Do you need VMware ESX? (vSphere)

Update:1 – corrected some numbers. Thanks @jasonboche

Let me just say I love VMware, particularly ESX and have worked with it from before GSX was in shorts, back in the workstation days, when only para-virtualisation existed. I have rolled out ESX 2/3/4 farms (no 5 yet)… I have never had a purple screen of death, I have never had to rollback a workload to hardware, I have VMed Exchange 2k/2k3/2k7, DCs 2k-2k8r2, file & print, SQL servers, Citrix servers they all run great on ESX/ESXi.

But do you need it? Or are you after a solution has all the features, are you after the Rolls Royce? What are you really trying to do? Are you exotic or somehow special?

You want ESXi that's fine, go ahead I don't get paid either way, but then nor does anyone so please do.

Lets just think about what server virtualisation does (as of todays date):

Feature	ESX/ESXi	Hyper-V	XENserver
Bare-metal architecture	Yes	No, but core	Yes
VMotion like	Yes	Yes	Yes
Small footprint	Yes	No, but core	Yes-ish
Cluster (pool)	32 nodes	16 nodes	16 nodes
CPU virtualisation	Yes	Yes	Yes
RAM Support Host	2TB	1TB	1TB
RAM support VM	1TB	64GB	128GB
RAM overcommit	Yes	Yes	Yes
NIC teaming	Yes	No*/vendors	Yes
VM RAM Page sharing	Yes	No	No
Ballooning	Yes	Yes	Yes
Capacity prioritisation	Yes	Yes-ish	Yes-ish
Traffic Shaping	Yes	No	No
Virtual NIC	Yes	Yes	Yes
Virtual switches	Yes	Yes	Yes
VLAN tagging	Yes	Yes	Yes
Dynamic volume resizing	Yes	Yes	Yes
Raw device mapping	Yes	Yes	Yes
LUN management	Yes	Yes-via vendors	Yes-add on
Guest Windows	Yes	Yes	Yes
Guest Linux	Yes	Yes-limited	Yes-good
Guest Other	Great	OK	Good
Paravirtualisation	None (good!)	Yes, LAN/Disk	yes-ish
Distributed Power Mgnt	Yes	Some	Some
Wake-on LAN	Yes	No	No

There are hundreds more features such as “Boot from SAN” which are specific or particular so I have not listed them above, if YOU need them they are critical but lets just focus back on the 99%

So to look at this list above there are some clear areas where ESXi wins out, specifically on the very large scale, telco scale, intensive power saving, dare I say cloud providers… But if you are one of the people who just need a bunch of VMs per server for general workloads any of the three products above is going to work fine. Scale up the CPU, RAM, Network cards and you can go to higher density?

The limits are disappearing.

So now lets look back at yourself, do you really need ESX? Maybe you could save some money… Look around.

Just before signing off, read this: http://www.thincomputing.net/2011/03/07/how-many-users-can-i-host-per-server-with-remotefx-for-hyper-v-and-what-is-the-cost-per-user/

This document is the source for the core of this post:
“vmware-vsphere-features-comparison-ch-en.pdf”
Intel: “xeon_7500_Virtualization_solbrief.pdf”

* Microsoft say dont use teaming, but vendors support it. Buyer beware… Microsoft Support Policy for NIC Teaming with Hyper-V - http://support.microsoft.com/kb/968703

Folder redirection on Windows 7

Without an intervention from you, users settings and user files are stored in the local user profile, under the Users folder on the local drive. “C:\USERS\etc”. I think we all know we cant trust users to backup so lets look at it.

There are two technologies to ‘fix’ this situation, Roaming Profiles and Folder Redirection.

Folder Redirection lets you redirect the path of a folder to a new location. The location can be another folder on the local computer like a D: or a directory on a file server. to the users it is as if the documents were based on a local drive. The documents in the folder are available to the user from any computer on the network and offline via offline folders.

Advantages of Folder Redirection

If users log on to different computers on the network, their data is available.

Offline Files (which is turned on by default) gives users access to the folder even when they are not connected to the network. This is for people who use laptops.

When it is stored in a network it can be backed up…. Nice idea huh?

When using Roaming User Profiles, you can use Folder Redirection to reduce the total size of your Roaming Profile and make the user logon and logoff more quicker for the user.

You can use GPO to set disk quotas, limiting how much space is taken up by user profile folders.

You to select the location of the redirected folder on a network or in the local user profile:

1. Redirect everyone's folder to the same location. This setting enables you to redirect everyone's folder to the same location and is applied to all users included in the GPO
2. Create a folder for each user under the root path. This option creates a folder in the form \\server\share\User Account Name\Folder Name. Each user has a unique path for their redirected folder.

Folder Redirection in Windows 7 improves first-time Folder Redirection performance because the the computer redirected folder data in the background, not just at logon. However the first time a user logs on, Offline Files moves all files and folders from the server to the local cache. The user is blocked from logging on to the computer during this task. Then, Offline Files synchronises from the local cache with the redirected user folder on the server. . So turn this on at the initial deployment, not later and be careful of WAN links.

Offline Files synchronises new and changed files and folders from the local computer to the server when the network becomes available or in the background when the connection is slow.

Windows 7 new slow link detection

Slow link detection works via Network Location Awareness (NLA). This networking layer service allows applications, like GPOs, to request networking information from the network adapters in a computer, rather than implementing their own. NLA  monitors the existing traffic of a specific network interface. This provided two important benefits:

1. it does not require any additional network traffic to accomplish its bandwidth estimate no network overhead, and
2. it does not use ICMP.

Windows 7 slow-link mode, Offline Files

A shared folder automatically transitions to the slow-link mode if the round-trip latency of the network is greater than 80 milliseconds, or as configured by this policy.

After transitioning a folder to the slow-link mode, Offline Files synchronises the user's files in the background at regular intervals, or as configured by the 'Configure Background Sync' policy. While in slow-link mode, Windows periodically (every 2 Minutes) checks the connection to the folder and brings the folder back online if network speeds improve.

Wrap-up

It is not always plane sailing occasionally the laptop users loss where it was, don't let it sync or don't know where files are, but this is outwaited by the value of having their information backed up.

From the Start menu, type sync and it will bring up the sync centre to allow you to see what is going on.

