Thinking of Bitlocker or Bitlocker To Go?

Bitlocker works well… ‘well-ish’ is probably better to say. Let just start with the issues.

1. No TPM, NO C: Encryption period.
2. With TPM, you need to reboot to enable TPM, then turn on Bitlocker for C: and the process will make a new 300mb partition on the drive and reboot again. Then it will encrypt your C: – which takes 1/2 hour or more depending on size of data.
3. BitLocker To Go – (BTG) only supports FAT/FAT32 – not NTFS?
4. Once a drive is unlocked (D: local drive or a BTLG drive) on a user session it stays unlocked unless you script it to lock or you logout/logon again.
5. Unlocking the drive is via a password, but to lock it again requires Administrator access CMD prompt “manage-bde –lock d:”

So that said, it does work, it works well and even lets you share USB drives with WXP and Vista users with provided software that lets you ‘unlock’ the data on those platforms. Which is nice.

Got C: Encrypted then you can pause it for updates/upgrades (you don't need to decrypt it). Which is nice.

So here is my little thought flow chart on how it works.

 

Unlock as user with UAC

Relock running as Administrator !

Microsoft Office 2010 Suite SKU options

(for any large customers you have the choice of Standard or Professional Pro)

SKUs for Volume Licensing (this is the business end of Office):

Office 2010 Standard – Word, Excel, PowerPoint, OneNote, Outlook, and Publisher. This is the basic Suite for businesses that have bought a volume programme.

Office 2010 Professional Plus – Word, Excel, PowerPoint, OneNote, Outlook, Publisher, Access, InfoPath, Communicator, and SharePoint Workspace.

SKUs for OEM, PKC or FPP:

Office 2010 Home & Student – Word, Excel, PowerPoint, and OneNote. Non-commercial use. Licensed only to the PC it was sold with (FPP it can be installed in up to 3 PCs.)

Office 2010 Home & Business – Word, Excel, PowerPoint, OneNote, and Outlook. Home-based businesses and dual users. It is the entry-level commercial Office 2010 Suite.

Office 2010 Professional – Word, Excel, PowerPoint, OneNote, Outlook, Publisher, and Access.

FREE SKU that come with new entry level PCs only:

Office 2010 Starter – Word Starter, Excel Starter. Both applications limited-functionality, advertising-based ones. It is licensed only for the PC it came pre-installed in, no installation media.

AD Domain forest and domain levels

 

I know this is old information, but I always seem to go back to it, so here it is for me… Oh, you can look at it too.

Forest functional level

 

Forest functional level	Domain controller operating systems supported
Windows 2000 native	Windows Server 2008 R2 Windows Server 2008 Windows Server 2003 Windows 2000
Windows Server 2003	Windows Server “8” Beta Windows Server 2008 R2 Windows Server 2008 Windows Server 2003
Windows Server 2008	Windows Server “8” Beta Windows Server 2008 R2 Windows Server 2008
Windows Server 2008 R2	Windows Server “8” Beta Windows Server 2008 R2
Windows Server “8” Beta	Windows Server “8” Beta

 

Domain functional level

Domain functional level	Domain controller operating systems supported
Windows 2000 native	Windows 2000 Windows Server 2003 Windows Server 2008 Windows Server 2008 R2
Windows Server 2003	Windows Server “8” Beta Windows Server 2008 R2 Windows Server 2008 Windows Server 2003
Windows Server 2008	Windows Server “8” Beta Windows Server 2008 R2 Windows Server 2008
Windows Server 2008 R2	Windows Server “8” Beta Windows Server 2008 R2
Windows Server 8 BETA	Windows Server “8” Beta

Want to self install SCCM WIM?

Problem summary

Deploying a Windows 7 SOE via SCCM has the requirement on the network being available to build or install of the operating system and applications, but in the event of a critical outage (such as a network worm or major virus outbreak) the network may be down or compromised. This situation is normal for traditional organisations but in the case of a critical infrastructure service provider a solution is needed to enable end-users to rebuild their own machine (with IT direction).

Options

There are several technologies that are available for all or parts of this solution:

1. System protection (build into Windows 7)

2. Recovery console (build into Windows 7)

3. Safe Mode (build into Windows 7)

4. Windows backup (build into Windows 7)

5. Previous versions (build into Windows 7)

6. VHD, Running on (bespoke effort)

7. Self-image MOE (bespoke effort)

8. SCCM Offline Installation Media.

 

Possible solutions

Previous versions

Previous versions are copies of files and folders created automatically and saved as part of a restore point. You can use previous versions to restore files and folders that you accidentally modified or deleted, or that were damaged. Previous versions cannot be used on system files and does not offer protection for the types of errors this document is discussing.

System protection

System protection regularly creates and saves information about your computers system files and settings. It saves these files in restore points, which are created just before significant system events, such as the installation of a program, device driver or scheduled once every few days. To restore these files the user opens the control panel and restores the state via an applet.

Windows backup

The internal backup software can create a system image (exact copy of a drive). This image includes the files required for Windows to run. You can use a system image to restore the contents of your computer when your hard disk or computer fails. When you restore your computer from a system image, it’s a complete restoration – you cannot choose individual items to restore, and all of your current programs, system settings, and files are replaced with the contents of the system image.

