production (RETAIL) licenses.

If you are using a firewall the License Server default ports are more then just 27000:

  • 27000 - Used by XenApp servers to communicate with the License Server
  • 8082 - The License Management Console (LMC) uses this port to communicate with the License Server
  • 7279 - Static port for the Citrix vendor daemon

OR disable the firewall if you don't love security.

Citrix do have an article on this: http://support.citrix.com/article/CTX128875

Tuesday, September 27, 2011

WAN with a latency?

 

There is a simple and free WAN simulator that Tara consulting have open sourced. This is how to use it for a quick and dirty 300ms delay simulation (in my case simulating India to the UK).

Software home page: http://wanem.sourceforge.net/

Link to download the virtual appliance: http://wanem.sourceforge.net/vma-server.html (or look for the v2.3 ISO)

The setup guide: http://downloads.sourceforge.net/project/wanem/Documents/WANemv11-Setup-Guide.pdf

Windows route change:
route add DestinationIPaddress mask 255.255.255.255 WanEmIPAddress

Linux route change:
route add –host DestinationIPaddress netmask 0.0.0.0 gw WanEmIPAddress

Ping the DestinationIPaddress and the response should be higher then the latency that you have configured.

Friday, September 23, 2011

Catalogues in XenDesktop v5.5 hide some details

 

So if you are trying to find what the original source VM for that catalogue in XenDesktop was, you can but it is ugly?

Get-ProvTask

Star looking, you can find your pool name and then the machine names, and hey presto, the MasterImage is right there:


TaskId                             : 4864f7c5-5fb7-46fc-bc05-eb6712bd051c
Active                             : False
Host                               : SYDVDI01
DateStarted                        : 18/07/2011 1:25:25 PM
Type                               : NewVirtualMachine
Metadata                           : {Citrix_DesktopStudio_DesktopCatalogId = 5, Citrix_DesktopStudio_ImagesToCopyCount
                                      = 1, Citrix_DesktopStudio_StartTime = 634465917882529544, Citrix_DesktopStudio_Ta
                                     skGroupId = c0e304b0-d5a7-41f3-8112-52eca1616465...}
WorkflowStatus                     : Completed
MasterImage                        : XDHyp:\HostingUnits\Sydney VDI\vid-7-soe-xxx.vm\Citrix_XD_xxx.snapshot
ProvisioningSchemeName             : xxx hey VDI
ProvisioningSchemeUid              : ac4a2cc8-6b19-496c-8f0d-f0cfb7c58b36
TaskState                          : Finished
TaskStateInformation               :
HostingUnitUid                     : db5fad7c-d053-47a3-85d2-f0bd8bcb715b
HostingUnitName                    : Sydney VDI
IdentityPoolUid                    : 80859e24-15b2-49dd-97b6-59738b0eb7d3
IdentityPoolName                   : POOL NAME
VirtualMachinesToCreateCount       : 5
VirtualMachinesCreatedCount        : 5
VirtualMachinesCreationFailedCount : 0
CreatedVirtualMachines             : {VDIexx004, VDIexx001, VDIePassxx003, VDIexx002...}
FailedVirtualMachines              : {}
ProvisioningJob                    : 098e166a-2ed4-45a6-808f-a02d8415ab34
ProvisioningStatus                 : Completed

XenDesktop MCS updating master


If you are using the Machine Creation Services (MCS) to created dedicated images, this does not really matter, but if you update the master and want to mint more VMs in the same catalogue (without affecting the current). This is how it works.

The MCS in XenDesktop 5.5 is pointed to a master image when a Catalogue is created. You can be pooled or dedicated:

  • Dedicated virtual desktops retain all changes, software installations, local data, in a local difference disk.
  • Pooled Catalogue virtual desktops do not retain changes, the difference disk is reset upon reboot.

When using pooled desktops, the base image can be updated allowing changes from the master disk to be replicated to the deployed VMs, providing for centralised patch and application management. Each deployed image, whether pooled or dedicated, will also contain an identity disk.

Master Image - Once a master image is identified (when the catalogue is created), a private-use clone of the VMDK is created for use by all the catalogue machines.

This cloned disk is separate from the Master Image VM, allowing that VM to be updated or deleted with no impact on the deployed virtual desktops.

This master image clone is copied to each VMware Data-store automatically.