 

This information is generally from here:
http://technet.microsoft.com/en-us/library/cc732275.aspx
http://blogs.technet.com/b/netro/archive/2010/09/15/slow-link-detection-for-offline-files-in-windows-vista-sp2-amp-windows-7.aspx
http://blogs.technet.com/b/askds/archive/2009/10/23/group-policy-slow-link-detection-using-windows-vista-and-later.aspx

VirtualBox Network command lines

 

If you run a bunch on VMs in VirtualBox and use NAT to keep consistent addresses changing the active network card (from wireless to wired etc) on the computer is a pain as you need to go into the VM and click disconnect network, ok, connect network ok.

Well that is way to may steps for my liking. Here is the command line to pop and icon in the desktop or run as a task/script.

vboxmanage controlvm "WORK SOE" setlinkstate1 off
vboxmanage controlvm "WORK SOE" setlinkstate1 on

If you want to change the network adaptor connection (ie, not connected or to the NAT), this is how.

vboxmanage controlvm "w2k8r2dc1" nic1 null
vboxmanage controlvm "w2k8r2dc1" nic1 nat

You can also start and sleep them on the command line.

vboxmanage controlvm "nameOmachine" savestate
vboxmanage startvm "nameOmachine"

And just to suspend the laptop from the command:
sudo pm-suspend

VMware clusters and multiple SANs

 

Most large organisations have two SANS and many larger organisation still have two or more data centres.

Lets just start with this is not a cloud, it is a data centre or separate SAN, OK that is off my chest. Bloody private cloud, this and that, don't get me started, “Why I oughta…”

You can utilise this architecture with VMware ESX/vSphere as active-active or active-passive, but I don't see value in active-passive so lets not speak of it again, it is not cheap, not effective and not quick. So back to Active-Active.

To build a single ESX cluster over 2 SANs (or 2 data centres) is basically the same, but as you reach out of the single data centre you need some extra configurations such as:

• An IP network with a minimum bandwidth of 622 Mbps is required.
• The maximum latency between the two VMware servers cannot exceed 5 milliseconds (ms).
• The source and destination ESX servers must have a private VMotion network on the same IP subnet and broadcast domain.
• The IP subnet on which the virtual machine resides must be accessible from both the source and destination ESX servers.
• The data storage location including the boot device used by the virtual machine must be active and accessible by both the source and destination VMware ESX servers at all times.
• Access from vCenter to all ESX servers is needed.
• The two SANs to be supported it must have synchronous data replication (sometimes and expensive add on).

The value of this is protection from a SAN failure and all hardware used. If this is across data centres then you also have DR knocked on the head (your mileage may vary).

There are some issues such as a power outage in DC1 will cause all the VMs to restart in DC2 via HA so it is not true protection from massive outages. Secondly if you use vMotion to move the servers to the other nodes in DC2 the SAN writes are now subject to the latency of this link, so there can be a performance penalty. Additionally DRS may need to be manually updated to be aware of this configuration.

This is how it would look (minus some SAN switches etc.)

Here are the VMware prerequisites:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2007545

Here is Cisco discussing this:

http://blogs.vmware.com/networking/2009/06/vmotion-between-data-centersa-vmware-and-cisco-proof-of-concept.html

Here is a good blog on this:

http://www.van-lieshout.com/2009/11/geographically-dispersed-cluster-design/

Stooging on XenApp 4? Upgrade now.

 

To clarify the distinction between upgrade and migrate:

• Upgrade: Installing a newer version over an existing version
• Migration: A clean, new installation of that program or service.

XenApp 4/4.5 –> XenApp 5

1. Upgrade Pres Server 4.0 for Windows Server 2003 to XenApp 5 for Windows Server 2003. In this case, to maintain the existing data store and server farm configuration. Each server must be upgraded, and Hotfix Rollup Pack 3 should be installed. In addition, the relevant components will also be upgraded. Lastly, .NET 2.0 SP1 or higher and Java Runtime Environment 1.6 Update 5 or higher are required.
   
2. Upgrade Pres Server 4.5 No FP1 or FP1 farm to XenApp 5 for Windows 2003. In this case, to maintain the existing data store and server farm configuration. This type of deployment is based on upgrading the relevant components only. If FP1 is not installed, please note that .NET 2.0 SP1 or higher and Java Runtime
   Environment 1.6 Update 5 or higher are required. In addition, Hotfix Rollup Pack
   3 should be installed.
   
3. Upgrade all servers in the existing Pres Server 4.5 FP1 farm to XenApp 5 for W2K3 and add several XenApp 5 for W2K8 servers to the farm until it can be
   transitioned to XenApp 5 for W2K8 entirely. This case is similar to the previous one, except that some XenApp 5 for W2K8 servers are added to the farm. In this case, maintain a mixed farm based on the existing data store and server farm configuration.
   
4. Migrate to a new XenApp 5 for W2K8 farm. In this case, the farm migration is based on a completely new installation of XenApp that initiates a new data store and server farm.

XenApp 5 –> XenApp 6

To transition to XenApp 6, administrators must migrate to a new farm and have the following options:

1. Create a new XenApp 6 farm and configure all settings manually
2. Create a new XenApp 6 farm and migrate settings from an existing XenApp 5 or Presentation Server 4.5 farm
   

Transferring settings from the legacy farm is best performed by installing the XenApp 6 Migration Tool on a XenApp 6 server and directly importing the settings by pointing at a server in the legacy farm. It is possible to import all settings or be selective. If the existing farm is based on server or application folders, these settings can be exported and designated so that they will be identified as Worker Groups within the new farm. Additional command-line entries are available to include, exclude, or modify specific settings. The administrator must have full administrative
rights in the target XenApp 6 farm and a minimum of view-only rights in the source legacy farm.

Prior to initiating the migration of settings, Worker Groups should be designated so that server and application silos can be assigned appropriately. This provides administrators with additional flexibility and enables a significant number of new servers to be added to the new XenApp 6 farm at once using a tool such as Citrix Provisioning services.

XenApp 6 –> XenApp 6.5

XenApp 6.5 implementations must be based on clean Windows Server 2008 R2 operating system installations as Citrix does not support operating system upgrades. Thus, there is no upgrade path to XenApp 6.5 from XenApp 5 or earlier products. In addition, a XenApp 6.5 farm can only encompass XenApp 6.5 servers - mixed farms are not supported.

Want ‘proper’ Java on Ubuntu 11.10?

 

I am of course an open source fan, but when it doesn't work, it is time for some proprietary solution. IE, Webex did not work with Icedtea Java Plugin and OpenJDK. Error "applet not initialized” at the bottom of the browser window.