Recovery console (aka Windows Recovery Environment)

The recovery console is a partial version of Windows 7 with a set of tools that you can use, with a backup created earlier, to recover your system. This can be used to recover drives, partitions and operating systems. This software can be made available on the local computer or restarting the computer, via pressing F8 or on a boot of a Windows 7 Setup disc.

Safe Mode

Safe mode is a troubleshooting option for the Windows 7 that starts the computer in a limited state. Only the basic files and drivers necessary to run Windows are started. This service is used by IT technicians and is complicated, not user friendly and is in general a last chance option for OS repair.

VHD Running

Windows 7 has the technology built in to run the operating system in a virtual hard drive (VHD) – as compared to a traditional disk partition. This allows the flexibility of several copies of this virtual hard disk and therefor several copies of the operating system to be available at boot time. This is flexible in some ways but does have limitations (page file etc.).

Self-image

The traditional way a Windows 7 image is deployed to a workstation is via the network from a SCCM distribution point. This gives the flexibility of the most current OS image being available at any point in time, but does limit the deployment to when the network is available. A self-image MOE would have the MOE image deployed to the local computer as a file/image and would allow the user to re-install this OS as needed with a reboot.

SCCM Offline Media

Using stand-alone media doesn’t require access to SCCM during imaging because all components needed during the imaging process are copied to the stand-alone media and available locally.

Way forward

Looking at the technologies that are available some are simply not for end users and these can be ruled out for several reasons:

1. System protection – requires the user to run the restore process, and is not a simple solution for end users.

2. Recovery console – designed for IT processional and is not suitable for end users.

3. Safe Mode – designed for IT professional and is not suitable for end users.

4. Windows backup – designed for IT professional and is not suitable for end users.

5. Previous versions – not a solution for this problem.

This leave three possible solutions that are available to address this problem. These solutions will require your evaluation, testing and prototyping to see which is the best fit for for you and can be made user friendly enough so that this can be activated by the end user as needed:

1. VHD Running

This solution would require capturing the image or deploying the image as a VHD, setting up a backup process, automate the steps and creating a boot menu for users to rollback/forward as needed on reboot.

2. Self-image MOE

This solution would possibly require repartitioning the local drive, the update of the local SOE to support the self-image, the updates to the MOE image to support self-image, automate the steps and creating a boot menu for users to rollout MOS as needed on reboot.

3. SCCM Offline Installation

This is the solution is supported by Microsoft for offline deployment and it is a more simple solution leveraging existing system management platform.

Effort

Looking at these solutions an SCCM, Windows 7 expert can build a series of lab servers, clients and tests these solutions, this will allow a prototype to be created, pros and cons identified, a gap analysis identified and plan for the production rollout.

So do you think you need this technology? If so give me a call and I can organise someone to help.

LabelFlexGrid.Initialize

Object doesn’t support the property or method

This obscure error was caused by a mix of OCX (vb6 support files) that were installed on a W2K3 server. To fix this particular issue I removed all the OCXs from the server, installed a new VM, SP2’ed it, copied over the OCXs and registered them all again using the DOS command.

CD \Windows\System32
for %f in (*.ocx) do regsvr32 %f

And the app will live again for another day… I wish it would go away…

Mincom, Ellipse, WinView CICS on W2K8 R2

XenApp 6.5, Windows 2008 R2

If you are trying to get the Mincom desktop running on Citrix/Terminal Server on W2K8 R2. And the customer has not upgrade since Mosses brought down the 3 tables there are some upgrades needed:

First, this error is due to a X64 incompatibility, to fix this you need Mincom desktop v6.3.3.5 or higher. Download and install this error goes away.

Once this is fixed the CICS Gateway 6.02 throws this error.

Get the updated software, then remove 6.02 and install 8.1

The location for the configuration INI has moved to a new location (programdata\ibm\cics transaction gateway)

Update the INI file via the configuration tool to add TCP (not sure if this is 100%required)

Lastly change from CICS gateway manual to automatic and start the CICS transaction gateway.

XenApp Delivery Console has no XenApp node? XA5

 

I am running a retro XenApp 5 on Windows 2003 to support Internet Explorer 6 and after they are running and in the Delivery Console the XenApp node for configuration is MIA.

Nice.

It should be just at the bottom of this picture but is sadly missing.

The problem is with Dot.Net 2.0 and you need to re-register the PSE.core.dll, complete the following procedure:

So open a command prompt, enter the following:

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>regasm /codebase "C:\Program Files\Common Files\Citrix\Presentation Server - Administration Snap-in\PSE.Core.dll"

Start the delivery console and volar !

Here is the Citrix article on it: http://support.citrix.com/article/CTX126048

XenApp v5 install fails – no error message

 

If you are having a retro day too (need IE6?) then you may be installing XenApp 5 on W2K3 and IE6, but the installation fails with the error… no error. Nice

The log file in the temp folder has something like this:

MSI (c) (70:74) 11:05:13:794: Failed 1603

So to get a better log run the installation manually using this command:

msiexec /i mps.msi /L*v install.log CTX_MF_SERVER_TYPE=”P”

Where “P” = Platinum,”E”=Enterprise,”A”=Advanced

This told me that the MPS.MSI file failed….

