As I got an unlimited access to Windows Azure I wanted to check out how I could extend my lab into it and use it to store VMs workload (at first). Here what you need : Citrix NetScaler VPX (tested with NS10.1: Build 122.17.nc & NS10.1: Build 123.9.nc) Windows Azure Access Homelab (running on vSphere 5.5) Of course, you need licence for everything... Considerations : Before configuring a CloudBridge tunnel between a CloudBridge appliance in datacenter and Microsoft Azure, consider the following points: The CloudBridge appliance must have a public facing IPv4 address (type SNIP) to use as a tunnel end-point address for the CloudBridge tunnel. Also, the CloudBridge appliance should not be behind a NAT device. (or you'll have to setup a route for your LAN computers, I'm explaining how to at the end of this blog) Azure supports the following IPSec settings for a CloudBridge tunnel. Therefore, you must specify the same IPSec settings while configuring the CloudBridge appliance for the CloudBridge tunnel. IKE version = v1 Encryption algorithm = AES Hash algorithm = HMAC SHA1 You must configure the firewall in the datacenter edge to allow the following. Any UDP packets for port 500 Any UDP packets for port 4500 Any ESP (IP protocol number 50) packets IKE re-keying, which is renegotiation of new cryptographic keys between the CloudBridge tunnel end points to establish new SAs, is not supported. When the Security Associations (SAs) expire, the tunnel goes into the DOWN state. Therefore, you must set a very large value for the lifetimes of SAs. You must configure Microsoft Azure before specifying the tunnel configuration on the CloudBridge appliance, because the public IP address of the Azure end (gateway) of the tunnel, and the PSK, are automatically generated when you set up the tunnel configuration in Azure. You need this information for specifying the tunnel configuration on the CloudBridge appliance. First thing first, you need to use your Windows Azure account and follow the next step to begin to configure the IPSec tunnel by creating a local network In the left pane, click NETWORKS. In the lower left-hand corner of the screen, click + NEW. In the NEW navigation pane, click NETWORK, then click VIRTUAL NETWORK, and then click ADD LOCAL NETWORK. In the ADD A LOCAL NETWORK wizard, in the specify your local network details screen, set the following parameters: NAME VPN DEVICE IP ADDRESS In the lower right corner of the screen,…
AntiVirus software are always pain in the ass when it's about delivering desktops through golden images system like Citrix Provisioning Services. It's changing but still, in most of the company I'm working for there is always the AntiVirus dude who is yelling and requesting to be able to watch / watch and be able to know where the Antivirus software is deployed, if it's up to date and if all the machine are ok. Last blog I did about an antivirus was about Symantec SEP 11 (here) and Symantec did their job by understanding what was a virtual environment about with the version 12. With TrendMicro and ServerProtect, we're not there yet... Even if their product Office Scan seems to fit better the needs, today I had to deal with Trend Micro ServerProtect installed on the PVS golden images. The problem remain the same, a Trend GUID is created when installing the piece of software on the golden image but won't change across multi machine usage. The Trend GUID is located in the registry : HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerProtect\CurrentVersion\SpntService\NS_GUID with a 75 long character chain. What I had to do : Create a 75 random character string Replace the registry value create a flag so the value won't change at each reboot So I did with my crappy PowerShell skills a very small script (and thanks to Livio @EldejiPoint for the cleanup ^^ ) So this script will be executed as a startup script for the computer (using GPOs) and by creating a trend.txt file on the fixed drive (d:\) the generated Trend GUID won't change upon the file is removed. I hope it will help !
Citrix XenApp 6.5 Hotfix Rollup Pack 3 is available since the 12nd of December 2013 (link) and I went through several deployment until today. I got this error on a worker server (PVS Golden image) while installing this update. The error : "Error 25822. Setup could not install the drivers required for this product." stop the installation process and rollback to the original state of the XenApp server. As the installation wen fine on other servers within the same farm, I chose to take some time to investigate this issue. First thing first, running the patch update by generating a log file with msiexec : and when i opened the log file i found the error : The installer stop because the file ctxsbx.inf is not found on the XenApp server, after a google search i found this old XenApp KB CTX121887. As mention in this kb I made a copy of this file on the target XenApp server from another one where the file is. It did work but after that the installer remaion stuck on drivers installation process and remain on loops. The only way to make sure my server would survibe this installation was to cancel everything, repair the XenApp installation and reboot the server at the end. Once the server was back online again, I tried to apply the HRP3 again and everything went finaly fine.
This one has been pain in the ass to find out... Since Java 7 (1.7_xx) the security and setting management is a total nightmare. This is so messy you can't find a reliable information on Oracle website... The worse thing is all the mechanism seems to change between versions... from 1.7_01 to _11 is one way to do thing and version after it's done another way... Here is the ugly pop up I want to eliminate from the user interface on the XenApp Desktop. To do so, I had to check every change within files, registry to finally find out everything was located in the registry for this version of java, JRE7 1.7_13... So I wanted to create a GPP to target user connected on the XenApp servers, here is my xml file created from a registry export : Next, I wanted to filter this GPP with a WMI filter, this WMI Query will look for locations of the JRE7 Folder on the System and if found it will apply the policy. And this works ! I didn't need to do anything with deployment.properties and deployment.config as described everywhere on the Oracle website... (This website is really pain in the ass to find good documentation...) I hope it will help, and I hope Oracle will stop to change the way we need to use to manage Java configuration....
