// This is the script to give summary on the main page.
Think IPM

Thursday, December 17, 2015

Vote for IPM @ the Citrix Demo Derby

Here is a shameless plug for my company.  ;) If that sort of thing bothers you, look away now and click here.
My colleagues spent a good amount of time putting together a great video highlighting both Citrix Mobile Technology and New York City!
This great video was created by Rick Passero, Paul Kilgallen, and Citrix’s Aida Luu for the Citrix Partners’ Demo Derby, a contest among Citrix’s partners for showcasing their products.  
image
They have made it to the finalist round which is determined by public voting so help IPM win and vote here!  Winners will be announced at Citrix Summit in January.
Click Here to Continue Reading >>

Tuesday, November 24, 2015

VMware 6 : Unable to connect to the MKS: Internal Error

Almost EVERY SINGLE time I see this error, it’s DNS related.  When I ran into it tonight, I immediately thought I had fat fingered the DNS entries in the VMware vCenter Appliance Deployment wizard. 
This became an interesting chicken and egg scenario – I needed to check my DNS settings on the Console but of course, couldn’t get a console for the VM!  Doh!
Fortunately, I had enabled SSH when deploying the vCenter Appliance (Something I will continue to ALWAYS do!).  A quick putty over to the vCenter VM and everything looked fine…  What gives?
Image result for crumpled up paperTime to search the VMware Knowledge Base.  After some searching, I ran across this: http://kb.vmware.com/kb/2116542
In this particular project, I was migrating hosts from a Windows based vCenter to a vCenter Appliance and apparently when I migrated the existing hosts over to the new vCenter Appliance, some certs got borked.
Quick Fix: vMotion EVERYTHING from one host to the next and everything was back to normal.  Whew!
Click Here to Continue Reading >>

Monday, November 16, 2015

VMware View 6.2 XP Support issues.

image Recently, I was working with a client on an upgrade to their VMware View environment. We were upgrading from View 5.2 to 6.2. A nice jump in versions that was hopefully going to go pretty painlessly. The majority of the machines were Windows 7 machines with a sprinkling of Windows XP machines that for various support reasons were pretty critical to a select few people. Once we had the outage window, we moved to begin upgrading the View infrastructure servers. All went good but when recomposing the XP pool, none of the Virtual Machines were registering with the Brokers. On the broker screens, I was receiving errors complaining about network communications:

No network communication between the View Agent and Connection Server. Please verify that the virtual desktop can ping the Connection Server via the FQDN

After your normal troubleshooting based on this catch all KB Article,  I came across this gem in the release notes regarding XP support:

Supportability of Windows XP and Windows Vista guest operating systems as desktop virtual machines
The versions of View Agent that ship with Horizon 6 (version 6.1) and later releases do not support Windows XP and Windows Vista desktops. The Horizon 6 (version 6.1) servers will work with Windows XP and Windows Vista desktops if you continue to use the older View Agent 6.0.2. The older agent, of course, does not offer all of the features of the new agent.

Unfortunately, rolling back the Agent version on the images still not allow the XP VMs to register with the Brokers.  In the inventory screens, the agent versions were still showing up as unknown.

I was starting to give up hope.   Fortunately with some unreproducible Google-fu, I came across this KB article that saved the day.

How to change a Horizon 6 version 6.1 environment from Enhanced message security mode to Enabled security mode

Apparently, after 6.1, there were some changes in the way that the Desktop Agents communicated to the Brokers that were not supported by the older 5.x agents.  In order to enable communications between the older agents and the newer brokers, some ADSI hacks had to be made.  This basically dumbed down the communications to allow the agents to communicate and more importantly register with the brokers.

A quick reboot of the Brokers and the older XP VMs were registering successfully with the Brokers.  I still don’t remember how I managed to come across this needle in the Knowledge Base Haystack but I figured I’d write a quick blog post about it so I don’t forget it. :)

Enjoy enabling your user base to hang on to their XP machines for just a little bit longer!

Click Here to Continue Reading >>

Thursday, October 22, 2015

Easy Hotfix list for Microsoft TS/RDS patching

Image result for listTracking down patches is a pain in the ASCII.  You want to keep your servers up to date but digging through endless Google searches to find relevant KB articles for each operating system is no fun. 