“Message : Installation of 'c:\xa5\XenApp Server\w2k8x32\mps.msi' failed with error code 1603. Fatal error during installation”

There are several issues

My problem was the ISO extractor. I had used MagicISO to extract the ISO. I deleted this and used WINRAR to extract it to C:\XA5 and it worked fine.

It can be the Visual C++ Redistributable Package (VCRedist) installation might not complete correctly during the XenApp 5.0 Feature Pack 2 installation. 

Or you need to install from local media (not over the network)

Changing SQL account, password XenApp 6.5

 

If you have problems connecting to the XenApp servers via the AppCenter it could be the test account you are using had its password expire? It did for me, this is the useless error and how to fix it.

Look into the event log for more information

If it is the password use the dsmaint command.

Here is how, open CMD as administrator and go to:

CD “C:\Program Files (x86)\Citrix\Independent Management Architecture”

The command to run is:

dsmaint config /user:yourDomain\yourAccount /pwd:yourPassword /dsn:"C:\Program Files (x86)\Citrix\Independent Management Architecture\mf20.dsn"

Restart the IMA Service

 

 

 

Changed SQL Server?

If you are changing the SQL server, you will need to edit your MF20.DSN with the new server name:

“C:\Program Files (x86)\Citrix\Independent Management Architecture\mf20.dsn“

If you are changing the SQL logon name change this in the DSN too.

Here is a sample:

[ODBC]
DRIVER=SQL Server
DATABASE=MyFarmDataBaseName
UID=MyUserAccount
APP=Citrix IMA
SERVER=MySqlServer
Trusted_Connection=Yes

Created the wrong DHCP option type?

 

Never fear the NETSC command will help you…

So you created the scope and choose WORD. nice.

But you wanted STRING.. doh.

And of course it cant be changed. But go to a CMD prompt and away we go.

Open a CMD window…

Run netsh

dhcp server 10.0.0.1

Command completed successfully.

delete optiondef 60

Command completed successfully.

Reload the server manager to re-read this information and you can start again.

App-V RDS not running locally W2K3

 

If you are testing App-V then you are likely to use the local installed package (ie an sequences application that has been created as an MSI that you install and run without a streaming server or remote share or SCCM server).

This works fine on (in my case, all terminal servers nah RDS servers) W2K8 x86 and W2K8r2 but on W2K3 x86 I would get the same error over an over. “A network connection was not detected”.

I tried the RDS client 4.5, 4.6, 4.6 sp1 and hotfix 1/3/4. All the same. Then I removed it, rebooted and reinstalled the 4.6 client using this command line to install it:

“Stand-Alone Client for use With Streaming”

Setup.exe /s /v"/qn SWICACHESIZE=\"12144\" SWISKIPDATASETTINGS=\"false\" SWIGLOBALDATA=\"C:\AppVirt\Global\" SWIUSERDATA=\"^%APPDATA^%\" SWIFSDRIVE=\"Q:\" REQUIREAUTHORIZATIONIFCACHED=\"0\" ALLOWINDEPENDENTSTREAMING=\"1\" AUTOLOADONLAUNCH=\"1\" AUTOLOADONLOGIN=\"0\" "

As you see above in bold the allow independent streaming was set but it did not work, it should have be set to ‘1’. But it gave the error that "you do not have sufficient permissions to stream from a file" Shown below.

To fix this go to the registry and set the following:

HKLM\SOFTWARE\Microsoft\SoftGrid\4.5\Client\Configuration and change the value "AllowIndependentFileStreaming" value to 1.

And then it works fine.

 

ME:
https://twitter.com/DaveColvin
http://davestechnology.blogspot.com.au
https://facebook.com/DaveColvin
https://plus.google.com/u/0/108931920885627816138
http://XPFalcon.com

Windows x86 and x64 App-V Packages

 

So you want to re-use the packages already built on a 32bit OS?? In some cases the packages will work, but once they get a little more complicated and have more requirements (for example the Oracle client just caused me issue, etc etc). They may no longer work.

My Problem: App-V variables for file path

The App-V Sequencer and client use Windows “well-known”  paths such as
%ProgramFiles% for a 32bit computer as “C:\Program Files” but on a x64 computer this is “C:\Program Files” and there is also %ProgramFiles(x86)% which is “C:\Program Files (x86)”.

With the client doing the substitution when the software installs then it can go to the wrong location and break internal links and references…

And before you ask, no you cannot change these settings. So you may need to update your source program BEFORE you sequence it.

Additional to this is the registry can cause issues, that has not affected me yet, but read the following article for more information. Oh and good luck…

Note: App-V 4.6 supports x86 and x64 bit applications on x86 and x64 operating systems.

Note2: Supported platform matrix:

Really good details are here:
http://blog.gridmetric.com/2011/09/26/possible-caveats-in-mixing-32-bit-and-64-bit-app-v-packages-and-environments/

Story about App-V 64 bit support:
http://myitforum.com/cs2/blogs/kkaminski/archive/2010/02/22/app-v-4-6-64-bit-application-support.aspx

Error 1603 while installing XenApp 6.5 on W2K8 R2

 

This error showed up as many problems, drilling into the log it showed as the SRM.MSI and then another and another after recopying these faulty MSI packages...  By the way 1603 is a general MSI failure, not Citrix specific.

