Several times i had the need to synchronise Virtual Machine notes (vmware) with Active Directory Computer description. As in big environment, different team are managing each of these components, the need to be able to link an Active Directory computer account to a vm with XenApp / XenDesktop delivery group has often been seen as useful. Delivery group name : Desktop123 Virtual Machine note (vmware) : Desktop123 Active Directory account Description : Desktop123 The idea is to simply synchronise the information through the platforms so everyone knows quickly what machine does what. In this particular example that was about XenApp Servers and XenDesktop VDI. You will need a machine where : XenDesktop 7.x SDK (Powershell is installed) vmware PowerCli installed RSAT role deployed as well Thank to Rodolphe Herpeux who simplified the first version of this script I wrote.
As I got an unlimited access to Windows Azure I wanted to check out how I could extend my lab into it and use it to store VMs workload (at first). Here what you need : Citrix NetScaler VPX (tested with NS10.1: Build 122.17.nc & NS10.1: Build 123.9.nc) Windows Azure Access Homelab (running on vSphere 5.5) Of course, you need licence for everything... Considerations : Before configuring a CloudBridge tunnel between a CloudBridge appliance in datacenter and Microsoft Azure, consider the following points: The CloudBridge appliance must have a public facing IPv4 address (type SNIP) to use as a tunnel end-point address for the CloudBridge tunnel. Also, the CloudBridge appliance should not be behind a NAT device. (or you'll have to setup a route for your LAN computers, I'm explaining how to at the end of this blog) Azure supports the following IPSec settings for a CloudBridge tunnel. Therefore, you must specify the same IPSec settings while configuring the CloudBridge appliance for the CloudBridge tunnel. IKE version = v1 Encryption algorithm = AES Hash algorithm = HMAC SHA1 You must configure the firewall in the datacenter edge to allow the following. Any UDP packets for port 500 Any UDP packets for port 4500 Any ESP (IP protocol number 50) packets IKE re-keying, which is renegotiation of new cryptographic keys between the CloudBridge tunnel end points to establish new SAs, is not supported. When the Security Associations (SAs) expire, the tunnel goes into the DOWN state. Therefore, you must set a very large value for the lifetimes of SAs. You must configure Microsoft Azure before specifying the tunnel configuration on the CloudBridge appliance, because the public IP address of the Azure end (gateway) of the tunnel, and the PSK, are automatically generated when you set up the tunnel configuration in Azure. You need this information for specifying the tunnel configuration on the CloudBridge appliance. First thing first, you need to use your Windows Azure account and follow the next step to begin to configure the IPSec tunnel by creating a local network In the left pane, click NETWORKS. In the lower left-hand corner of the screen, click + NEW. In the NEW navigation pane, click NETWORK, then click VIRTUAL NETWORK, and then click ADD LOCAL NETWORK. In the ADD A LOCAL NETWORK wizard, in the specify your local network details screen, set the following parameters: NAME VPN DEVICE IP ADDRESS In the lower right corner of the screen,…
I blogged about how to automate Citrix XenDesktop 7 deployment and database creation, and how to join and existing XenDesktop 7 site unattended, but now to continue and go a bit further in the automation process, I needed and wanted to know how to automate Hosting Configuration by Adding Connection and Resources to the DDC in an unattended way. This blog will cover creation process for XenServer 6.x and vCenter (vSphere) 5.1 since I don't have access to a Hyper-V (yet), I went over Citrix eDoc to check how I could do this and I found here : [link] Thanks to Livio for some PowerShell help :) It helps to understand whet need to be setup and after few tests I ended up writing this script to automate this part : This script have been tested with Citrix XenDesktop7 and XenServer 6.2 and vSphere 5.1
Today I got an annoying issue when I was trying to edit settings from a Virtual Machine. It happens after I converted a template to a VM to make to change but every time I tried to edit the VM I got this error message : Error:The server fault 'SystemError' had no message. Error Stack Call "PropertyCollector.RetrieveContents" for object "propertyCollector" on vCenter Server "xxxxxxx.domain.local" failed. Not very nice message and not very "understandable" for me... Anyway, I needed to edit these settings and to do so, you can follow the next steps. Use it at your own risk ! First I removed the VM from the inventory, right click on the VM and chose "Remove from Inventory" Then, browse the datastore where VM files are stored and I right clicked on the .vmx file To add back into the inventory by following the regular wizard. At the end I've been able to edit the VM settings. Resources : VMDude (Frédéric Martin) made a Powercli module to resolve this issue : link vmware KB : link