Each catalogue is linked to its own master image clone. If multiple catalogues are defined, then multiple master clones will be generated.

A master image can be changed to a different disk using the following command in PowerShell: Publish-ProvMasterVmImage. This will only impact new machines created in the catalogue, not existing machines already generated.

I hope this helps explain the disks under the covers.

image

Sources:
http://forums.citrix.com/thread.jspa?messageID=1534982
http://www.thegenerationv.com/2011/03/xendesktop-5-deep-dive-machine-creation.html

Need to change the XenDesktop network?

 

When you install XenDesktop the installer asks you the default network during the installation, and does not let you change it in the GUI, but like everything it can be done via PowerShell:

Here is the offending entry below.

image

So, open powershell as administrator

Add the Citrix snapins

Asnp Citrix.*

You can see all the options with.

Get-Command –Module Citrix.*

But this is what we run to get out

get-item -path XDHyp:\HostingUnits\*

PSPath                 : Citrix.Host.Admin.V1\Citrix.Hypervisor::XDHyp:\hostingunits\VDIhost
PSParentPath           : Citrix.Host.Admin.V1\Citrix.Hypervisor::XDHyp:\hostingunits
PSChildName            : VDIhost
PSDrive                : XDHyp
PSProvider             : Citrix.Host.Admin.V1\Citrix.Hypervisor
PSIsContainer          : True
HostingUnitUid         : e1bd6ca2-a30b-40b1-8200-518e262da208
HostingUnitName        : VDIhost
HypervisorConnection   : MelbVDI
RootPath               : XDHyp:\Connections\MelbVDIm.d\M C P.cluster\VDI.res
                         ourcepool
RootId                 : resgroup-6718
NetworkPath            : XDHyp:\Connections\MelbVDI\m.d\M C P.cluster\VDI.res
                         ourcepool\VM Network.network
NetworkId              : Network:network-82
Storage                : {XDHyp:\Connections\MelbVDI\Melbourne.datacenter\M C P.cluster\VDI.re
                         sourcepool\MEL-T3-VMDK01.storage, XDHyp:\Connections\MelbVDI\m.d\M C P.cluster\VDI.resourcepool\MEL-T3-VMDK02.storage}
VMTaggingEnabled       : True
UseLocalStorageCaching : False
Metadata               : {}

Now you know your hosting unit name and the format for the network connection format for the VMware network name look at Virtual Centre.

image

Then set it using the new details


set-item xdhyp:\hostingunits\vdihost -networkpath "XDHyp:\Connections\MelbVDI\m.d\M C P.cluster\VDI.resourcepool\VDI restricted network.network"

Refresh the Desktop controller and voilĂ 

image

References:

http://support.citrix.com/article/CTX128057

http://fourteenninetyfour.blogspot.com/2011/06/to-change-network-interfaces-on.html

Wednesday, September 21, 2011

Size does matter to Active Directory

I am working on a 200,000 user AD (large by Australian standards, about 10GB) and it got me thinking of limits and scale.

Domains and Domain controllers

  • There is a limit of 1,200 domain controllers due to SYSVOL FRS limits. This can be removed by moving to DFSr replication
  • Each domain controller in an Active Directory forest can create 2.15 billion objects during its lifetime
  • There is a limit of approximately 1 billion security identifiers (SIDs) over the life of a domain
  • OU names are limited to 64 characters
  • There is no limit to the depth of the OU structure
  • There is no limit to the number of users or other objects per OU
  • The maximum number of domains in a forest is 1200

Users and Groups

  • Display names are limited to 256 characters
  • Common names are limited to 64 characters
  • The SAM-Account-Name attribute (pre–Windows 2000 user logon name) is 256 characters in the schema. However, for backward compatibility the limit is 20 characters
  • Users, groups, and computer accounts can be members of a maximum of approximately 1,015 groups
  • Groups can have millions of members, and Microsoft scalability testing reached 500 million members. Use W2K8 mode.
  • The maximum recommended size for a Kerberos ticket is 65,535 bytes and when you get large tokens (think SIDHistory) this can cause issues with Sharepoint/IIS authentication.
  • A limit of 999 Group Policy objects (GPOs) that you can apply to a user account or computer account