I looked into the log and tried to run it directly with the same error.

I was not using the ISO image as it was a VM on someone else VMware and so I could not mount it, I had infact extracted it via a linux computer. This caused issues with SOME not all of the MSI’s or support files.

The way I fix it was to mount the CD/DVD as a image on a VM, copy the files out, and recopy these over the media I was trying to use. That fixed it.

Lazy ANZ Bank Phishing Spam

 

Wow, they are getting lazy now.

Citrix, constancy is nice in a GUI

 

It is a small thing but a little consistency would be nice… I have one example below, just one, I am being nice.

MFCOM Error in the Citrix XA 6.5 discovery process (W2K8R2)

 

Error MFCOM Service error when running doing the initial Citrix discovery (w28kr2/XA6.5)

“Errors occurred when using <server name> in the discovery process.

An unexpected error occurred. Check that the server name is correct, that the server is on, that Citrix Presentation Server is installed on this server, and that the Citrix MFCOM Service is running.”

There are multiple possible causes for this issue. The most common are as follows:

First, did you run the first time configuration?

See below, it will show this error as the IMA service does not start because it is not configured… Run the XenApp Role Manager and follow the bouncing ball.

Still a problem?

Enable / install the network com+ service

Add the user to the BUILT-IN\Distributed COM

Users group on the server you are connecting to. The recommendation is to do this using groups.

Another option to check.

set the DCOM Default Impersonation

On the server, set the DCOM Default Impersonation Level to Impersonate by following these steps:
a. Go to Administrative Tools, Component Services, Computers, Right-click My Computer and select Properties.
b. Select the Default Properties tab.
c. From the Default Impersonation Level drop-down list, select Impersonate and click OK.

Reboot and try again.

 

http://support.citrix.com/article/CTX112853

http://support.citrix.com/article/CTX126977

http://support.citrix.com/article/CTX119519

Do you need VMware ESX? (vSphere)

Update:1 – corrected some numbers. Thanks @jasonboche

Let me just say I love VMware, particularly ESX and have worked with it from before GSX was in shorts, back in the workstation days, when only para-virtualisation existed. I have rolled out ESX 2/3/4 farms (no 5 yet)… I have never had a purple screen of death, I have never had to rollback a workload to hardware, I have VMed Exchange 2k/2k3/2k7, DCs 2k-2k8r2, file & print, SQL servers, Citrix servers they all run great on ESX/ESXi.

But do you need it? Or are you after a solution has all the features, are you after the Rolls Royce? What are you really trying to do? Are you exotic or somehow special?

You want ESXi that's fine, go ahead I don't get paid either way, but then nor does anyone so please do.

Lets just think about what server virtualisation does (as of todays date):

Feature	ESX/ESXi	Hyper-V	XENserver
Bare-metal architecture	Yes	No, but core	Yes
VMotion like	Yes	Yes	Yes
Small footprint	Yes	No, but core	Yes-ish
Cluster (pool)	32 nodes	16 nodes	16 nodes
CPU virtualisation	Yes	Yes	Yes
RAM Support Host	2TB	1TB	1TB
RAM support VM	1TB	64GB	128GB
RAM overcommit	Yes	Yes	Yes
NIC teaming	Yes	No*/vendors	Yes
VM RAM Page sharing	Yes	No	No
Ballooning	Yes	Yes	Yes
Capacity prioritisation	Yes	Yes-ish	Yes-ish
Traffic Shaping	Yes	No	No
Virtual NIC	Yes	Yes	Yes
Virtual switches	Yes	Yes	Yes
VLAN tagging	Yes	Yes	Yes
Dynamic volume resizing	Yes	Yes	Yes
Raw device mapping	Yes	Yes	Yes
LUN management	Yes	Yes-via vendors	Yes-add on
Guest Windows	Yes	Yes	Yes
Guest Linux	Yes	Yes-limited	Yes-good
Guest Other	Great	OK	Good
Paravirtualisation	None (good!)	Yes, LAN/Disk	yes-ish
Distributed Power Mgnt	Yes	Some	Some
Wake-on LAN	Yes	No	No

There are hundreds more features such as “Boot from SAN” which are specific or particular so I have not listed them above, if YOU need them they are critical but lets just focus back on the 99%

So to look at this list above there are some clear areas where ESXi wins out, specifically on the very large scale, telco scale, intensive power saving, dare I say cloud providers… But if you are one of the people who just need a bunch of VMs per server for general workloads any of the three products above is going to work fine. Scale up the CPU, RAM, Network cards and you can go to higher density?

The limits are disappearing.

So now lets look back at yourself, do you really need ESX? Maybe you could save some money… Look around.

Just before signing off, read this: http://www.thincomputing.net/2011/03/07/how-many-users-can-i-host-per-server-with-remotefx-for-hyper-v-and-what-is-the-cost-per-user/

This document is the source for the core of this post:
“vmware-vsphere-features-comparison-ch-en.pdf”
Intel: “xeon_7500_Virtualization_solbrief.pdf”

* Microsoft say dont use teaming, but vendors support it. Buyer beware… Microsoft Support Policy for NIC Teaming with Hyper-V - http://support.microsoft.com/kb/968703

Folder redirection on Windows 7

Without an intervention from you, users settings and user files are stored in the local user profile, under the Users folder on the local drive. “C:\USERS\etc”. I think we all know we cant trust users to backup so lets look at it.