Aaron Silber feels your pain and sent over this handy-dandy table that takes you to the Microsoft pages of updates available on TS/RDS.

Terminal Services (Remote Desktop   Services) in Windows Server 2008

KB 2312539

Remote Desktop Services (Terminal   Services) on Windows Server 2008 R2 SP1

KB 2601888

Remote Desktop Services in Windows Server   2012

KB 2821526

Remote Desktop Services in Windows Server   2012 R2

KB 2933664

That’s quite the treat for Halloween! Thanks Aaron!

Click Here to Continue Reading >>

Wednesday, September 30, 2015

VMworld 2015 Recap

image VMworld 2015 is over. The US conference is done and everyone is getting ready for VMworld Europe coming in October. If you were like me and didn't attend VMworld in San Francisco but still want to know a little bit about what went down, then this post is for you. :)

Cloud Cloud Cloud. You knew it without even going but VMware has a lot to say about cloud! Whether it was VMware Cloud Air or the Site Recovery Manager Air, VMware is ready to bridge your VMs into it's cloud based hypervisors. Moving between local based hosts and the cloud based vSphere implementations is getting easier and more cost compelling (Global vMotions Anyone?). Leveraging a vCloud Air based Site Recovery Manager Air to test your disaster recovery plans is becoming a reality. Bridging private and public clouds is going to require some pretty fancy networking!

Enter the NSX. It was everywhere at VMworld. It is being positioned as the gateway to and from the clouds. Security on the NSX was a high point in most of the sessions. Security is not one of these things that should be bolt on but thought of from the very beginning. VMware promised NSX was developed with internet security in mind. I expect to run into more and more NSX implementations at client sites as vSphere 6.x is rolled out at clients.

And there was lots of vSphere 6 stuff. With the exception of missing Update Manager, the vCenter appliance is looking great. Once VMware pushes Update Manager into the appliance, I don't see myself recommending a Windows based vCenter anymore. I love what VMware is doing with their appliances.

Horizon View was on display (subtle NVIDIA pun!) as well. End user computing in general. Whether you are running View or Citrix XenDesktop/XenApp, VMware wants to be a part of the puzzle. If you are running full blown Horizon or just Citrix XA/XD, VMware thinks App Volumes and Immidio for Profiles has a place in the solution. Citrix is pushing for VMware View take-outs but I don't think it is going to be as cut and dry as it looks. I think the View solution is a solid platform and holds its own against competitors.

There were tons and tons more cool things like Project Enzo and the NVIDIA GRiD vGPU but these were the high level topics that caught my eye talking to colleagues.

Click Here to Continue Reading >>

Thursday, June 11, 2015

Citrix and SQL always On Designs.

Image result for pros and consChris Hahn put together a quick PROs & CONs list to using SQL Always On for Citrix instead of SQL mirroring.


A lot of clients have been asking about SQL Always On with new Citrix designs.  A couple points on the PROs / CONs vs. SQL mirroring.

  • Don’t have to set mirror database configuration on clients.
  • Not applicable for Citrix yet, but Always On supports reading the DB from any node of the Availability group.  With SQL Mirroring you can only read from active node.
  • Faster failover than mirroring, if SQL nodes are in single subnet.

  • Requires Enterprise Edition which is much more expensive than the Standard edition required for Mirroring.
  • If you are failing over across sites / subnets, failover times will probably be slower than mirroring.  If the application supports the multi-subnet failover SQL connection string, then both subnet IPs register in DNS and the app attempts connection to all IPs in parallel for the fastest failover times.  Very few apps support this though, so the legacy mode is to not register all IPs in DNS, and have clustering change IP at failover.  Then you have to wait for DNS changes to propagate during a failover.  This is much slower than failover with traditional mirroring.
  • Not all applications support Always On, particularly the multi-subnet failover option.  Mirroring has been around for a long time and has much broader support.