So either apt-get remove or ubuntu software centre, remove OpenJDK and IcedTea java components.

then copy and paste the following:

cd 
wget https://raw.github.com/flexiondotorg/oab-java6/master/oab-java6.sh -O oab-java6.sh
chmod +x oab-java6.sh
sudo ./oab-java6.sh
sudo apt-get upgrade

Open the browser and go to:

http://java.com/en/download/installed.jsp

It was ask for a plug in, select the IcedTea java plug and you should be sweet.

Furth (dated) details here:

https://github.com/flexiondotorg/oab-java6

SQL Server Number verses Versions

 

Looking at a SQL server Management Studio there is a version number but it does not match the SQL release, here is a short table to map them.

SQL Server 2008 R2 Original 10.50.1600.1
With SP1 10.50.2500

SQL Server 2008 Original 10.00.1600.22
SP1    10.00.2531
SP2    10.00.4000
SP3    10.00.5500

SQL Server 2005 Original 9.00.1399.06
SP1    9.00.2047
SP2    9.00.3042
SP3    9.00.4035
SP4    9.00.5000

SQL Server 2000 Original 8.00.194
SP1    8.00.384
SP2    8.00.532
SP3    8.00.760
SP4    8.00.2039

SQL Server 7.0  Original -  7.00.623
SP1    7.00.699
SP2    7.00.842
SP3    7.00.961
SP4    7.00.1063

If you want even more detailed information look here:

http://sqlserverbuilds.blogspot.com.au/

End of life of XenApp 4.5 on Server 2003–look out IE6

 

Windows Server 2003 SP2 is end of life July 2015.

Citrix ends support for XenApp 4.5 (nah Presentation Server, nah MetaFrame, nah WinFrame) in March 2013 (v5.0 is also March 13).

IE6 running on this platform therefore officially has just over two years. Best get moving.

There is of course the Quest solution called affectionately: “Internet Explorer 6 Application Compatibility Solution Bundle” which is based on about $10-20 per Concurrent User.
http://communities.quest.com/community/vworkspace/blog/2011/06/21/ie6-application-compatibility-and-windows-7-deployment

For more information look at the following:

Citrix Lifecycle
http://support.citrix.com/article/CTX122442

Windows Lifecycle
http://support.microsoft.com/lifecycle/?LN=en-gb&C2=1173

Article from Brian Madden on this topic
http://www.brianmadden.com/blogs/shawnbass/archive/2012/01/17/citrix-plans-to-end-support-for-xenapp-6-0-in-2013-what-s-that-you-re-still-migrating-to-6-0.aspx?asrc=EM_NLN_16165585&uid=8579580

CSP-004-1W for CCSP 2011: Citrix Virtual Computing

 

Many of us need certification to keep vendors happy, in some cases they make it easy and other times they do not. Here is my quick guide to help you better understand the CCSP course CSP 004 1W.

Questions set 1

Question set 2

Citrix client on Ubuntu 11.10 (x64)

 

Linux Citrix Client v12

Go to Citrix.com, Downloads, Choose the Citrix Receiver for Linux x64.

Download Receiver for Linux English v12.0 10/5/11 .deb (format)

The Ubuntu installer will automatically install it, all you need is the certificates (if you get a cert error).

If you have Firefox already installed you can grab them (the destination path has changed from Ubuntu 10 and 11 for the client installation).

sudo cp /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/

And you are up and running.

Removing Unity from Ubuntu 11.10

 

Prerequisites before starting, get updated

sudo apt-get update

Install gnome classic

sudo apt-get install gnome-session-fallback

Log out then login and choose Gnome Classic from the little configuration button

Remove Unity packages and Unity specific tools

sudo apt-get purge appmenu-gtk appmenu-gtk3 appmenu-qt indicator-appmenu

sudo apt-get remove unity-lens-music unity-lens-applications unity-greeter unity-common unity-asset-pool unity-2d-launcher unity-2d libunity-misc4 libunity-2d-private0 gir1.2-unity-4.0

sudo apt-get purge liboverlay-scrollbar-0.2-0 liboverlay-scrollbar3-0.2-0 overlay-scrollbar appmenu-gtk appmenu-gtk3 appmenu-qt indicator-appmenu

Move the window chrome button to the same side as Windows, ie move from left side to right side.

sudo apt-get install gconf-editor

run gconf-editor in a terminal window

Navigate on the left of /apps/metacity/general
on the right side find the string button_layout and change it to :minimize,maximize,close

Logout and/or reboot. You are done.

Original geek who documented most of this: http://linux-software-news-tutorials.blogspot.com/2011/10/ubuntu-1110-oneiric-remove-unity-and.html

Planning on BYOD?

BYOD (device or desktop)

Bring your own device is both scary and exciting for most people, certainly for most IT managers and CIOs. I should start with the (what should be obvious) BYOD is not a money saver, it is a technology enabler. It is to build better collaboration for a single person – someone traveling, using a work desktop, an IPAD, a home computer etc or for a group of users in a collaborative group.

Plan BYOD for the right reasons.

1. Decide what you will support, will it go to devices? No, that is too specific and will date. Will it go to OS level, No, that will be wrong soon too. Just set some level of requirements, it must support passwords, auto password change, remote wipe etc. Then you can support any device today or future.
   
2. Determine what these shiny new devices can do? Will they connect to the LAN? Will they get a private WLAN? Can they access the intranet, internet, email, VPN etc etc? Maybe it is best to abstract them from the ‘real’ assets and keep them accessing services via Citrix or RDP? Will they authenticate with a CERT? Maybe an AD logon?
   
3. Determine the support you will offer, will you connect them to the network, install software, do the owners take responsibility? will you encourage or just tolerate the weird and wonderful knock-off tablets? Don't go to far, you can always go further but you cant go back !
   
4. Formalise the plans, the guides, the operations documentation, the security risks, VPN or network controls, IPSEC and routing these the devices. Maybe NAP and NAC have a future on the network if the devices can be managed?
   
5. Review the plan and execution after the first 50 devices and see what you got right and wrong. Then fix it.

It does not have to be a problem, it is just another opportunity.

Still sitting on W2K3 Servers? Upgrade, here is why

 

1. Windows 2008, W2K8R2, W2K8R2 SP1 features

Follow is a summary of the key features of Windows 2008 R2 SP1 which includes all features from the original Windows 2008 and Windows 2008 R2 (original). That is as compared to Windows 2003 server.