Naming and locating

  • Fully qualified domain names (FQDNs) in Active Directory cannot exceed 64 characters in total length, including hyphens and periods (.) Longer DNS names are available BUT not valid in AD as resources
  • NetBIOS computer and domain names are limited to 15 characters.
  • Domain Name System (DNS) host names are limited to 24 characters.
  • LDAP bind operations limit the distinguished name (also known as DN) of the user to 255 total characters
  • Kerberos clients can traverse a maximum of 10 trust links to locate a requested resource in another domain. more than this and the attempt to access the resource fails

 

Sources: Primarily http://technet.microsoft.com/en-us/library/active-directory-maximum-limits-scalability%28WS.10%29.aspx

And other places…

Thursday, September 15, 2011

Removing VMware Storage from XenDesktop 5.5

 

Have you added but need to remove storage from XD55? Well there are instructions but they are a little obtuse? Here is how I did it. I have underlined the key parts.

http://support.citrix.com/static/kc/CTX127254/help/Remove-HypHostingUnitStorage.htm

 

PS C:\> get-item -path XDHyp:\HostingUnits\*


PSPath                 : Citrix.Host.Admin.V1\Citrix.Hypervisor::XDHyp:\HostingUnits\VDIhost
PSParentPath           : Citrix.Host.Admin.V1\Citrix.Hypervisor::XDHyp:\HostingUnits
PSChildName            : VDIhost
PSDrive                : XDHyp
PSProvider             : Citrix.Host.Admin.V1\Citrix.Hypervisor
PSIsContainer          : True
HostingUnitUid         : e1bd6ca2-a30b-40b1-8200-518e262da208
HostingUnitName        : VDIhost
HypervisorConnection   : MelbVDI
RootPath               : XDHyp:\Connections\MelbVDI\M.datacenter\M C P.cluster\VDI.resourcepool
RootId                 : resgroup-6718
NetworkPath            : XDHyp:\Connections\MelbVDI\M.datacenter\M C P.cluster\VDI.resourcepool\VM Network.network
NetworkId              : Network:network-82
Storage                : {XDHyp:\Connections\MelbVDI\M.datacenter\M C p.cluster\VDI.resourcepool\melsan01:melvmdk06.storage, XDHyp:\Connections\MelbVDI\Melbourne.datacenter\M C P.cluster\VDI.resourcepool\melsan01:melvmdk07.storage, XDHyp:\Connections\MelbVDI\M.datacenter\M C P.cluster\VDI.resourcepool\MEL-T3-VMDK01.storage}
VMTaggingEnabled       : True
UseLocalStorageCaching : False
Metadata               : {}

PS C:\> remove-hyphostingunitstorage -literalpath xdhyp:\hostingunits\vdihost -StoragePath XDHyp:\"Connections\MelbVDI\M.datacenter\M C P.cluster\VDI.resourcepool\melsan01:melvmdk06.storage"

HostingUnitUid         : e1bd6ca2-a30b-40b1-8200-518e262da208
HostingUnitName        : VDIhost
HypervisorConnection   : MelbVDI
RootPath               : /M.datacenter/M C P.cluster/VDI.resourcepool
RootId                 : resgroup-6718
NetworkPath            : /M.datacenter/M C P.cluster/VDI.resourcepool/VM Network.netwo
                         rk
NetworkId              : Network:network-82
Storage                : {/M.datacenter/M C P.cluster/VDI.resourcepool/melsan01:melvmd
                         k07.storage, /M.datacenter/M C P.cluster/VDI.resourcepool/MEL
                         -T3-VMDK01.storage, /M.datacenter/M C P.cluster/VDI.resourcep
                         ool/MEL-T3-VMDK02.storage}
VMTaggingEnabled       : True
UseLocalStorageCaching : False
Metadata               : {}

Quick refresh in Citrix Desktop Studio and you will see they are gone. 

Wednesday, September 14, 2011

Citrix Client version from a VBS

 

Dim WshShell, objFSO, strOCXLocation, strICAVersion

Set WshShell = WScript.CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
strOCXLocation = WshShell.RegRead("HKCR\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32\")
strICAVersion = objFSO.GetFileVersion(strOCXLocation)
Wscript.echo strICAVersion

 

Enough said.

 

Original article: http://support.citrix.com/article/CTX229784

Need to run an Oracle server in a VDI session?