Some additional information related to the subject can be found here:

Multi-Subnet failover connection string can be configured for XenDesktop Databases and there is a handy script to configure this -
http://blogs.citrix.com/2014/10/29/updating-database-connection-strings-in-xendesktop-7-x/

Multi-Subnet failover option is still not supported for PVS -
http://discussions.citrix.com/topic/337030-pvs-7-on-sql-2012-always-on-a-supported-citrix-deployment/

SQL connection timeouts
http://blogs.msdn.com/b/alwaysonpro/archive/2014/06/03/connection-timeouts-in-multi-subnet-availability-group.aspx

Click Here to Continue Reading >>

Wednesday, May 20, 2015

Document Starter: Deploying an Application / Desktop

Sometimes you just need a little help creating documents.  Just a starting point to really get the juices going and head start to get the documentation ball rolling.  Aaron Silber has a nice starter document for anyone looking to document their XenApp/XenDesktop groups.

You can download the actual Word Document here: <ShareFile Location Here>


This document will detail the steps necessary to deploy an application or desktop to users via StoreFront or the Receiver. At a high level, the process is broken down into two steps,

  • Creating a Machine Catalog, which is a collection of desktops or physical computers that are managed as a single entity.
  • Once the catalog has been created, the administrator assigns applications from the machine catalog to users via delivery groups.

In the new world of XenApp/XenDesktop v7.x, in order to publish an application, you create and add applications in the Citrix Studio and make them available to Delivery Group Users. Create Delivery Groups for specific teams, departments, or types of users. Delivery groups specify the groups of users who access desktops or applications. Users can be members of multiple delivery groups to enable various access to applications and / or desktops.

Creating a Machine Catalog

Launch the Citrix Studio Console

clip_image002 

Select Machine Catalog

 

Right click and select Create Machine Catalog

clip_image004 

Click Next

clip_image006 

Select Windows Server OS

 

Click Next

clip_image008 

Select Another service or technology

 

Click Next

clip_image010

Select the computer accounts to be part of this machine catalog.

 

Click Add Computers

 

clip_image012

Enter in the Computer Name

 

Click Next

clip_image014

Fill in a Machine Catalog Name and optionally a description for administrators to see.

 

Click Finish

clip_image016

End of Machine Catalog Creation

Creating Delivery Group

Click on the node called Delivery Groups

 

Right-Click and select Create Delivery Group

clip_image018

Click Next

clip_image020

Select a machine Catalog to be used to publish the applications to.

 

Increase the number of machines to the amount of machines that should be made available to this group.

 

Click Next

clip_image022

Select Desktops and applications

 

Click Next

clip_image024

Click Add users, to add in users and/or groups

 

Click Next

clip_image026

XenApp will automatically scan the server for applications and display them for easy publishing.

 

If you want to customize an application, click it and select the Application Properties button for more details.

 

Click Next

clip_image028

Click Next

clip_image030

Enter in a Group name and a Display name.

 

Click Finish

clip_image032

End of Delivery Group Creation

You should now be able to log into a StoreFront server and access the application(s) / Desktop(s) that were just configured.

Click Here to Continue Reading >>

Friday, May 15, 2015

PSA: VENOM Exploit on Citrix XenServer

I’ve had some clients ask about a new exploit making it’s way around security desks lately.  It’s called VENOM and it leverages a buffer overrun scenario that has been detected in certain code used to process commands from a Virtual Floppy controller on a VM to gain unauthorized access across the entire HOST and all VMs running within it. VENOM exploits the hypervisors specifically to gain unauthorized access to additional Virtual Machines running on the host platform.

venom-header-image.jpg

After some research, it looks as though this is primarily an issue with the QEMU floppy controller code found in some open source Hypervisors including Citrix’s XenServer. 

VMware and Hyper-V are not known to be affected by this exploit.

EDIT: As of this post, Citrix has not issued patches for XenServer but AND has opened up a KB article to track the progress of the exploit.  (http://support.citrix.com/article/CTX201078)

This is also a good time to discuss whether it makes sense to even have Virtual Floppy Drives on VMs.  It’s such a legacy thing and is typically a default configuration setting for new VMs.  It might be worth looking at your templates to see if there are any unnecessary devices that should be removed to avoid future exploits.