 

1.1. Active Directory

1.1.1. Domain Features

Read-Only Domain Controller (RODC) represents a new type of domain controller available in Windows Server 2008.

Active Directory Federation Services (AD FS), enables secure document and e-mail collaboration. AD FS provides Web-based extranet authentication and authorisation, single sign-on (SSO), and federated identity services for Windows Server environments.

Windows Server 2008, DFS replication for SYSVOL, Advanced Encryption Services (AES 128 and AES 256) support for Kerberos, Last interactive logon information, Fine-grained password policies (FGPP) for individuals and groups.

Authentication mechanism assurance, a user can have access to different resources if they log in with a certificate versus when they log in with just their username and password or via ADFS. Automatic SPN management, Passwords for these accounts will be reset automatically. And administrative tasks for managed service accounts can be delegated to non-administrators.

1.1.2. Forest Features

Windows Server 2008, No additional features.

Windows Server 2008 Windows 2008 R2, Active Directory recycle bin (must be enabled via command line).

 

1.2. Key Windows 2008 Technologies

Server Manager is the unified Microsoft Management Console (MMC) that offers an integrated experience for adding, removing, and configuring server roles and features.

Windows PowerShell, (superseded by PowerShell v2.0 in Windows 2008 R2).

Server Core installation which includes only the subsystems required for those server roles required on that particular server.

Next Generation TCP/IP Stack with redesigned TCP/IP functionality.

New Failover clustering to increase availability of applications and services (Enterprise Edition or higher).

Internet Information Services (IIS) 7.0, (superseded by IIS in Windows 2008 R2)

Windows SharePoint Services is a collaboration technology to improve business processes and enhance productivity.

Terminal Services to provide presentation virtualisation. ie a full Windows desktop from any computer. And application virtualisation via RemoteApp ie presenting only applications instead of the entire desktop.

Network Access Protection (NAP) prevents unhealthy computers from accessing and compromising servers and services.

Public Key Infrastructure (PKI) enhancements include support for enterprise auto-enrolment, Network Device Enrolment Services (NDES), the Online Certificate Status Protocol (OCSP), the Online Responder service, and version 3 certificates.

Windows Firewall with Advanced Security.

Federated Rights Management Services solution, provides a collaboration extension to eliminates the overhead of external user IDs when sharing email or Microsoft office documents to non-staff.

BitLocker Drive Encryption which encrypts the contents of a disk volume.

DFS Replication remote differential compression (RDC); which minimises the volume of replicated data that passes over the WAN. Cross-file replication uses a heuristic to identify when a file exists on the sending computer and not on the receiving computer, but similar files exist on the receiving computer.

Virtualisation through Windows server Hyper-V (superseded by Windows 2008 Windows 2008 R2 SP1)

 

1.3. Key Windows 2008 R2 Technologies

Remote Desktop Services with support for VDI or traditional terminal services.

DirectAccess, allowing remote staff to seamlessly connect to their work environment without the use of a virtual private network (VPN).

Hyper-V Live Migration, enables the movement of virtual machines from one host to another with no perceivable downtime. Hyper-V also supports for up to 64 logical processors to and supports new multi-core hardware and more scalable virtualisation.

BranchCache, reduces WAN bandwidth consumption between the data centre and branch offices.

Windows PowerShell 2.0, provides updated scripting capabilities to help automate server deployment, configuration and management.

File Classification Infrastructure (FCI), is a built-in solution for file classification and management.

Improved Power Management, with support for new processor core and storage power management, reducing power consumption and enhanced budgeting and metering capabilities.

Internet Information Services (IIS) 7.5: Delivers full support for .NET on Server Core, with PHP support, new management tools, and bundled extensions.

 

1.4. Key Windows 2008 R2 SP1 Technologies

Hyper-V Dynamic Memory - Dynamic Memory allows administrators to dynamically adjust memory usage depending on server demand.

VDI with RemoteFX, to support virtualised graphics resources and advanced codecs to enable local-like desktop environment including support for 3D applications, portable graphics content such as Silverlight and Flash, and Windows Aero.

Single set of SP1 updates for Windows Server and Windows 7 – Windows 2008 R2 SP1 delivers all previously released updates prior to Windows deploy and support a single service pack for Windows 7 and Windows Server 2008 R2.

Slip streaming Service Packs in Windows XP

Like most in IT I have a collection of ISO images and my WXP is SP2 which means every install is an update to SP3. So I have finally updated it after a few years. Here is how.

Copy your XP CD to your local hard drive (C:\XPoriginal)

Download XP SP3

Extract it to the local drive using the –x command line.

WindowsXP-KB936929-SP3-x86-ENU.exe -x:c:\XPSP3

Next, update the original media

cd \XPSP3\i386\update
update -s:c:\XPoriginal

Update the ISO file with WINRAR or similar and you are done.

Upgrade to IE9 kills Citrix Web Interface

 

After an upgrade to IE9, You are given a prompt to Open, Save, or Cancel the launch.ica connection file. But when you save the file you get a .partial file instead of the .ica file.

You can fix this with a change to how IE9 uses ActiveX filtering but the smart money is on just performing a Citrix client update.

Today the Citrix client is called a receiver, download it here: http://www.citrix.com/English/ss/downloads/index.asp

 

Here is a Citrix article on it. http://support.citrix.com/article/CTX129082

Often in logon scripts you test for versions and releases

Official Windows operating system version numbers.

Operating system	Version number
Windows 7 Windows Server 2008 R2	6.1
Windows Vista Windows Server 2008	6.0
Windows XP 64-Bit Edition Windows Server 2003 R2 Windows Server 2003	5.2
Windows XP	5.1
Windows 2000	5.0

Windows build numbers.