 

Why, is a different questions, but if you do you will know about the listener.ora and the tnsnames.ora files that both reference the local computer name. You cant just set them to localhost.

But you can via a local GPO, startup script check them, replace them with some pre-formatted files and then pop in the local computer name and restart Oracle. Here is the VBS to do it.

PS: Yes I could use functions and subs but I didn’t so don't be a punisher. Long live the VBS batch file!

 

' Get domain, host name

Set WshNetwork = WScript.CreateObject("WScript.Network")

'WScript.Echo "Computer Name = " & WshNetwork.ComputerName

' "User Name = " & WshNetwork.UserName & vbCrLf & "Domain = " & WshNetwork.UserDomain

CompName=WshNetwork.ComputerName

DomName=WshNetwork.UserDomain

' WScript.Echo DomName &"\"& CompName

' check to see if the computer name is right

Const ForReading = 1

Set objRegEx = CreateObject("VBScript.RegExp")

objRegEx.Pattern = CompName

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.OpenTextFile("D:\oraclexe\app\oracle\product\10.2.0\server\NETWORK\ADMIN\tnsnames.ora", ForReading)

Do Until objFile.AtEndOfStream

strSearchString = objFile.ReadLine

Set colMatches = objRegEx.Execute(strSearchString)

If colMatches.Count > 0 Then

For Each strMatch in colMatches

' Wscript.Echo "found computer name: " &strSearchString & " Quiting."

' FTW quit.

Wscript.quit

Next

End If

Loop

objFile.Close

' Plan b

wscript.echo "put the files in place to update"

Set filesys=CreateObject("Scripting.FileSystemObject")

FolderLocation="D:\oraclexe\app\oracle\product\10.2.0\server\NETWORK\ADMIN\"

'wscript.echo FolderLocation & "*.prepped", FolderLocation & "*.ora"

filesys.CopyFile FolderLocation & "tnsnames.prepped", FolderLocation & "tnsnames.ora", true

filesys.CopyFile FolderLocation & "listener.prepped", FolderLocation & "listener.ora", true

set filesys=Nothing

'Stop Service

'wscript.echo "stoping"

strServiceName = "OracleServiceXE"

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

Set colListOfServices = objWMIService.ExecQuery("Select * from Win32_Service Where Name ='" & strServiceName & "'")

For Each objService in colListOfServices

objService.StopService()

Next

strServiceName = "OracleXETNSListener"

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

Set colListOfServices = objWMIService.ExecQuery("Select * from Win32_Service Where Name ='" & strServiceName & "'")

For Each objService in colListOfServices

objService.StopService()

Next

wscript.sleep 5000

' Update the text files with the computer name

Const ForWriting = 2

FileLocation1="D:\oraclexe\app\oracle\product\10.2.0\server\NETWORK\ADMIN\tnsnames.ora"

OldText="<servername>"

NewText=CompName

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.OpenTextFile(FileLocation1, ForReading)

strText = objFile.ReadAll

objFile.Close

strNewText = Replace(strText, OldText, NewText)

Set objFile = objFSO.OpenTextFile(FileLocation1, ForWriting)

objFile.WriteLine strNewText

objFile.Close

FileLocation2="D:\oraclexe\app\oracle\product\10.2.0\server\NETWORK\ADMIN\listener.ora"

'wscript.echo "changing" & Filelocation1 & Filelocation2 & "to " & NewText

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.OpenTextFile(FileLocation2, ForReading)

strText = objFile.ReadAll

objFile.Close

strNewText = Replace(strText, OldText, NewText)

Set objFile = objFSO.OpenTextFile(FileLocation2, ForWriting)

objFile.WriteLine strNewText

objFile.Close

' wait for the services to finish stoping from above

wscript.sleep 10000

' start them and done.

'Start Service

strServiceName = "OracleXETNSListener"

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

Set colListOfServices = objWMIService.ExecQuery ("Select * from Win32_Service Where Name ='" & strServiceName & "'")

For Each objService in colListOfServices

objService.StartService()

Next

'Start Service

'wscript.echo "starting"

strServiceName = "OracleServiceXE"

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

Set colListOfServices = objWMIService.ExecQuery ("Select * from Win32_Service Where Name ='" & strServiceName & "'")

For Each objService in colListOfServices

objService.StartService()

Next

wscript.quit

Thursday, September 08, 2011

Linux Citrix Client v11

 

Go to Citrix.com, Downloads, over on the right choose the Citrix Receiver (you need to go this way as Linux is not a client if you go via standard downloads).

