Symantec Endpoint Protection 12.1 RU1 and AppV 4.6 2 Comments

Another moment of pure fun with Symantec Endpoint Protection... I liked the version 11 so much and I was missing mysterious Symantec issue so much I decided to update the anti-virus software to 12 on all my customer XenDesktop virtual machines... The version we chose to deploy was Symantec Endpoint Protection 12.1 RU1 (version given by the security administration team), the update went fine, no BSOD, no weirdness and that was weird actually, I was prepare and ready for so much trouble, nothing happened ! the vDisk was updated and the only change this time was SEP, so I pushed the next vDisk into production. Few hours and next day, users were complaining about App-V applications launch issues, that was a known issue because the App-V infrastructure is a bit old (v4.5 on the server-side) and begin to have some weirdness after the weekly reboot (services started but no stream.., next blog post I guess) So we checked everything out around the App-V servers and App-V client (4.6 SP2) and the only things we saw was error in event log but nothing to really think App-V was the root of these issue. Some streamed applications were working some other not.   After searching again and again, I just roll back one vDisk to use the earlier version to check if everything was ok with the earlier version and yes, everything was working fine with App-V applications. So i went to check Symantec knowledge base and I found these two articles : Application Error when launching an App-V virtualized application on a computer with SEP 12.1 client installed. New fixes and enhancements in Symantec Endpoint Protection 12.1 Release Update 2 So you guessed it right, the update to Symantec Endpoint Protection 12.1 RU2 is fixing App-V 4.6 compatibility issues... App-V virtualized applications cannot load with Proactive Threat Protection installed Fix ID: 2689005 Symptom: App-V virtualized applications cannot load with Proactive Threat Protection installed. Solution: Changed Application Control and User Mode Hooking to allow NTDLL image validation. So, one more time thank you Symantec to waste our time and make our life much more complicated !

XenDesktop 5.6 – The WinRM service is unable to start. 10 Comments

During a XenDesktop 4 to 5.6 migration I had to deploy WinRM on Windows XP SP3 virtual machines. I had a Desktop Group of 60 Machines for developers with IIS installed on it. WinRM installation went fine but the configuration wasn't possible, I always got an error when the service was trying to start : The WinRM service is unable to start because of a failure during initialization. Additional Data The error code is 1300.   After trying to understand what was wrong I found in the Local Security Settings / Local Policies / User Rights Assignment / Generate security audits, only LOCAL SERVICE was authorize, so I just try to add NETWORK SERVICE account as well. Then and at last WinRM service was able to start normally. Now everything is working like a charm with Desktop Director.

Windows Server 2012 – Migrating FSMO Roles 6 Comments

I installed one AD when Microsoft Windows Server 2012 was still in Release Candidate with the Datacenter edition, of course since few days my DC was rebooting every hour, the trial licence did expire few days ago.. So I had to install a new DC and promote it the transfer all FSMO roles from my "old" server to the new one. First thing I had to do is to add this new server to the existing forest as a new domain controller : I did it using the gui but you can also use PowerShell to get the same result : Now the server has been added to the forest as a new domain controller, on the new server after launching PowerShell command line, i used the Move-ADDirectoryServerOperationMasterRole command to transfer all the FSMO roles. EAch role corresponding to a number :   Role Name Number PDCEmulator 0 RIDMaster 1 InfrastructureMaster 2 SchemaMaster 3 DomainNamingMaster 4 So my command line looked like that This is it ! Don't forget to demote the "old" domain controller before getting rid of it. I wanted to blog about that because I'm not manipulating Active Directory controller every day and here is my scratch notebook so, this is to keep track on what I'm doing and share information.