Windows 7 Windows 2008 R2	7600 7601(SP1)
Windows Server 2008	6001 6002(SP2)
Windows Vista	6000 6001(SP1) 6002(SP2)
Windows 2003 Windows XP (x64)	3790
Windows XP	2600
Windows 2000	2195
Windows NT4 / NT4 TS	1381

There
is
an
exhaustive
list
here:
http://en.wikipedia.org/wiki/Windows_NT

Keyboard Shortcuts in a Remote Desktop Session

 

Key Combinations for Client Computer	Equivalent Keys for Remote Desktop Session	Description
ALT+TAB	ALT+PAGE UP	Switches between programs from left to right.
ALT+SHIFT+TAB	ALT+PAGE DOWN	Switches between programs from right to left.
ALT+ESC	ALT+INSERT	Cycles through the programs in the order they were started.
	CTRL+ESC	Switches the client between a window and full screen.
CTRL+ESC	ALT+HOME	Displays the Start menu.
	ALT+DELETE	Displays the Windows menu.
PRINT SCREEN	CTRL+ALT+MINUS (–) symbol on the numeric keypad	Places a snapshot of the active window in the Remote Desktop session on the clipboard.
CTRL+ALT+DEL	CTRL+ALT+END	Displays the Task Manager or Windows Security dialog box. (Only use CTRL+ALT+END to issue this command. CTRL+ALT+DEL is always interpreted by the client computer.)
ALT+PRINT SCREEN	CTRL+ALT+PLUS (+) symbol on the numeric keypad	Places a snapshot of the entire Remote Desktop session window on the clipboard.

This is from link: http://technet.microsoft.com/en-us/library/bb457106.aspx

Time Configuration for AD in Australia

 

The time configuration is very important for Active Directory. With just a few minutes deviation on the client to the server a client will no longer be able to authenticate to servers in the domain. This is why time should be based on a well known Internet time sources for Domain Controllers in the core data centres.

Domain Controllers outside primary data centres can receive time from the other DCs or a local NTP server. Each of these local DCs can then act a local time servers for clients and servers within that site.

Some of the key public NTP servers for Australia are listed below:

• NSW ntp.nml.csiro.au Stratum two
• NSW ntp.syd.connect.com.au Stratum two
• NSW ntp1.tpg.com.au Stratum two
• VIC ntp.mel.connect.com.au Stratum two
• SA ntp.adelaide.edu.au Stratum two
• VIC time.deakin.edu.au Stratum two
• VIC time.esec.com.au Stratum two
• SA ns.unisa.edu.au Stratum three
• ACT ntp.can.connect.com.au Stratum three
• QLD ntp.bri.connect.com.au Stratum three
• SA ntp.ade.connect.com.au Stratum three
• WA ntp.per.connect.com.au Stratum three

To explain the different types of time servers, they are listed below:

1. Stratum 0: Atomic clocks (caesium, rubidium), GPS clocks or other radio clocks, these are not connected to the internet directly
2. Stratum 1: Computers attached to stratum 0 devices. Normally they act as servers for timing requests from Stratum 2 servers via NTP
3. Stratum 2: Computers that send NTP requests to Stratum 1 servers and communicate with peer stratum 2 computers for accuracy
4. Stratum 3: Functionally the same as Stratus 2 serve as the next in a possible 256 tiers of time servers

Good luck and be on time.

User State Virtualisation (Roaming Profiles / Folder Redirection)

 

Folder Redirection provides a way to selectively synchronise parts of the user environment (Documents, etc). This is especially useful in a XenDesktop and XenApp environment to make the experience seamless.

This is so much better then the old profile (NTUser.dat and file) that had to be copied in XP and earlier. The disadvantage is that by default the user cannot use the redirected folders when disconnected. But you can setup the user to have a cached copy of redirected files and folders.

To Set up the Folder Redirections using GPO

• Edit a Group Policy Object that is targeted to your users and navigate to User Configuration, Policies, Windows Settings, Folder Redirection, Documents

By default all folders that are redirected are automatically made available offline so that users can still access their files if when disconnected from the server. In Windows 7 the folder synchronisation is done in the background not on logon/logoff. Also Windows 7 has ‘Fast First Logon’ allows users to logon to their computer without having to wait for the folder to be moved first.

• In the advanced options you can select a different folder based on the users group membership. Think about this for load balancing or WAN issues.

• Disable ‘Grant the user exclusive rights to Documents’. Because if an administrator needs to access these files they will need to ‘take ownership’ which removes the users’ permissions.
• Also you can ‘Redirect the folder back to the local userprofile location when policy is removed’. Which means if a user is no longer affected by the GPO it will copy this back to the computer and can take minutes or hours depending on the size.

Repeat for any other redirected folders.

References

http://blogs.technet.com/b/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx

http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/

 

Virtual Domain Controllers

This is still coming up so lets just recap what you need to know.

Time synchronisation

Time in Active Directory is critical to everything, Domain Controllers, servers and clients. In Active Directory, Kerberos issues a ticket during login, this ticket is default valid for 8 hours, and prevents constant authentication on Domain Controllers, every time a user accesses resources. However, the encryption and security between the client and the domain controller issuing the ticket, requires an exchange of passwords and setup of a secure channel. To prevent anyone from being able to listen on the network and reuse the packets of authentication from the client from before, all packets include a timestamp. If the timestamp coming from the client is out by more than default 5 minutes from the Domain Controllers time, it will discard the packet as fake.

The ”Maximum tolerance for computer clock synchronisation” Group Policy can change this, but don't.

In a domain, all DC’s will automatically synchronise time with the Domain Controller that has the PDCe role running. The DC with the PDCe role should then be configured to use an external or internal NTP source. The time service on Domain Controllers is the time server for all clients in the domain that logon via that DC.

Windows Servers, will by default sync every 45 minutes until 3 successful sync’s, then every 8 hours.

So you have two choices:

1. Configure NTP on the ESX hosts
2. Install and configure VMware tools and configure it to synchronise time with the ESX hosts

or

1. Ignore the time on VMware
2. Disable VMWare tools time sync
3. Enable NTP on ALL DCs (or the PDCe)
4. Only use ONE or TWO common NTP servers for all DCs in the environment.

Dont “suspend” or “pausing” a Domain Controller

If the Domain Controller has been offline for too long, it will have objects on it that were supposed to have been deleted by the tombstoning process. If this happens the Domain Controller will stop replication with it’s partners. You will see an event in the logs with:

ID 2042, Source NTDS Replication, Description: It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.

Instead of pause, shutdown any Domain Controllers. VMotion/Live Migration is OK as it is so quick.

Don't Snapshot a Domain Controller

If you revert to an old snapshot of a Domain Controller you break consistency in your Active Directory domain. Don't ever do it unless you want to cross the streams, you know, Cats and Dogs living together .

Looking to move from XXX for Virtualisation?