In a new mission, I had to learn a new environment based on Citrix XenDesktop 4, Provisioning Services 5.6 and vmware vSphere 4.1. This week, I had a weird issue, I didn't change anything, I just didn't understood why suddenly VMs stopped to be available, in fact VMs were available but for some reason, it was impossible for everyone to access it through the Web Interface. VMs were working well XenDesktop brokers were fine Web Interface was ok Citrix License Server was up and running with correct license vmware vSphere was ok as well, VMs were running without any problem on it On the Web Interface, the following message was display while trying to launch a XenDesktop virtual desktop : "xxxxx is currently unavailable. try reconnecting and, if the problem persists, contact your administrator." On the DDC, XenDesktop Desktop Delivery Controller, I found event logs with ID 1301, source : Citrix Desktop Delivery Controller, with the following description : "The delivery controller failed to broker a connection for user xxxxx to desktop group yyyyy. The delivery controller cannot find any available virtual desktops. Please add more virtual desktops to the desktops group. If the problem is due to existing virtual desktops not becoming available, refer to Citrix Knowledge Base article CTX117248 for further information." It look like a communication problem between XenDesktop DDCs and vmware Virtual Center, so I checked every component, DDCs, Virtual Center.... I found nothing really relevant. So the next step was to enable extended logs on the DDC side, after a short search on Citrix website I found how to do do with CTX117452. I got a lot of logs, but after one day scratching my head to try to understand why without changing anything I had such behavior, I just had bunch of logs but I was missing something... Here is a short part of the pool_log.log file : I also took a log in the virtual desktops pool properties to check if everything was alright... It wasn't : All the VMs within the Citrix Delivery Service Console were disassociated with Active Directory and a message confirm I had communication problem between vmware Virtual Center and Citrix XenDesktop : "Virtual machines could not be retrieved from the hosting infrastructure" and then a pop-up saying : "Error occurred whilst validating the list of virtual desktops. For more information about each error, hover the mouse over…
VDI Project – Not only a XenDesktop project (part.1) VDI Project - The framework (part.2) VDI Project - Hypervisor war (part.3) VDI Project - Desktops and applications delivery (part.4) VDI Project - User Environment Manager (part.5) Cool title right ? If you click on it then this title was just perfect :) Within my desktop industrialization and virtualization project, I had of course the first layer to analyze : Hypervizors. What is installed, what can be challenge, why bringing a change to this existing layer ? And which product I should push against the one already present ? This is the announce war, if there is some Hyper-V or Vmware I should try to push XenServer (I'm a Citrix preacher guy) and on any case, I should change everything to show I've been here and mark the path of changes.... Nope I didn't, this is 100% vSphere deployed full packed with a very good team handling the infrastructure and a lot of processes and work-flow already running, so I don't see any advantage for my customer (and for me) to change what's working and in place. Changing an installed hypervizor on a large deployment would mean : Changing / adapting processes Industrialization rebuilding Engineer and administrators teams training Heavy and long migration (V2V..) Lost of focus regarding what bring me first on this "Desktop" project Maybe reduction of administrators / engineer As I mentioned in the part 1 & 2 of this blog, in fact I didn't had to test anything because the choice have already be made. I would have like to make my own benchmark test and comparison but limited time and specific politics in this project were in the game. If you want to go further on this subject then I encourage you to read Project VRC - Phase II version 2.0 white paper full of very interesting information. Now I need to keep in mind this architecture piece I would have to address, I don't know bunch of thing about vmware vSphere, I will use some help on that subject by some other expert. The announce war didn't happen and I'm very disappointed about that, I would have like to make my own test and publish result I got from an extreme VDI benchmark. I will do it, sooner or later !