Download the client

GUNzip the .gz: tar xfvz linuxx86-11.xxx.tar.gz

UnTAR the tar: tar xfvz linuxx86-11.xxx.tar

Change to the folder created

Execute the install script: sudo ./setupwfc

Accept the default options

 

If you need it motif?:

sudo apt-get install libmotif4

 

If you need funky certificate support:

If you have Firefox already installed you can grab them.

sudo cp /usr/share/ca-certificates/mozilla/* /usr/lib/ICAClient/keystore/cacerts/

Wednesday, September 07, 2011

Is there a Command-Line Operation to change Windows 7 theme?

 

Is there a way to change themes from the command-line, without showing the "Personalization" window? The command I use right now is

Code for Classic:

rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"C:\Windows\Resources\Ease of Access Themes\classic.theme"


or if you want the search bar, code for Basic:



rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"C:\Windows\Resources\Ease of Access Themes\basic.theme"


But this makes the "Personalisation" window pop up before changing the theme. There is a VBS that can open, then kill this window.



Set WshShell = WScript.CreateObject("WScript.Shell")



WshShell.Run "rundll32.exe %SystemRoot%\system32\shell32.dll,Control_RunDLL %SystemRoot%\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:""C:\Windows\Resources\Ease of Access Themes\basic.theme"""



Wscript.Sleep 10000

WshShell.AppActivate("Desktop Properties")


WshShell.Sendkeys "%FC"


WshShell.Sendkeys "{F4}"



Or do this via the GPO:



image





Original article: http://www.sevenforums.com/themes-styles/93397-there-silent-command-line-operation-change-theme.html

Two or more local drives in XenDesktop with the MCS

 

Having used the Machine Creation Service it has a nasty habit of throwing away any additional drives you may have added to the source template VM for the VDI deployment. Take a look at the following examples…

1. A standard user with a simple, single drive and partition all looks good the original drive is maintained and a small 16MB personality disk is added by the MCS to track computer names etc.

image

2. But if you assign a second drive, or any other drives, apart from the first disk the MCS discards this and the new VDI computer does not have any other drives apart form the C: and the personality disk (which BTW has no drive letter assigned).

image

3. But if you want two or more disks, assign the extra space, using Windows 7 it will see the space and allow you to use it directly and create a new partition. Windows XP can two but if you want to expand the disk (within just c: – which is not what we are talking about here) you need a W7 boot disk to easily do this.

image

Monday, September 05, 2011

XenDesktop 5 and Windows 7 Default Profile

First, Create the base image, and base application installs.

Second, configure the applications, Desktop, Start menu and any other settings you want every new user to get.

Third, Create a new Local Administrator user account. Note that step two HAS to be done with a LOCAL user. Once everything is set the way you want, login with the new user account. Browse to C:\Users\ Rename "Default" to "Default-OLD" or whatever makes sense to you. Then make a copy of the first Administrator's account folder. Once it has successfully copied Rename it to "Default".

Fourth, Run Sysprep… Yeah I know it is a pain, but so far this is the only way to really make this work every time. To run sysprep logout of the Second Administrator's account and back in to the First. Disable the Second Admin account, and Delete the Users Profile. Now browse to c:\windows\system32\sysprep\ Run sysprep leaving all defaults.

Fifth, Run back through the Windows 7 Setup wizard and you are all set, don't forget to join it to the domain.

Now all you have to do is run the update wizard within XenDesktop 5.

Thanks for reading, Lawrence

Original: http://blog.ntcrash.biz/2011/04/29/xendesktop-5-and-windows-7-default-profile/

Friday, September 02, 2011

Removing the DigiNotar certificates

 

Due to the confusion, lack of transparency, and the potential risk from some 200+ root level domains having had fresh fraudulent certificates created I have gone through and removed DigiNotar from Firefox and Windows whenever I can. This is how.

You will see in IE you cant just delete it like in Firefox, see below

Diginotar Remove from IE

But you can open the MMC, open the Certificate management console, open the local machine and delete it here.

Windows delete diginota

In Firefox it is straight forward.

Firefox delete diginotar

Blog Archive