Interesting article: http://www.theregister.co.uk/2011/11/03/v_index_server_virtualization_q3_2011/ 
(I have cleaned up this it is not a direct quote)

Virtualisation market faces shake-up, By Timothy Prickett Morgan

Posted 3rd November 2011 21:41 GMT

This info comes from the latest V-Index survey from Veeam Software, a maker of add-on management tools for VMware's ESXi hypervisor, which is conducted on a quarterly basis in the US, UK, France, and Germany.

The survey only of large companies – those with 1,000 or more employees. About a third of the companies surveyed had more than 3,000 employees.

In the September V-Index, 86.5 per cent of the 578 organisations that participated in the poll had some sort of server virtualisation in their data centres. And across all enterprises, including those who did not have server virtualisation at all, an average of 38.9 per cent of servers were virtualised, and they had an average of 701 servers in their data centres.

Primary server virtualisation hypervisors, by vendor

The penetration of various hypervisors on x86-based servers depends on whether virtualisation is being used to run virtual desktop infrastructure (VDI) or more traditional server workloads.

On traditional server stuff

• VMware with 67.6 per cent of those companies that have hypervisors ESX or ESXi is their primary hypervisor
• XenServer 14.4 per cent going for
• Hyper-V 16.4 per cent from Microsoft.
• Others category, which accounted for a meagre 1.6 per cent.

When you shift to talk about hypervisors running on servers to specifically stream VDI desktops:

• ESX 54.2 per cent
• XenServer 24.9 per cent
• Hyper-V by 20.3 per cent

Now here's the interesting bit: 38 per cent of companies using virtualisation for traditional workloads say they are planning to change their hypervisor next year (2012).

The cost of the current hypervisor platform was cited as the main reason for the jump by 58.9 per cent of the jumpers, with nearly half saying that they didn't like their current vendor's licensing model, and they did like the features offered with alternative suppliers or that the alternatives had matured enough that they could contemplate making a shift.

W2K8 R2 Server Core Commands

 

Yes it has been out for ages, and yes everyone knows, but I am putting these all together as a reference. Enjoy or ignore. ;)

Rename computer

• hostname
• WIN-C6UDA2DS5FF2
• netdom renamecomputer WIN-C6UDA2DS5FF2 /newname:HyperV1
• shutdown /r

Join the domain

• netdom join HyperV1 /domain:PebblyHill /userd:Administrator /passwordd:*
• shutdown /r

IP Address details

• ipconfig
• Windows IP Configuration
• Ethernet adapter Local Area Connection 1:
• Connection-specific DNS Suffix  . : pebblyhill.com.au
• Link-local IPv6 Address . . . . . : ae70::0d04:dea2:b323:4db5
• IPv4 Address. . . . . . . . . . . : 192.168.0.20
• Subnet Mask . . . . . . . . . . . : 255.255.255.0
• Default Gateway . . . . . . . . . : 192.168.0.1

Allow ping and RDP through the firewall

• netsh firewall set icmpsetting 8
• Ok.
• netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
• Updated 1 rule(s).
• Ok.
• netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
• Updated 16 rule(s).
• Ok.

Or disable the firewall:

• netsh firewall set opmode mode=disable

Enable remote desktop

• cscript C:\windows\system32\scregedit.wsf /ar 0
• Registry has been updated.

Install Hyper-V

• start /w ocsetup Microsoft-Hyper-V
• shutdown /r

If you did not join a domain, using GPOs for update settings and need to manually setup windows update the following commands are for you (This will use the default time of 3am to check for patches)

• Cscript c:\windows\system32\scregedit.wsf /au 4
• Net stop wuauserv
• Net start wuauserv

Update right now

• Wuauclt /detectnow

Check the update status

• Cscript scregedit.wsf /AU /v

From here on in you can use the RSAT tools on a client to do the rest

SCVMM 2008 R2 converting VMware ESX Error (2912)

 

I have Windows Server 2008 R2 hosts running HyperV.  Using SCVMM 2008 R2 to migrate existing VMware ESX VM's. I copied the VMDK and VMX files to the SCVMM Library and then tried to do a V2V and get the following errors when trying to migrate a VMware VM:

“Error (2912)
An internal error has occurred trying to contact an agent on the MyServerName.DNS.com server.
(Unknown error (0x8004232c)).”

The conversion gets to 66% and fails on the task 1.3 “Make operating system virtualizable[sic]”

Turns out this stage is trying to START the VM to remove VMware tools and and install the Integration Services. But there was no NIC card selected so it fails.

Try again with a network card and voilà.

A hotfix rollup (build 4.0.3594.2) is available for Forefront Identity Manager 2010 (FIM2010)

Original link: http://support.microsoft.com/?id=2520954

This hotfix rollup package replaces the following hotfix rollup packages:
2502631  2417774  2272389  2028634  978864 

Fixed issues in Workflow Engine

1. An error message: Cannot enlist in the transaction because a local transaction is in progress on the connection.
2. The time stamp is the same as the time when the operation fails.

Fixed issues in Sync Engine

1. Fixes an SQL query construction issue that occurs during an import. This issue affects a DB2 database that uses a non-Unicode character set.
2. Fixes many "Export not reimported" errors that might occur because of errors in SQL.
3. An ExpectedRulesEntry (ERE) object is associated to a child synchronisation rule of a Metaverse object. If the ERE object has a Remove action, deprovisioning of the object is also being triggered. which causes the deletion of the Metaverse object.
4. Fixes an access violation when a custom extension calls a COM+ object.
5. An earlier hotfix introduced a special Extensible Connectivity Management Agent (ECMA) mode to keep unconfirmed exports in escrow instead of awaiting confirmation. An issue with that hotfix causes delta sync to add new items that are not merged with an escrowed export into a pending export. After you install the hotfix that is mentioned in this article, if the ECMAAlwaysExportUnconfirmed registry entry is set to 1, the escrowed and pending changes are merged.
6. Improves the performance of all Sync Engine operations.
7. A password reset that uses the ADMAEnforcePasswordPolicy registry setting fails when the user is in the Administrator group but is not an administrator.

Fixed issues in Sets and Query

1. Fixes an issue that would sometimes cause incorrect Set calculations. This resulted in lots of set corrections. Also revised the Sets Correction job so that it does not change special sets that are maintained by another system maintenance job.
2. Revised the FIM "Query and Sets" features to treat underscores and precent signs as literals instead of as SQL wildcard characters.