There are two technologies to ‘fix’ this situation, Roaming Profiles and Folder Redirection.

Folder Redirection lets you redirect the path of a folder to a new location. The location can be another folder on the local computer like a D: or a directory on a file server. to the users it is as if the documents were based on a local drive. The documents in the folder are available to the user from any computer on the network and offline via offline folders.

Advantages of Folder Redirection

If users log on to different computers on the network, their data is available.

Offline Files (which is turned on by default) gives users access to the folder even when they are not connected to the network. This is for people who use laptops.

When it is stored in a network it can be backed up…. Nice idea huh?

When using Roaming User Profiles, you can use Folder Redirection to reduce the total size of your Roaming Profile and make the user logon and logoff more quicker for the user.

You can use GPO to set disk quotas, limiting how much space is taken up by user profile folders.

You to select the location of the redirected folder on a network or in the local user profile:

1. Redirect everyone's folder to the same location. This setting enables you to redirect everyone's folder to the same location and is applied to all users included in the GPO
2. Create a folder for each user under the root path. This option creates a folder in the form \\server\share\User Account Name\Folder Name. Each user has a unique path for their redirected folder.

Folder Redirection in Windows 7 improves first-time Folder Redirection performance because the the computer redirected folder data in the background, not just at logon. However the first time a user logs on, Offline Files moves all files and folders from the server to the local cache. The user is blocked from logging on to the computer during this task. Then, Offline Files synchronises from the local cache with the redirected user folder on the server. . So turn this on at the initial deployment, not later and be careful of WAN links.

Offline Files synchronises new and changed files and folders from the local computer to the server when the network becomes available or in the background when the connection is slow.

Windows 7 new slow link detection

Slow link detection works via Network Location Awareness (NLA). This networking layer service allows applications, like GPOs, to request networking information from the network adapters in a computer, rather than implementing their own. NLA  monitors the existing traffic of a specific network interface. This provided two important benefits:

1. it does not require any additional network traffic to accomplish its bandwidth estimate no network overhead, and
2. it does not use ICMP.

Windows 7 slow-link mode, Offline Files

A shared folder automatically transitions to the slow-link mode if the round-trip latency of the network is greater than 80 milliseconds, or as configured by this policy.

After transitioning a folder to the slow-link mode, Offline Files synchronises the user's files in the background at regular intervals, or as configured by the 'Configure Background Sync' policy. While in slow-link mode, Windows periodically (every 2 Minutes) checks the connection to the folder and brings the folder back online if network speeds improve.

Wrap-up

It is not always plane sailing occasionally the laptop users loss where it was, don't let it sync or don't know where files are, but this is outwaited by the value of having their information backed up.

From the Start menu, type sync and it will bring up the sync centre to allow you to see what is going on.

 

This information is generally from here:
http://technet.microsoft.com/en-us/library/cc732275.aspx
http://blogs.technet.com/b/netro/archive/2010/09/15/slow-link-detection-for-offline-files-in-windows-vista-sp2-amp-windows-7.aspx
http://blogs.technet.com/b/askds/archive/2009/10/23/group-policy-slow-link-detection-using-windows-vista-and-later.aspx

VirtualBox Network command lines

 

If you run a bunch on VMs in VirtualBox and use NAT to keep consistent addresses changing the active network card (from wireless to wired etc) on the computer is a pain as you need to go into the VM and click disconnect network, ok, connect network ok.

Well that is way to may steps for my liking. Here is the command line to pop and icon in the desktop or run as a task/script.

vboxmanage controlvm "WORK SOE" setlinkstate1 off
vboxmanage controlvm "WORK SOE" setlinkstate1 on

If you want to change the network adaptor connection (ie, not connected or to the NAT), this is how.

vboxmanage controlvm "w2k8r2dc1" nic1 null
vboxmanage controlvm "w2k8r2dc1" nic1 nat

You can also start and sleep them on the command line.

vboxmanage controlvm "nameOmachine" savestate
vboxmanage startvm "nameOmachine"

And just to suspend the laptop from the command:
sudo pm-suspend

VMware clusters and multiple SANs

 

Most large organisations have two SANS and many larger organisation still have two or more data centres.

Lets just start with this is not a cloud, it is a data centre or separate SAN, OK that is off my chest. Bloody private cloud, this and that, don't get me started, “Why I oughta…”

You can utilise this architecture with VMware ESX/vSphere as active-active or active-passive, but I don't see value in active-passive so lets not speak of it again, it is not cheap, not effective and not quick. So back to Active-Active.

To build a single ESX cluster over 2 SANs (or 2 data centres) is basically the same, but as you reach out of the single data centre you need some extra configurations such as:

• An IP network with a minimum bandwidth of 622 Mbps is required.
• The maximum latency between the two VMware servers cannot exceed 5 milliseconds (ms).
• The source and destination ESX servers must have a private VMotion network on the same IP subnet and broadcast domain.
• The IP subnet on which the virtual machine resides must be accessible from both the source and destination ESX servers.
• The data storage location including the boot device used by the virtual machine must be active and accessible by both the source and destination VMware ESX servers at all times.
• Access from vCenter to all ESX servers is needed.
• The two SANs to be supported it must have synchronous data replication (sometimes and expensive add on).

