Are we missing something ? 2 Comments

As you might know I'm the CTO of a super cool company here in France (Activlan) base around Paris and one side of my job is to watch in my crystal ball to know what our customers will need and how they could use us to remain on top of their productivity with their IT. Reducing cost and accelerate process; giving flexibility and liberty to their users and keeping the information safe when needed. What's very cool in my job is I always exchange so many things with you all during events, when we meet here and there, online and in real life that is give me a flavor of what's happening in IT in a lot of country very different than here in France. Of course I try to give back what I learned of all this shared experience and knowledge but these last months I've been busy working hard on some other project. So, this title brings me back to an old blog : VDI ok, What's next ?  published in May 2012 where my conclusion was : What really matters in the vWorld ? In the end, the data. I think that was about right in 2012 and you know, with all the VDI, RDSH, offline and online, Hypervizor of all type, application installed, streamed or isolated, using a phone a tablet, a thin client or a computer, in the end the only thing that matter remains data. Software vendor in our segment are pushing harder and harder their mobile (ie MAM and MDM) solution thinking everyone should buy these software and work with tablets and phones. I think we aren't still there just yet... When someone is hired in a company this is almost all the time a giant waste of time (and money) the first days... No desktop ready, no application access etc... In the big company, MDM and MAM need to be addressed but that will never be wildly use for the next 2/3 years, what user expect from their company is to have access to their data (core need) through a applications accessed via a desktop, or not but with a consistent environment. They want to work in an optimal way during their working hours and sometime be able to access their data from home or a remote location, but taking over the personal people's phone is over-rated for now. The MAM MDM hype remind me the…

List XenApp 6.5 hotfixes with PowerShell 8 Comments

This is a classic but needs to be written somewhere so I can find it again when I need it ! First thing, you need to add the XenApp Powershell snapin : Then you can use few very useful command to gather information and script your deployment / inventory. That's what you got access to, now I want to list hotfixes on XenApp servers, I used Get-XaServerHotfix "ServerName" The result format is not very useful and is about only 1 server in a farm of 100... And I was looking for all the servers which had the XA650R01W2K8R2X64061 hotfix installed I needed to have a list of all servers, only the machine name where this hotfix was installed. And the result look like this : This is simple and quite basic but it's very useful ! if you have any comment and/ or request, just drop me an email or comment !  

Cloudify my lab with Windows Azure 13 Comments

As I got an unlimited access to Windows Azure I wanted to check out how I could extend my lab into it and use it to store VMs workload (at first). Here what you need : Citrix NetScaler VPX (tested with NS10.1: Build 122.17.nc & NS10.1: Build 123.9.nc) Windows Azure Access Homelab (running on vSphere 5.5) Of course, you need licence for everything... Considerations : Before configuring a CloudBridge tunnel between a CloudBridge appliance in datacenter and  Microsoft Azure, consider the following points: The CloudBridge appliance must have a public facing IPv4 address (type SNIP) to use as a tunnel end-point address for the CloudBridge tunnel. Also, the CloudBridge appliance should not be behind a NAT device. (or you'll have to setup a route for your LAN computers, I'm explaining how to at the end of this blog) Azure supports the following IPSec settings for a CloudBridge tunnel. Therefore, you must specify the same IPSec settings while configuring the CloudBridge appliance for the CloudBridge tunnel. IKE version = v1 Encryption algorithm = AES Hash algorithm = HMAC SHA1  You must configure the firewall in the datacenter edge to allow the following. Any UDP packets for port 500 Any UDP packets for port 4500 Any ESP (IP protocol number 50) packets IKE re-keying, which is renegotiation of new cryptographic keys between the CloudBridge tunnel end points to establish new SAs, is not supported. When the Security Associations  (SAs) expire, the tunnel goes into the DOWN state. Therefore, you must set a very large value for the lifetimes of SAs. You must configure Microsoft Azure before specifying the tunnel configuration on the CloudBridge appliance, because the public IP address of the Azure end (gateway) of the tunnel, and the PSK, are automatically generated when you set up the tunnel configuration in Azure. You need this information for specifying the tunnel configuration on the CloudBridge appliance. First thing first, you need to use your Windows Azure account and follow the next step to begin to configure the IPSec tunnel by creating a local network In the left pane, click NETWORKS. In the lower left-hand corner of the screen, click + NEW. In the NEW navigation pane, click NETWORK, then click VIRTUAL NETWORK, and then click ADD LOCAL NETWORK. In the ADD A LOCAL NETWORK wizard, in the specify your local network details screen, set the following parameters: NAME  VPN DEVICE IP ADDRESS In the lower right corner of the screen,…

