// This is the script to give summary on the main page.
Think IPM

Thursday, March 31, 2016

Link Collection–Antivirus guides for Citrix & Terminal Servers

Some times you have a good bit of information to write about in a blog post, other times you just have a bunch of links.  ;)

Today is just a good group of links from Aaron Silber related to tuning Antivirus scanning on Citrix XenApp/Terminal Servers.   Some of these links are dated but the meat is good since AV hasn’t changed much in client environments.  I still don’t see much host side scanning done in the hypervisor (at least in the field) so these client recommendations are still very relevant in today’s VDI environments.

imageMicrosoft Window Server

Citrix Servers

PVS Specific

AppV Specific – On Terminal Server

SQL Server
Here is the Microsoft guide for AV on SQL server


Click Here to Continue Reading >>

Tuesday, March 29, 2016

Removing a Node (or 3) from a Nutanix Cluster

Recently, I had to retire some nodes from a client’s Nutanix cluster.  We were recycling 3 out of the 6 nodes down to DR in this particular case.  I’ve added nodes to a cluster but this was the first time I had to remove nodes from one.  I reached out to Alan Biren from Nutanix for some quick instructions.  As with all my dealings with Nutanix, I knew this would be a simple process.   Below is the short and long of it (which includes removing nodes from a live running system without any user disruptions or data interruptions). –Nice!

Since all nodes participate in data protection and replication, the process needs to be done one node at a time.

First step would be to migrate all VMs from the node (ESXi) to the other nodes (use vCenter).   Since a CVM is running on each node, putting the node into maintenance mode can’t be done (can’t maintenance mode while a VM is running) so I instead opted to remove the nodes from the vSphere DRS cluster and reconfigure them as stand alone ESXi hosts.

Once all VMs are evacuated, remove the NFS Datastore from the node.

CVM needs to be up and running.

From PRISM, go to hardware, select the node from the Diagram and then click the Remove Node and OK the warning message.


This will start the process of moving the data that sits on the node to the other nodes/forcing the data locality.  This process could take up to 6 hours to complete depending on the amount of data.


The process will move through the paces of migrating all of the data from the node for removal to the remaining nodes in the cluster.  Once complete, the GUI will show success and a reduced number of nodes in the cluster.  Verify there are no remaining alerts before proceeding to the next node.

You can also check this has completed by running the cluster status and checking what nodes are in the Nutanix Cluster.
'ncli get-remove-status’, if ‘MARKED_FOR_REMOVAL_BUT_NOT_DETACHABLE is displayed, the process is not complete, if no output is returned then the process has completed.

Once the nodes have been removed from the Nutanix Cluster, you can clean up ESX side, by shutting down the CVM (triple verify in PRISM that no errors pop up when shutting down the CVM), putting node into maintenance mode and removing from ESX Cluster.

Click Here to Continue Reading >>

Tuesday, March 22, 2016

vCenter 5.5 Update 3b Upgrade Bug

Image result for computer bugGot bit by a pretty annoying vCenter 5.5 Update 3 bug.

Error 1053: The service did not respond to the start or control request in a timely fashion.

While upgrading a client to 5.5 Update 3b from vCenter 5.5 U2, you have to make a modification to a source file BEFORE running the upgrade.  If you just process the upgrade, vCenter fails to start at the end of the installation (after upgrading the SSO, Database, Web Client and Inventory service!).  There is NO RESOLUTION.  Just a work around or a roll back with work around.  Fortunately, I took a snapshot of vCenter before upgrading so I was able to roll back, make the change and process the upgrade successfully but UGH.. It should have been a lot easier. Smile 

In any event – If you are upgrading to vCenter 5.5 Update 3b, read the link above and be sure to always take snapshots before upgrading anything. Winking smile 

Oh and if you haven’t upgraded to the vCenter Appliance yet – read the above link again and tell me
WHY haven’t you made the switch yet?

Click Here to Continue Reading >>

Wednesday, March 16, 2016

High Level First Look at Citrix’s AppDisks

IPM’s Rajen Das took the opportunity to install Citrix AppDisks in the IPM labs and gave us this high level report:

imageFinally got around to implement this in the lab and I must say it works as advertised.