The value of this is protection from a SAN failure and all hardware used. If this is across data centres then you also have DR knocked on the head (your mileage may vary).

There are some issues such as a power outage in DC1 will cause all the VMs to restart in DC2 via HA so it is not true protection from massive outages. Secondly if you use vMotion to move the servers to the other nodes in DC2 the SAN writes are now subject to the latency of this link, so there can be a performance penalty. Additionally DRS may need to be manually updated to be aware of this configuration.

This is how it would look (minus some SAN switches etc.)

Here are the VMware prerequisites:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2007545

Here is Cisco discussing this:

http://blogs.vmware.com/networking/2009/06/vmotion-between-data-centersa-vmware-and-cisco-proof-of-concept.html

Here is a good blog on this:

http://www.van-lieshout.com/2009/11/geographically-dispersed-cluster-design/

Stooging on XenApp 4? Upgrade now.

 

To clarify the distinction between upgrade and migrate:

• Upgrade: Installing a newer version over an existing version
• Migration: A clean, new installation of that program or service.

XenApp 4/4.5 –> XenApp 5

1. Upgrade Pres Server 4.0 for Windows Server 2003 to XenApp 5 for Windows Server 2003. In this case, to maintain the existing data store and server farm configuration. Each server must be upgraded, and Hotfix Rollup Pack 3 should be installed. In addition, the relevant components will also be upgraded. Lastly, .NET 2.0 SP1 or higher and Java Runtime Environment 1.6 Update 5 or higher are required.
   
2. Upgrade Pres Server 4.5 No FP1 or FP1 farm to XenApp 5 for Windows 2003. In this case, to maintain the existing data store and server farm configuration. This type of deployment is based on upgrading the relevant components only. If FP1 is not installed, please note that .NET 2.0 SP1 or higher and Java Runtime
   Environment 1.6 Update 5 or higher are required. In addition, Hotfix Rollup Pack
   3 should be installed.
   
3. Upgrade all servers in the existing Pres Server 4.5 FP1 farm to XenApp 5 for W2K3 and add several XenApp 5 for W2K8 servers to the farm until it can be
   transitioned to XenApp 5 for W2K8 entirely. This case is similar to the previous one, except that some XenApp 5 for W2K8 servers are added to the farm. In this case, maintain a mixed farm based on the existing data store and server farm configuration.
   
4. Migrate to a new XenApp 5 for W2K8 farm. In this case, the farm migration is based on a completely new installation of XenApp that initiates a new data store and server farm.

XenApp 5 –> XenApp 6

To transition to XenApp 6, administrators must migrate to a new farm and have the following options:

1. Create a new XenApp 6 farm and configure all settings manually
2. Create a new XenApp 6 farm and migrate settings from an existing XenApp 5 or Presentation Server 4.5 farm
   

Transferring settings from the legacy farm is best performed by installing the XenApp 6 Migration Tool on a XenApp 6 server and directly importing the settings by pointing at a server in the legacy farm. It is possible to import all settings or be selective. If the existing farm is based on server or application folders, these settings can be exported and designated so that they will be identified as Worker Groups within the new farm. Additional command-line entries are available to include, exclude, or modify specific settings. The administrator must have full administrative
rights in the target XenApp 6 farm and a minimum of view-only rights in the source legacy farm.

Prior to initiating the migration of settings, Worker Groups should be designated so that server and application silos can be assigned appropriately. This provides administrators with additional flexibility and enables a significant number of new servers to be added to the new XenApp 6 farm at once using a tool such as Citrix Provisioning services.

XenApp 6 –> XenApp 6.5

XenApp 6.5 implementations must be based on clean Windows Server 2008 R2 operating system installations as Citrix does not support operating system upgrades. Thus, there is no upgrade path to XenApp 6.5 from XenApp 5 or earlier products. In addition, a XenApp 6.5 farm can only encompass XenApp 6.5 servers - mixed farms are not supported.

Want ‘proper’ Java on Ubuntu 11.10?

 

I am of course an open source fan, but when it doesn't work, it is time for some proprietary solution. IE, Webex did not work with Icedtea Java Plugin and OpenJDK. Error "applet not initialized” at the bottom of the browser window.

So either apt-get remove or ubuntu software centre, remove OpenJDK and IcedTea java components.

then copy and paste the following:

cd 
wget https://raw.github.com/flexiondotorg/oab-java6/master/oab-java6.sh -O oab-java6.sh
chmod +x oab-java6.sh
sudo ./oab-java6.sh
sudo apt-get upgrade

Open the browser and go to:

http://java.com/en/download/installed.jsp

It was ask for a plug in, select the IcedTea java plug and you should be sweet.

Furth (dated) details here:

https://github.com/flexiondotorg/oab-java6

SQL Server Number verses Versions

 

Looking at a SQL server Management Studio there is a version number but it does not match the SQL release, here is a short table to map them.