Fixed issues in Certificate Management

1. Enables the random number generator in the server key generation function.
2. Improves the performance when enrolling a smartcard that has not previously been used with FIM Certificate Management (CM).

Fixed issues in FIM Management Agent (MA)

1. Fixes an issue in which the FIM synchronisation service configuration for synchronisation rules and codeless provisioning was not correctly written to the FIM Service database.

Fixed issues in FIM Service

1. Fixes an issue with SQL Server deadlocks that might occur during periods of high concurrency of requests or approvals.
2. Fixes an issue in which unexpected data in the FIM Service database could result in the FIM MA causing the Synchronisation service to fail during import, and a stopped-server error occurred.
3. Fixes an issue when you add or remove a value for a multivalued string attribute. If the request was subject to authorisation such as request reevaluation, the request would fail after approval.
4. Some ExpectedRuleEntry objects and DetectedRuleEntry objects in FIM 2010 can become "orphaned" over time. When a DetectedRuleEntry object is not referenced in the DetectedRulesList of any object in the system, that object is determined to be orphaned. Similarly, when an ExpectedRuleEntry object is not referenced in the ExpectedRulesList of any object in the system, that object is also determined to be orphaned.

You still need KB979214 if you turned on the AD trashcan: http://davestechnology.blogspot.com/2011/07/w2k8-r2-ad-recycle-bin-and-fim.html

Turned on the Active Directory trash can only to find out the FIM (Forefront Identity Manager) has not stoped synchronising some objects? Well fear not, they are in sync, but to the trash folder!

Below shows an object that is in sync, but to the delete item. There is a hotfix for it that installs on the DC. KB979214 is the patch.

Single or dual CPU in VDI?

This is a really interesting article that shows in limited testing that additional CPUs for the client session will give a better overall performance to the VDI pool. Nice to see it tried and counter intuitive result that shows consuming more resource is better overall for the environment.

“

From this results, I can certainly say, an additional CPU will:

• boost the streaming/boot up process
• improve responsiveness and registration of virtual desktops
• with an increased cost of the CPU hit on the hypervisor

So the takeaway will be:

• If you are planning to go big with huge number of VMs lifecycling every day…
• If you have large amount of working shifts which you may need to provision in advance…
• If your cycling window need to be the shortest possible…

…in all those cases, an additional CPU will improve your cycling processes, reducing the registration gap of virtual desktops, with an additional cost of higher peak of host CPU utilisation, improving your infrastructure uptime.

“

Source: http://blogs.citrix.com/2011/10/23/will-2-vcpu-desktops-improve-your-uptime/

How to Optimise XenDesktop Machines

 

Original link:http://support.citrix.com/article/CTX125874 (Citrix Article)

The TargetOSOptimizer tool reconfigures various Windows functions to optimize the performance of the operating system for virtual desktops. Optimisation of the master VM is typically performed before the desktop catalogue is created.

Procedure

To optimise your master virtual machine, select the option to optimise the desktop when you install the Virtual Desktop Agent. This applies a predetermined set of optimisations specifically recommended for pooled and dedicated machines as part of the Virtual Desktop Agent installation process.

To apply additional optimizations to the master virtual machine at a later date, run the TargetOSOptimizer tool manually.

Optimisations are applied either through changes to the Windows registry or programmatically by disabling specific features. Some optimisations are only applicable to certain versions of Windows or, for physical machines, specific hardware such as particular network adapters.

A backup file named optimisations.reg is stored in the installation folder for the TargetOSOptimiser tool, typically located at C:\Program Files (x86)\Citrix\TargetOSOptimiser. Apply this file to the Windows registry to revert the most recent set of optimisations on the master virtual machine..

Specific Optimisations Performed by the Virtual Desktop Agent Installer

Disable Windows Autoupdate
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
WindowsUpdate\Auto Update]
"AUOptions"=dword:00000001
"ScheduledInstallDay"=dword:00000000
"ScheduledInstallTime"=dword:00000003
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
"Start"=dword:00000004

Disable Offline Files
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache]
"Enabled"=dword:00000000

Disable Disk Defragmentation BootOptimizeFunction
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction]
"Enable"="N"

Disable Background Layout Service
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
OptimalLayout]
"EnableAutoLayout"=dword:00000000

Disable System Restore
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000001

Disable Last Access Time Stamp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisableLastAccessUpdate"=dword:00000001

Disable Hibernate
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
Various keys and values are set according to the version of Windows detected.

Disable CrashDump
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl]
"CrashDumpEnabled"=dword:00000000
"LogEvent"=dword:00000000
"SendAlert"=dword:00000000

Disable Indexing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cisvc]
"Start"=dword:00000004

Reduce Event Log File Size to 64 kB
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\
Application]
“MaxSize"=dword:00010000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\
Security]
"MaxSize"=dword:00010000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\
System]
"MaxSize"=dword:00010000

Reduce Internet Explorer Temporary File Cache
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CacheLimit"=dword:00000400 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Content]
"CacheLimit"=dword:00000400 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CacheLimit"=dword:00000400
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Content]
"CacheLimit"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\Cache\Paths]
"Paths"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\Cache\Paths\path1]
"CacheLimit"=dword:00000100
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\Cache\Paths\path2]
"CacheLimit"=dword:00000100
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\Cache\Paths\path3]
"CacheLimit"=dword:00000100
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Internet Settings\Cache\Paths\path4]
"CacheLimit"=dword:00000100

Disable Clear Page File at Shutdown
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"ClearPageFileAtShutdown"=dword:00000000

Disable Superfetch (Windows 7)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysMain]
"Start"=dword:00000004

Disable Windows Defender (Windows 7)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"Start"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run]
"Windows Defender"=hex(2):00

Disable Windows Search (Windows 7)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSearch]
"Start"=dword:00000004

Disable Scheduled Disk Defragmentation (Windows 7) Programmatic optimisation.

Additional Optimisations Available When Running the Tool Manually

Disable Move to Recycle Bin (Windows XP)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\BitBucket]
“UseGlobalSettings"=dword:00000001
"NukeOnDelete"=dword:00000001

Disable Move to Recycle Bin (Windows 7)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoRecycleFiles"=dword:00000001

Disable Machine Account Password Changes
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\
Parameters]
"DisablePasswordChange"=dword:00000001

Disable UDP Checksum Offload (Only When a Broadcom NIC Is Detected)
Programmatic optimisation.