Trend ServerProtect 5.80, XenApp 6.5 / PVS 3 Comments

AntiVirus software are always pain in the ass when it's about delivering desktops through golden images system like Citrix Provisioning Services. It's changing but still, in most of the company I'm working for there is always the AntiVirus dude who is yelling and requesting to be able to watch / watch and be able to know where the Antivirus software is deployed, if it's up to date and if all the machine are ok. Last blog I did about an antivirus was about Symantec SEP 11 (here) and Symantec did their job by understanding what was a virtual environment about with the version 12. With TrendMicro and ServerProtect, we're not there yet... Even if their product Office Scan seems to fit better the needs, today I had to deal with Trend Micro ServerProtect installed on the PVS golden images. The problem remain the same, a Trend GUID is created when installing the piece of software on the golden image but won't change across multi machine usage. The Trend GUID is located in the registry : HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ServerProtect\CurrentVersion\SpntService\NS_GUID with a 75 long character chain. What I had to do : Create a 75 random character string Replace the registry value create a flag so the value won't change at each reboot So I did with my crappy PowerShell skills a very small script (and thanks to Livio @EldejiPoint for the cleanup ^^ ) So this script will be executed as a startup script for the computer (using GPOs) and by creating a trend.txt file on the fixed drive (d:\) the generated Trend GUID won't change upon the file is removed. I hope it will help !

XenApp 6.5 HRP3 install failled with error 25822 4 Comments

Citrix XenApp 6.5 Hotfix Rollup Pack 3 is available since the 12nd of December 2013 (link) and I went through several deployment until today. I got this error on a worker server (PVS Golden image) while installing this update. The error : "Error 25822. Setup could not install the drivers required for this product." stop the installation process and rollback to the original state of the XenApp server. As the installation wen fine on other servers within the same farm, I chose to take some time to investigate this issue. First thing first, running the patch update by generating a log file with msiexec :   and when i opened the log file i found the error :   The installer stop because the file ctxsbx.inf is not found on the XenApp server, after a google search i found this old XenApp KB CTX121887. As mention in this kb I made a copy of this file on the target XenApp server from another one where the file is. It did work but after that the installer remaion stuck on drivers installation process and remain on loops. The only way to make sure my server would survibe this installation was to cancel everything, repair the XenApp installation and reboot the server at the end. Once the server was back online again, I tried to apply the HRP3 again and everything went finaly fine.

Java Runtimes JRE7 – Your Java version is insecure popup 3 Comments

This one has been pain in the ass to find out... Since Java 7 (1.7_xx) the security and setting management is a total nightmare. This is so messy you can't find a reliable information on Oracle website... The worse thing is all the mechanism seems to change between versions... from 1.7_01 to _11 is one way to do thing and version after it's done another way... Here is the ugly pop up I want to eliminate from the user interface on the XenApp Desktop. To do so, I had to check every change within files, registry to finally find out everything was located in the registry for this version of java, JRE7 1.7_13... So I wanted to create a GPP to target user connected on the XenApp servers, here is my xml file created from a registry export : Next, I wanted to filter this GPP with a WMI filter, this WMI Query will look for locations of the JRE7 Folder on the System and if found it will apply the policy.   And this works ! I didn't need to do anything with deployment.properties and deployment.config as described everywhere on the Oracle website... (This website is really pain in the ass to find good documentation...) I hope it will help, and I hope Oracle will stop to change the way we need to use to manage Java configuration....