SQL Server 2008 R2 Original 10.50.1600.1
With SP1 10.50.2500

SQL Server 2008 Original 10.00.1600.22
SP1    10.00.2531
SP2    10.00.4000
SP3    10.00.5500

SQL Server 2005 Original 9.00.1399.06
SP1    9.00.2047
SP2    9.00.3042
SP3    9.00.4035
SP4    9.00.5000

SQL Server 2000 Original 8.00.194
SP1    8.00.384
SP2    8.00.532
SP3    8.00.760
SP4    8.00.2039

SQL Server 7.0  Original -  7.00.623
SP1    7.00.699
SP2    7.00.842
SP3    7.00.961
SP4    7.00.1063

If you want even more detailed information look here:

http://sqlserverbuilds.blogspot.com.au/

End of life of XenApp 4.5 on Server 2003–look out IE6

 

Windows Server 2003 SP2 is end of life July 2015.

Citrix ends support for XenApp 4.5 (nah Presentation Server, nah MetaFrame, nah WinFrame) in March 2013 (v5.0 is also March 13).

IE6 running on this platform therefore officially has just over two years. Best get moving.

There is of course the Quest solution called affectionately: “Internet Explorer 6 Application Compatibility Solution Bundle” which is based on about $10-20 per Concurrent User.
http://communities.quest.com/community/vworkspace/blog/2011/06/21/ie6-application-compatibility-and-windows-7-deployment

For more information look at the following:

Citrix Lifecycle
http://support.citrix.com/article/CTX122442

Windows Lifecycle
http://support.microsoft.com/lifecycle/?LN=en-gb&C2=1173

Article from Brian Madden on this topic
http://www.brianmadden.com/blogs/shawnbass/archive/2012/01/17/citrix-plans-to-end-support-for-xenapp-6-0-in-2013-what-s-that-you-re-still-migrating-to-6-0.aspx?asrc=EM_NLN_16165585&uid=8579580

CSP-004-1W for CCSP 2011: Citrix Virtual Computing

 

Many of us need certification to keep vendors happy, in some cases they make it easy and other times they do not. Here is my quick guide to help you better understand the CCSP course CSP 004 1W.

Questions set 1

Question set 2

Citrix client on Ubuntu 11.10 (x64)

 

Linux Citrix Client v12

Go to Citrix.com, Downloads, Choose the Citrix Receiver for Linux x64.

Download Receiver for Linux English v12.0 10/5/11 .deb (format)

The Ubuntu installer will automatically install it, all you need is the certificates (if you get a cert error).

If you have Firefox already installed you can grab them (the destination path has changed from Ubuntu 10 and 11 for the client installation).

sudo cp /usr/share/ca-certificates/mozilla/* /opt/Citrix/ICAClient/keystore/cacerts/

And you are up and running.

Removing Unity from Ubuntu 11.10

 

Prerequisites before starting, get updated

sudo apt-get update

Install gnome classic

sudo apt-get install gnome-session-fallback

Log out then login and choose Gnome Classic from the little configuration button

Remove Unity packages and Unity specific tools

sudo apt-get purge appmenu-gtk appmenu-gtk3 appmenu-qt indicator-appmenu

sudo apt-get remove unity-lens-music unity-lens-applications unity-greeter unity-common unity-asset-pool unity-2d-launcher unity-2d libunity-misc4 libunity-2d-private0 gir1.2-unity-4.0

sudo apt-get purge liboverlay-scrollbar-0.2-0 liboverlay-scrollbar3-0.2-0 overlay-scrollbar appmenu-gtk appmenu-gtk3 appmenu-qt indicator-appmenu

Move the window chrome button to the same side as Windows, ie move from left side to right side.

sudo apt-get install gconf-editor

run gconf-editor in a terminal window

Navigate on the left of /apps/metacity/general
on the right side find the string button_layout and change it to :minimize,maximize,close

Logout and/or reboot. You are done.

Original geek who documented most of this: http://linux-software-news-tutorials.blogspot.com/2011/10/ubuntu-1110-oneiric-remove-unity-and.html

Planning on BYOD?

BYOD (device or desktop)

Bring your own device is both scary and exciting for most people, certainly for most IT managers and CIOs. I should start with the (what should be obvious) BYOD is not a money saver, it is a technology enabler. It is to build better collaboration for a single person – someone traveling, using a work desktop, an IPAD, a home computer etc or for a group of users in a collaborative group.

Plan BYOD for the right reasons.

1. Decide what you will support, will it go to devices? No, that is too specific and will date. Will it go to OS level, No, that will be wrong soon too. Just set some level of requirements, it must support passwords, auto password change, remote wipe etc. Then you can support any device today or future.
   
2. Determine what these shiny new devices can do? Will they connect to the LAN? Will they get a private WLAN? Can they access the intranet, internet, email, VPN etc etc? Maybe it is best to abstract them from the ‘real’ assets and keep them accessing services via Citrix or RDP? Will they authenticate with a CERT? Maybe an AD logon?
   
3. Determine the support you will offer, will you connect them to the network, install software, do the owners take responsibility? will you encourage or just tolerate the weird and wonderful knock-off tablets? Don't go to far, you can always go further but you cant go back !
   
4. Formalise the plans, the guides, the operations documentation, the security risks, VPN or network controls, IPSEC and routing these the devices. Maybe NAP and NAC have a future on the network if the devices can be managed?
   