Lab setup:
(1) Citrix XenDesktop 7.8
(1) Citrix Provisioning server 7.8
(1) Citrix AppDNA server(latest)
(2) Microsoft Windows 10 VDA
(2) Microsoft Windows 2012 VDA (test pending)

Here are my findings so far:

1. The environment must be 7.8 all across including PVS 7.8 or use MCS.

2. You’ll need a separate server for AppDNA. Be patient during the installation; it took me 20 hours. It should be less on high-end servers.

3. AppDisk is available for all license types: XenApp Advanced, Enterprise and Platinum edition as well as XenDesktop VDI, Enterprise and Platinum edition.

4. AppDNA is only available on Platinum editions of XenApp and XenDesktop.

5. If you are using PVS, you’ll need the vDisk to be in maintenance mode. After the installation is completed and sealed, the maintenance version can be deleted.

6. Unlike App-V, new applications are only available after a reboot.

If you care about a having a pristine golden image and want to avoid having 100 applications on it, this solution may work for you. 

Questions for Rajen?  Leave them in the comments or follow him on @Neo124t

Click Here to Continue Reading >>

Thursday, March 10, 2016

VMware Horizon View Maintenance releases/updates

Image result for work inprogressBy now, most of my clients are running at least version 6.x of Horizon.  Occasionally, I’ll get emails asking if it is time to upgrade or what the new features are of a new release.  Most of the time the releases have just been standard maintenance releases.  Although they are small point releases, I like to apply the maintenance releases in a pretty timely fashion to the environments since the upgrade paths are clear, tested and usually painless.  Keeping the environment up to date makes the major release version upgrades that much easier.   That typically saves time and money in the long run.

VMware is great about posting their release notes in the pubs.VMware.com documentation site.  A quick Google of the version number + ‘release notes’ will bring you right to the links.  I recently looked up the release notes for 6.2.1 and 6.2.2 to see what would be fixed/added from 6.2.

Below are snips from the release notes.


Resolved Issues

The following issues have been resolved in this release:

  • Users sometimes experience slow response times in their PCoIP sessions when they are connected through a security server.
  • Intermittently, printer mapping fails for a remote application.


What's New in This Release of Horizon 6.2.1

  • VMware Horizon View 6.2.1 is a maintenance release. Some known issues from previous releases are resolved. For more information, see Resolved Issues.
  • To improve security, SSLv3 is no longer supported. By default, TLS 1.1 and TLS 1.2 are enabled. TLS 1.0 is enabled for outgoing connections to support vSphere 5.x, but is disabled for incoming connections. If the vSphere version is 6.x, it is recommended that TLS 1.0 be disabled for outgoing connections.
  • For PCoIP connections, by default, TLS 1.1 and TLS 1.2 are enabled and TLS 1.0 is disabled. Horizon Client 3.3 and earlier versions use only TLS 1.0 for PCoIP. View Agent versions earlier than 6.2 also use only TLS 1.0. To support Horizon Client 3.3 and earlier versions, as well as View Agent 6.1.x and earlier versions, if you use the PCoIP Secure Gateway, you can enable TLS 1.0 for PCoIP connections by following the instructions in KB 2130798, Configure security protocols for PCoIP for Horizon 6 version 6.2 and later, and Horizon Client 3.5 and later.
  • For Blast Secure Gateway and the HTML Access agent, by default, TLS 1.1 and TLS 1.2 are enabled and TLS 1.0 is disabled. You can configure the security protocols and cipher suites for both components. See Configuring Security Protocols and Cipher Suites for Blast Secure Gateway in the View Security document and Configure Security Protocols and Cipher Suites for HTML Access Agent in the Horizon Client and View Agent Security document.
  • Linux desktops now support clipboard redirection, single sign-on, and smart card redirection. The Setting Up Horizon 6 for Linux Desktops guide also documents additional bulk-deployment scripts.

Bottom line: its not exciting but definitely try to keep your environments up to date with the latest maintenance releases so you are ready to go with a smooth painless upgrade when a major release is announced.

Click Here to Continue Reading >>