I blogged about how to automate Citrix XenDesktop 7 deployment and database creation, and how to join and existing XenDesktop 7 site unattended, but now to continue and go a bit further in the automation process, I needed and wanted to know how to automate Hosting Configuration by Adding Connection and Resources to the DDC in an unattended way. This blog will cover creation process for XenServer 6.x and vCenter (vSphere) 5.1 since I don't have access to a Hyper-V (yet), I went over Citrix eDoc to check how I could do this and I found here : [link] Thanks to Livio for some PowerShell help :) It helps to understand whet need to be setup and after few tests I ended up writing this script to automate this part : This script have been tested with Citrix XenDesktop7 and XenServer 6.2 and vSphere 5.1
So auto-install and auto join an already XenDesktop 7 Site is cool but what if you need to automate the first DDC installation ? Here is how I did with help of a great blog (Timm Brochhaus) who made a script available for everyone, and I personally used it. Let's do it for a full automated installation, I will install all the components from XenDesktop 7. Timm Brochhaus wrote a very cool blog and give you the explanation about a script he wrote to automate this part with a very useful script. Juts don't forget to run this script in 32bit mode.... [link] I did use Timm's script and here is the result I got : 3 databases were created, one for the Site informations, one for the log informations and a last one for monitoring (edgesight-like) Now we are ready for the next step which is site creation with the command New-XDSite with the result : If I use the script Timm make available and use the same syntax, this is pretty easy to add this line and add what we need to automate DataBase creation + Site creation in one script : So now your XenDesktop 7 DDC is ready to work, you can launch the Desktop Studio console, you just need to create your Machine Catalogs and Delivery Groups etc... This next part of automation is in my next blog about XenDesktop 7
The VDA version delivered with XenDesktop 7 bits is 184.108.40.20618 The VDA can be deployed two ways, via the GUI setup and in an unattended way. Using the GUI is easy and can be done very quickly - but it remains manual deployment. Here are screenshot so for the one who won't have time to check it out, you can already know what you might face very soon. Next blog will be about VDA installation for Desktop and Server OS
We all need to automate things, we need to fast deploy, fast provision and stay lazy, not doing the same thing every day... So let check how we can industrialize XenDesktop 7 deployment (the easy part) and configuration (I guess the tricky part). First to deploy XenDesktop 7 using command line is simple and very well documented [link] Installs XenDesktop Server Options can be (see documentation for further details): /COMPONENTS CONTROLLER, DESKTOPSTUDIO, DESKTOPDIRECTOR, LICENSESERVER, STOREFRONT /EXCLUDE <package> excludes a package from installation /HELP, /H, /? Shows this dialog /NOREBOOT Suppress reboot after installation (if needed) /PASSIVE, /QUIET Do not show UI during installation /REMOVE Remove components (instead of installing) /CONFIGURE_FIREWALL Configure Windows Firewall /NOSQL Do not install SQL Server Express 2012 /NO_REMOTE_ASSISTANCE Do not install Windows Remote Assistance when installing Director I will add a second server to my existing deployment (1 DDC, Windows 2012 XenDesktop 7) my command line to install components I need look like : The XenDesktop 7 "Framework" is now installed but the is still configuration an Site join to automate. Using Powershell this is an easy step as well : This command line will update the database automatically, if you do not wish to, you need to specify it : Note : if you had DesktopStudio open, to show the change on the new DDC, refreshing the mmc is not enough, you need to close and open it again. Last thing, to remove a DDC using command line, still with PowerShell : This command line will update the database automatically, if you do not wish to, you need to specify it : Note : You must execute this commend another DDC than the one you want to remove. So to sum-up, this is very easy to automate XenDesktop DDC deployment once the first DDC is set up. The next step will be to try to automate the first DDC installation and configuration.
XenDesktop 7 is now available with different features and entitlements (link) and yes there is a lot to read on this webpage but most of everything is already known features. So I will just write now what I read between the line : No more Citrix Streaming Application (RIP) in favor of Microsoft APP-V XenServer is now version 6.2 and Open Source ! http://www.xenserver.org/ Seamless Local Apps is now official and build-in. PVS is version 7 now and MCS continue its evolution. (I'll come back later on a blog post about that) Edgesight is included in XenDesktop 7 (Another blog post subject) Storefront is now version 2 Receiver for Windows is v4 Windows 8 and Windows 2012 supported Many other changes I need to cover later on Several editions are available today : Now this is time to show you how the installation process, pretty straight forward as I already mention and this is for those who are curious about this new version and don't have tie to POC it or try it right away. To download Citrix XenDesktop 7, this is the way -> [link] XenDesktop 7 Edocs : [link] XenDesktop 7 Admin Guide : [link] XenDesktop 7 Upgrade Guide : [link] XenDesktop 7 Install Guide : [link]
At many customer place and even more often now RDS and XenApp servers are virtual I see C: drives (System drives) full without a tiny byte left... This is even more painful when roaming profiles need to be store on the same drive. This is the default behaviour for roaming and local profile creation, their location is "c:\Users" or "c:\Documents and Settings" About User Profile Windows : [link] Very often the virtual machine hard drive are calculated with the OS space need and few application added and many time the page file has already been moved to anther drive, but many admins forget to calculate user's profile space needed regarding the number of user logged on per vbox... So what I'm doing on almost all the deployment I do now a day when there are roaming or local profile involve, I just set the UserProfile location to another drive than the system drive, D: for example. This can be done by changing a registry key and here is the location with default values : But I'm so lazy, I had to make an adm for that as well... You can download it here : By changing this value a folder will be automatically created with correct ACL. I think this is a useful tip, just keep in mind it doesn't change the default location of the public folders and the default profile : Tested on Windows 2003, 2008 and 2008R2 with and without Citrix User Profile Management. And last words, TEST it before doing in on a production environment.