5. Review the plan and execution after the first 50 devices and see what you got right and wrong. Then fix it.

It does not have to be a problem, it is just another opportunity.

Still sitting on W2K3 Servers? Upgrade, here is why

 

1. Windows 2008, W2K8R2, W2K8R2 SP1 features

Follow is a summary of the key features of Windows 2008 R2 SP1 which includes all features from the original Windows 2008 and Windows 2008 R2 (original). That is as compared to Windows 2003 server.

 

1.1. Active Directory

1.1.1. Domain Features

Read-Only Domain Controller (RODC) represents a new type of domain controller available in Windows Server 2008.

Active Directory Federation Services (AD FS), enables secure document and e-mail collaboration. AD FS provides Web-based extranet authentication and authorisation, single sign-on (SSO), and federated identity services for Windows Server environments.

Windows Server 2008, DFS replication for SYSVOL, Advanced Encryption Services (AES 128 and AES 256) support for Kerberos, Last interactive logon information, Fine-grained password policies (FGPP) for individuals and groups.

Authentication mechanism assurance, a user can have access to different resources if they log in with a certificate versus when they log in with just their username and password or via ADFS. Automatic SPN management, Passwords for these accounts will be reset automatically. And administrative tasks for managed service accounts can be delegated to non-administrators.

1.1.2. Forest Features

Windows Server 2008, No additional features.

Windows Server 2008 Windows 2008 R2, Active Directory recycle bin (must be enabled via command line).

 

1.2. Key Windows 2008 Technologies

Server Manager is the unified Microsoft Management Console (MMC) that offers an integrated experience for adding, removing, and configuring server roles and features.

Windows PowerShell, (superseded by PowerShell v2.0 in Windows 2008 R2).

Server Core installation which includes only the subsystems required for those server roles required on that particular server.

Next Generation TCP/IP Stack with redesigned TCP/IP functionality.

New Failover clustering to increase availability of applications and services (Enterprise Edition or higher).

Internet Information Services (IIS) 7.0, (superseded by IIS in Windows 2008 R2)

Windows SharePoint Services is a collaboration technology to improve business processes and enhance productivity.

Terminal Services to provide presentation virtualisation. ie a full Windows desktop from any computer. And application virtualisation via RemoteApp ie presenting only applications instead of the entire desktop.

Network Access Protection (NAP) prevents unhealthy computers from accessing and compromising servers and services.

Public Key Infrastructure (PKI) enhancements include support for enterprise auto-enrolment, Network Device Enrolment Services (NDES), the Online Certificate Status Protocol (OCSP), the Online Responder service, and version 3 certificates.

Windows Firewall with Advanced Security.

Federated Rights Management Services solution, provides a collaboration extension to eliminates the overhead of external user IDs when sharing email or Microsoft office documents to non-staff.

BitLocker Drive Encryption which encrypts the contents of a disk volume.

DFS Replication remote differential compression (RDC); which minimises the volume of replicated data that passes over the WAN. Cross-file replication uses a heuristic to identify when a file exists on the sending computer and not on the receiving computer, but similar files exist on the receiving computer.

Virtualisation through Windows server Hyper-V (superseded by Windows 2008 Windows 2008 R2 SP1)

 

1.3. Key Windows 2008 R2 Technologies

Remote Desktop Services with support for VDI or traditional terminal services.

DirectAccess, allowing remote staff to seamlessly connect to their work environment without the use of a virtual private network (VPN).

Hyper-V Live Migration, enables the movement of virtual machines from one host to another with no perceivable downtime. Hyper-V also supports for up to 64 logical processors to and supports new multi-core hardware and more scalable virtualisation.

BranchCache, reduces WAN bandwidth consumption between the data centre and branch offices.

Windows PowerShell 2.0, provides updated scripting capabilities to help automate server deployment, configuration and management.

File Classification Infrastructure (FCI), is a built-in solution for file classification and management.

Improved Power Management, with support for new processor core and storage power management, reducing power consumption and enhanced budgeting and metering capabilities.

Internet Information Services (IIS) 7.5: Delivers full support for .NET on Server Core, with PHP support, new management tools, and bundled extensions.

 

1.4. Key Windows 2008 R2 SP1 Technologies

Hyper-V Dynamic Memory - Dynamic Memory allows administrators to dynamically adjust memory usage depending on server demand.

VDI with RemoteFX, to support virtualised graphics resources and advanced codecs to enable local-like desktop environment including support for 3D applications, portable graphics content such as Silverlight and Flash, and Windows Aero.

Single set of SP1 updates for Windows Server and Windows 7 – Windows 2008 R2 SP1 delivers all previously released updates prior to Windows deploy and support a single service pack for Windows 7 and Windows Server 2008 R2.

Slip streaming Service Packs in Windows XP

Like most in IT I have a collection of ISO images and my WXP is SP2 which means every install is an update to SP3. So I have finally updated it after a few years. Here is how.

Copy your XP CD to your local hard drive (C:\XPoriginal)

Download XP SP3

Extract it to the local drive using the –x command line.

WindowsXP-KB936929-SP3-x86-ENU.exe -x:c:\XPSP3

Next, update the original media

cd \XPSP3\i386\update
update -s:c:\XPoriginal

Update the ISO file with WINRAR or similar and you are done.