Citrix XenDesktop 7 – Create Persistent Hypervisor Connection and Hosting Unit, Unattended 13 Comments

I blogged about how to automate Citrix XenDesktop 7 deployment and database creation, and how to join and existing XenDesktop 7 site unattended, but now to continue and go a bit further in the automation process, I needed and wanted to know how to automate Hosting Configuration by Adding Connection and Resources to the DDC in an unattended way. This blog will cover creation process for XenServer 6.x and vCenter (vSphere) 5.1 since I don't have access to a Hyper-V (yet), I went over Citrix eDoc to check how I could do this and I found here : [link] Thanks to Livio for some PowerShell help :) It helps to understand whet need to be setup and after few tests I ended up writing this script to automate this part :   This script have been tested with Citrix XenDesktop7 and XenServer 6.2 and vSphere 5.1

Citrix XenDesktop 7 – Unattended from scratch 39 Comments

So auto-install and auto join an already XenDesktop 7 Site is cool but what if you need to automate the first DDC installation ? Here is how I did with help of a great blog (Timm Brochhaus) who made a script available for everyone, and I personally used it. Let's do it for a full automated installation, I will install all the components from XenDesktop 7. Timm Brochhaus wrote a very cool blog and give you the explanation about a script he wrote to automate this part with a very useful script. Juts don't forget to run this script in 32bit mode.... [link] I did use Timm's script and here is the result I got : 3 databases were created, one for the Site informations, one for the log informations and a last one for monitoring (edgesight-like) Now we are ready for the next step which is site creation with the command New-XDSite with the result : If I use the script Timm make available and use the same syntax, this is pretty easy to add this line and add what we need to automate DataBase creation + Site creation in one script : So now your XenDesktop 7 DDC is ready to work, you can launch the Desktop Studio console, you just need to create your Machine Catalogs and Delivery Groups etc... This next part of automation is in my next blog about XenDesktop 7  

Citrix XenDesktop 7 – VDA Installation 7 Comments

The VDA version delivered with XenDesktop 7 bits is 7.0.0.3018 The VDA can be deployed two ways, via the GUI setup and in an unattended way. Using the GUI is easy and can be done very quickly - but it remains manual deployment. Here are screenshot so for the one who won't have time to check it out, you can already know what you might face very soon.   Next blog will be about VDA installation for Desktop and Server OS

Citrix XenDesktop 7 – Unattended Installation + Site join 18 Comments

We all need to automate things, we need to fast deploy, fast provision and stay lazy, not doing the same thing every day... So let check how we can industrialize XenDesktop 7 deployment (the easy part) and configuration (I guess the tricky part). First to deploy XenDesktop 7 using command line is simple and very well documented [link] Installs XenDesktop Server Options can be (see documentation for further details): /COMPONENTS CONTROLLER, DESKTOPSTUDIO, DESKTOPDIRECTOR, LICENSESERVER, STOREFRONT /EXCLUDE <package> excludes a package from installation /HELP, /H, /? Shows this dialog /NOREBOOT Suppress reboot after installation (if needed) /PASSIVE, /QUIET Do not show UI during installation /REMOVE Remove components (instead of installing) /CONFIGURE_FIREWALL Configure Windows Firewall /NOSQL Do not install SQL Server Express 2012 /NO_REMOTE_ASSISTANCE Do not install Windows Remote Assistance when installing Director I will add a second server to my existing deployment (1 DDC, Windows 2012 XenDesktop 7) my command line to install components I need look like : The XenDesktop 7 "Framework" is now installed but the is still configuration an Site join to automate. Using Powershell this is an easy step as well : This command line will update the database automatically, if you do not wish to, you need to specify it : Note : if you had DesktopStudio open, to show the change on the new DDC, refreshing the mmc is not enough, you need to close and open it again. Last thing, to remove a DDC using command line, still with PowerShell : This command line will update the database automatically, if you do not wish to, you need to specify it : Note : You must execute this commend another DDC than the one you want to remove. So to sum-up, this is very easy to automate XenDesktop DDC deployment once the first DDC is set up. The next step will be to try to automate the first DDC installation and configuration.