Citrix Licence server and Repeaters

According to: support.citrix.com/proddocs/topic/licensing-119/lic-fs-accessing-firewall-c.html

Firewall Considerations

If there is a firewall between your product and the license server, you need to configure port numbers. This configuration process entails:

• Open up the firewall ports. Open any ports on the firewall that you modified so that traffic can flow. For Windows Server 2008, the license server Version 11.5 or later configures the built-in firewall automatically.

This is not my experience and instead needed to do so manually. If you use default port numbers for use by Licensing components you will need to manually create IP/TCP port exceptions for the following:

• TCP/27000 License server (Citrix apps, XenDesktop etc.)
• TCP/7279 Vendor daemon (Repeaters)
• TCP/8082 Console Web (optional).

Citrix Branch Repeater VPX setup

Default login and set an IP Address

Login: admin
Password: password

Give it an IP, DNS and Name:

set adapter apa -ip YourIPaddress -netmask 255.255.255.0 –gateway YourRouter
set dns-server YourDNSserver
set hostname YourVPXname

Display details:

show interface
show adapter

Set admin password and create a new Admin:

add user -name UserName –password Password -privilege admin
set user -name admin –password YourPassword -privilege admin

Restart and test:

restart

 

Then go to a web browser: https://YourIPaddress  to licence via a central license server going to the

“System Tools: Manage Licenses”

• License Server Location: Remote.
• Remote License Server Address: Enter the IP address of your license server.
• Remote License Server Port: The default will work unless you chose a non-standard port for your license server
• Model: match the selection to the BW limit in your license, that is “Citrix Branch Repeater V10” refers to a 10 mbps license.
  

NOTE: #

69520. Description: After adding licenses to a license server that previously had
none, any Branch Repeater VPX units will fail to notice the new licenses for
24 hours.

Recommended action: Restarting Branch Repeater VPX will cause the new
licenses to be noticed immediately. Stopping the license server for at least
15 minutes and then starting it again will also work.

Windows 7– lost thumbnail view

This has been killing me, but I found the answer, sorry I can’t credit the original poster.

1. Open Control Panel
2. Choose Folder Options
3. Click the Views tab
4. Uncheck "Always show Icons, never thumbnails"
5. Uncheck "Display file icon on thumbnails"
6. Click Reset Folders button.

Thank goodness !

SSH to a Citrix Repeater (Linux or VPX)

You can SSH to it using putty etc but the user name/password, does not work  and you get “Access Denied”.

Ahh, the user name is ‘CLI’

Then it will ask for the real user name, such as:

login as : cli

login: admin

password: ShhhhSecret11

Hey Presto!

XenDesktop pools verse dedicated machines

Choosing pooled verses dedicate machines depends mainly on the access and control you want to grant the user of the virtual desktop.

Pooled – good for task workers

1. Pooled machines provide desktops that are allocated to users on a per-session, first-come first-served basis. For pooled-static machines, users are assigned a specific machine from the pool when they first log on to XenDesktop. Users are connected to the same machines for all subsequent sessions. This allows users of pooled-static machines to be associated with specific VMs, which is a licensing requirement for some applications.
2. Pooled-random machines are arbitrarily assigned to users at each logon and returned to the pool when they log off. Machines returned to the pool are available for other users to connect to.

Pooled desktops are freshly created from the master VM when users log on via the provisioning server.

Any changes that users make to their desktops are stored for the duration of the session, but are discarded when users log off. Of course you can use profile manager to help with this and store the user details.

This solution maintains a manually created single master VM in the data centre dramatically reduces the time and effort required to update and upgrade users' desktops. This allows you to periodically replace this master for patches etc.

Dedicated – good for power users and administrators

1. Dedicated machines provide desktops that are assigned to individual users. Machines can be assigned manually or automatically assigned to the first user to connect to them. Whenever users request a desktop, they are always connected to the same machine, so you can allow users to personalise their desktops to suit their needs.

Dedicated desktops are pre-created from the master VM via the snap-shot and the first time that users log on, they are assigned this machine. Several users can access the same machine (at different times).

Maintains an automatically created snap-shot of the catalogue master VM. But as for changes, the user has to look after the computer or you re-mint them a new image as needed.

Sources: http://support.citrix.com/proddocs/topic/xendesktop-rho/cds-choose-scheme-type-rho.html

Removing Licences from the Citrix Licence server

This is handy if you are using the Desktop Controller that lets you add licences such as the Repeater VPX but does not allow you to delete them. You can see them in the web console but not delete them.

You can manually delete license files that are no longer in use from their Windows directory and restart the service.

The license files are stored in:

• C:\Program Files (x86)\Citrix\Licensing\MyFiles
  
• Stop the Citrix Licensing services
• Delete the old license files
• Restart the Citrix Licensing Services

XenDesktop 5.5 and vSphere 5

Yes it is (almost) fully supported. Including the Virtual Distributed Switch (vDswitch). However you do need to upgrade the Provisioning Server (PVS) to v6 to support it as 5.6 fails if vDwitches are used.

If you are using the Machine Creation Service (MCS) then you don't need to do anything. However if you upgrade VMWare tools, you need to re-install the Citrix Virtual Desktop Agent VDA.

There is a short whitepaper here: http://support.citrix.com/article/CTX130681

We will be upgrading today.

Additional Information Sources:

http://blogs.citrix.com/author/johnfa

http://blogs.citrix.com/author/richm

XenApp 6.5 reboot schedule

Man, it used to be a tick in a box, but now it is a policy but can still be done. Here is how:

XenApp 6.5

Create the Worker Group

• Right-click Worker Groups and select Create Worker Group.
• In the Name field, type: Weekly Reboot
• Click Add, and select the servers

Create the Citrix Policies

Launch the Delivery Services Console.
Click Policies, Computer, New, In the Name field, type: Weekly Reboot

In the Search All Settings field, type: reboot.

Scroll to:

• Reboot Logon Disable Time and click Add.
• Reboot Schedule Frequency and click Add.
• Reboot Schedule Start Date and click Add.
• Reboot Schedule Time and click Add.
• Scheduled Reboots and click Add.
• Click Enabled and then OK.

Click Add for Worker Group.

Click Add and type: Weekly Reboot

Save. Repeat the steps above for each additional Worker Group.

From a command prompt on one of the XenApp servers, type: gpupdate /force. Or just wait until the allocated time.

 

Source: http://support.citrix.com/article/CTX126043