Citrix CloudGateway 2.5 – MDX 5 Comments

What about MDX ? I think this is smart move from Citrix who push toward managing Apps and native Apps deployed to the mobile devices instead of trying to fully manage the device itself. Now this technology is not mature yet and needs some time and improvement and each version is a giant step forward. I'm really looking forward what's coming and soon be announced by Citrix. Overview Full support for both personal and corporate usage (BYOD) Corporate apps and data secure even on employee-owned devices New consumer-driven devices supported immediately No risk of corporate data loss or compliance exceptions when: Device is lost or stolen or employee leaves organization Collaboration / file sharing apps used on the device Governance is built-in Policies can be updated on hundreds of apps with no requirement to change source code No requirement for developers to change the way they develop apps or learn mobile security standards What is the meaning of MDX ? Mobile Device eXperience. There are 3 key MDX technologies :   Application wrapping tool Mobile App Wrap tool runs on Mac OS X Mobile App Wrap tool for Android Beta Available Takes a pre-compiled iOS native application bundle (.IPA) as input Produces repackaged iOS application bundle with Citrix app wrapper logic inserted (.MDX) Recertifies the repacked app with using a customer provided enterprise distribution profile TIP : Where are stored IPA files on your MAC OS ? Mac OS X 10.7 Lion and 10.8 Mountain Lion: ~/Music/iTunes/iTunes Media/Mobile Applications/ Mac OS X 10.6: ~/Music/iTunes/Mobile Applications/ Windows 7: C:\Users\Username\My Music\iTunes\iTunes Media\Mobile Applications\ App Preparation Tool for iOS Applications (iOS only) installation The application can be launch from the Applications within the Citrix folder Using Citrix App Preparation Tool :   And then the application is asking for an iOS Distribution Provisioning Profile and iOS Distribution Certificate If you're like me and wondering how to get this two things, here you are : iOS Distribution Provisioning Profile [link] and [link] iOS Distribution Certificate [link] This is where it hurts... to get the iOS Distribution Provisioning Profile a subscription to the iOS Developer Program is required and this is about 99$ per year. Then the deployment can be done with the AppController   and voilà ! Since there are still a lot of NDA topics about this subject and since I won't pay 99$ to Apple to write a bit more about that, that's it for now but it gives a…

I don't post official announcement from companies usually but I have to good reasons to post this one : This is a very interesting and useful reading, a must know data you need to have in mind and it's refreshed often enough to stick to the real world environment. Then two of my CTP mates are leading this project with great enthusiasm : Jeroen VanDeKamp and Ruben Spruijt. Amsterdam, 17 January, 2013 - Project Virtual Reality Check (Project VRC) is pleased to announce the release of the long awaited 'Phase V' white paper which provides independent insights in the impact and best practices of various antivirus (AV) solutions on VDI performance. The R&D project ‘Virtual Reality Check’ (VRC) was started in early 2009 by the Dutch IT companies PQR ( and Login Consultants ( and focuses on research in the desktop virtualization market. Several white papers were published about the performance and best practices of different hypervisors, application virtualization solutions and Windows Operating Systems in server hosted desktop solutions. This new white paper contains the test results of the VDI performance impact of the antivirus solutions from three leading vendors: McAfee, Microsoft and Symantec. “When VDI is implemented into production, performance is often a serious issue. A performance impact of up to 40 percent is not unusual after antivirus is installed.” said Jeroen van de Kamp, CTO of Login Consultants “While this aspect has been less of an issue with PC’s or laptops, with performance sensitive environments like VDI it means you need to invest in servers and storage. This was the reason for us to investigate, and provide objective data about, the exact impact of antivirus on VDI”. “It is important to highlight the fact that Project VRC does not evaluate the quality of the security features of the different AV products, but only provides information about the impact these solutions have on VDI performance” said Ruben Spruijt, CTO of PQR “By testing and comparing different solutions and configurations we discovered the best practice to perform a pre-scan of the master image before it’s deployed. The effect is huge and therefore highly recommended”. Another key finding published in the white paper is that antivirus off-loading architectures makes a big difference from a storage IO point of view, but not always from a session density point of view. All Project VRC tests are performed with Login VSI (, the industry standard benchmarking tool for VDI. This software tool…

Microsoft Windows 8 Enterprise – Windows isn’t activated issue 1 Comment

This is an annoying issue, I just downloaded the ISO from Microsoft and had to face the impossibility to activate it... "Windows isn’t activated” Error Code : 0x8007007B, the filename, directory name, or volume label syntax is incorrect. The pre register product key is not good and you basically need to change it using the following command (using administrator privilege" Open a command prompt window slmgr /ipk HGTY3-JVFJH-3B5VD-WZR8D-JDGR8 (Your own product key of course) The old product key will be replaced with the new one and Windows 8 RTM will be activated automatically.  

Microsoft Windows Embedded 8 Standard Toolkit 3 Comments

This very big ISO file need to be installed on Windows to be able to use it. Tis toolkit has been design to customize Windows Embedded 8 deployment by giving three softwares : Image Configuration Manager, Module Designer and Windows Embedded Developer Update. The installation is simple, next next ok finish, you just need to know you need to have both 32bit and 64bit ISO DVD of Windows Embedded 8 to be able to package and customize installations. Once the installation is done, the three icon are available on the Metro Desktop.   First stop  the Image Configuration Editor You can build an image by using Image Configuration Editor. If you chose the advanced path for image development, this process will get you started with building an image. Although it takes more time to build an image by using Image Configuration Editor than by using Image Builder Wizard, this tool is the most flexible and versatile way to define your image requirements, especially when you need the image size to remain small.   This has been very easy to create to WinPE media folder, you can create USB key as well. The Module Designer If you wish to add a module and integrate it to you custom deployment, this is quite easy as well :   Windows Embedded Developer Update Windows Embedded Developer Update is an application that you can use to automatically search for, download, and install the latest updates for Windows Embedded 8 Standard. And this is it, I made several custom media ready for deployment and Microsoft kept the good way and keep simple the Embedded software customizations. But this haven't evolve dramatically since many years now, maybe admin tools should evolve as much as Windows Operating System are changing.