Click Here to Continue Reading >>

Thursday, April 9, 2015

Come see Sam Jacobs talk StoreFront at Citrix Synergy!

imageIf you have had a Web Interface, Netscaler or Storefront issue and took it to the Citrix Forums, there’s a good chance Sam Jacobs (@WIGuru) has helped you sort it out!  For the second year in a row, Sam has landed a coveted spot at Citrix Synergy to share his deep knowledge on bending Citrix technologies to his will.  ;)  (BTW: Last year was standing room only for BOTH sessions so if you are going to be at Synergy, pre-register for the session to get a seat!)

Here is Sam’s official Promo announcement with all the details:

Making a Splash with Storefront – A Deep Dive!

It’s official! StoreFront is here to stay so let’s ensure StoreFront servers are production-ready through solid documentation. Documentation is essential because is allows you to:

- Clone a StoreFront server group,
- Help troubleshoot any issues with the deployment, and
- Re-create servers after a crash.

Dive deep with me during my session at Citrix Synergy, where you will see how easy it is to automagically generate awesome StoreFront documentation (in MS Word or PDF format) using the StoreFront PowerShell SDK. You will learn which PowerShell cmdlets are used to document a StoreFront server group (there are also complementary cmdlets with which you can create/modify your server group).

Plus, the techniques you will learn in this session are not limited to StoreFront! You will learn how to create an intuitive GUI for your PowerShell scripts that can modify itself based upon variables in the script. You will also learn how to add custom icons and graphics to the forms used in your scripts.

As usual, all source code for the session customizations will be made available to presentation attendees.
[Be sure to subscribe for all updates!]

So join me at Citrix Synergy for SYN417: StoreFront PowerShell documentation deep dive, on Tuesday, May 12 from 4:00-4:45 PM PST in Valencia Ballroom D. Let me show you how to produce awesome StoreFront documentation, and become more proficient in PowerShell in the process. Hope to see you there!

Sam Jacobs is IPM’s Director of Technology Development Services. With more than 25 years of IT consulting, Sam is a Citrix StoreFront, Web Interface and Netscaler customizations and integrations expert. He holds Microsoft MCSD and Citrix Netscaler certifications, is the author of IPM’s TechDev blog and is an active Citrix Forum contributor. A seasoned technical speaker, Sam integrates industry insight with real implementation experience, and has presented customizations at Synergy and BriForum.

Learn more about
IPM or the TechDev practice.
Sam can be reached at:
sjacobs@ipm.com.

Click Here to Continue Reading >>

Friday, March 6, 2015

Is your Citrix Netscaler vulnerable to the FREAK Attack?

Man in the MiddleI have heard this asked before and thought it would make a good post to get some information out.

The FREAK (Factoring RSA Export Keys) attack is the latest threat to exploit vulnerabilities in the OpenSSL libraries. You might remember the HeartBleed bug from last year.

FREAK (formally known as CVE-2015-0204) affects versions of OpenSSL prior to 1.0.1i (released January 15, 2015).  It’s a man in the middle type of attack and affects a lot of different devices.  The official description is here and a good editorialized version here.

I searched and searched but couldn't really find anything official from Citrix on the KBs.  I did run across an old Citrix Forum post related to the Heartbleed bug that stated Netscalers do not use OpenSSL on the internet facing side and therefore would not be affected by internet based OpenSSL attacks.  They actually use an internal SSL stack that they privately test against any known SSL threats.  OpenSSL is only used for connections to the management side.  The information is from a Netscaler Product Manager and can be found here.

It’s a good bet that Citrix engineers are busy testing the internal code stack against the new CVE-2015-0204 vulnerability. Once complete, I am sure will release a KB article like they did with Heartbleed but until then, this will have to do. :) 

Click Here to Continue Reading >>

Friday, February 20, 2015

PSA: SuperFish Malware Threat

Just a quick note with some good information on the newest Malware threat to be in the news.

Image result for friday fish fry
Some background information on the whole story (if you haven’t heard of it) can be found here, there and also over here.

Aaron Silber sent over some useful links to test if you have been infected and some instructions on removing it if you have been compromised.  Be sure to test all installed browsers on your machine.

Microsoft updated Windows Defender to catch the malware and remove it.
http://www.theverge.com/2015/2/20/8077033/superfish-fix-microsoft-windows-defender

You can also go to this website to see if you have been infected:  https://filippo.io/Badfish/

Click Here to Continue Reading >>