Microsoft Windows Embedded 8 Standard 7 Comments

Microsoft had to make Windows 8 available as an embedded OS for thinclient (among other use cases) I had to try it out to check what is changing regarding Windows 8 Standard or Enterprise edition and previous Embedded OS. What's new in Windows 8 Embedded and with this Release Preview : Rich Line of Business Experiences Delight your customers with smooth, responsive, immersive experiences powered by Windows 8 applications, Multi-Touch, Internet Explorer 10 and more. Connected Deliver a solution that stays up and running, and allows you to connect to the things that matter most inside and outside the four walls. Targeted Deliver a targeted device experience with powerful OS development tools and enhanced lockdown and branding capabilities to meet the line of business needs of your customers. Intelligent Systems Ready Create a device that can be secured, managed and connect to IT systems to extend intelligence through the business process. Secure Utilize Windows 8 technologies to protect the device, data, and network to keep business running smoothly. The hardware requirements to install this OS are as follow : 1 GHz 32-bit or 64-bit processor. 1 GB of operating system memory (32-bit system) or 2 GB of operating system memory (64-bit system) 11 GB of free hard drive space for complete installation One or more of the following media devices: DVD-ROM drive USB 2.0 port If you want to read more about Windows 8 click here [link] First the installation of this OS is straight forward as Windows 8 is, there are some different options regarding image you might want to use for deployment (WIM)   The installed naked OS look like that : And the "regular desktop" Regarding raw performances, I've been really surprise to see Windows 8 Embedded was behaving very smoothly on a thin client like HP t5740e [link]   I also installed it on my XenServer @ Home as a Windows 8 vm and XenTools installation went fine, no issue yet, I gave to this VM 2 vCpus and 1024Mb of memory to check what were the raw performances out from the box   When Windows 8 Embedded is installed, the space used on the hard drive is 3,39gb : That was the presentation and the basic stuffs with Microsoft Windows 8 Embedded Release Preview, now here is what's I like to do, keep digging to find some cool stuff under the hood. Let's try the ThinClient template…

Citrix CloudGateway 2.5 – Configuration 14 Comments

One more time for those who won't have time to try another release here is a short and simple blog about Citrix CloudGateway 2.5, you'll be able to read and see accross this blog post different steps and screens to setup the AppControler. New version are coming along with every time as much new features as fixes from the previous releases. This new release, CloudGateway 2.5 is in fact an update of only one component, the AppController (from v2.0 to v2.5). The StoreFront Service remains the same version with v1.2, App Preparation Tool (MDX), Mobile App Management and ShareFile Sync for Receiver have been added to the CloudGateway package. And CloudGateway is now CloudGateway Enterprise. What's new : Administration Enhancements Email Provisioning file Basic Workflow Management AppController w/ShareFile Storage Zones Policies for Web/SaaS/Mobile apps Me@Work mobile apps (@WorkMail and @WorkWeb) Mobile Device Management Receiver for Windows VPN Integration AGEE UI Customization To read the full list of all the new features go here : [link] Initial Configuration After importing the application (Esx or XenServer), through the console or remote ssh access (if you enabled it) you can : Check System Date Check System Disk Usage Current used space Displays space available Toggle SSH Access To access same console menu via SSH No root access to the file system Reset Certificate Generates a self-signed certificate and becomes active Restart / Shutdown AppController The default and password are administrator/password, a prompt will appear when connecting the web ui for the first time to change it. Once the network configuration is done, the UI can be accessed with a browser : https://AppControlleripaddress:4443/ControlPoint/ Using the default login and password, a wizard appear to configure the appliance : Once you login again with the new password you define for the administrator, the brand new web UI looks very neat Then we can add role using the Role tab:   Now we can add/create applications and applications categories by using the Apps & Docs tab, to create new categories :   And to add Applications :   Adding Web Link Apps is as simple as that :   ShareFile configuration : Using a browser to navigate the AppController url will now present all the Apps configured above :   The blog serie : Citrix CloudGateway 2.5 - Configuration Citrix CloudGateway 2.5 - MDX Citrix CloudGateway 2.5 - ShareFile Citrix CloudGateway 2.5 - Access Gateway (Netscaler) Citrix CloudGateway…

Happy New Year 3 Comments

I wish to every single one of you a happy new year with the best wishes to go with. 2012 is in the past and won't remain as the best year for me ! Any way, now it's time to rock the v-world, virtualization, cloud and so many good stuff are coming this year ! I hope to see you around, here or there !