Mar 112021
 

 In this short blog, I am going to show you how to upgrade Control Up from 8.1 to 8.2 and show some basic screenshots of ControlUp SOLVE. I am excited because CU 8.2 is changing the game and introducing some great features. I am not a CU employee, and this is my experience and opinions only. ControlUp has saved me many times in my areas and is a must for any organization with any EUC setup. There is still a lot I must learn in ControlUp so I can use it even more. It is a fantastic tool for any Engineer/Admin.

Below is some information on Version 8.2 and some of its additional functionality. 

ControlUp can now monitor Citrix Cloud, which is a massive win for me. It will mirror the delivery group structure in CVAD. ControlUp added a new product called SOLVE, which gives you comprehensive, real-time monitoring and analysis in a hosted web application. This is something I have wanted for a long time. 

Many folks seem not to understand the licensing around this and think that CU is just out to get more money.      Yes, it does require Ultimate licensing, but there is so much more than just the money aspect. They added a lot of good stuff in the Ultimate package that makes your Admin experience and the user experience even better. Ultimate gives you SOLVE and, of course, Automation, which is a must.           

ControlUp has gone above and beyond for me in many situations. They gave me tons of training. The reps always reach out to me to check in to see if I need anything (     yes, I used this to get custom SBA to tie into other products). Their support team is on top of their game, the Slack channel is always giving me the answers I need, and most of all, the product works well. To me, it’s a straightforward concept and should be a simple choice for many folks.

Basic Infrastructure Design

Firewall Ports used by Hybrid Cloud

https://support.ControlUp.com/hc/en-us/articles/115001228945-Communication-Ports-used-by-ControlUp-Hybrid-Cloud

Upgrade Procedure

Before you start the upgrade, close any ControlUp console instances that might be running and launch the new console executable, enter your login credentials, and log on to your existing organization.

When you sign into the Control Up interface, you will receive a notification asking you to download the new version. You can also go and download it as well, but this option works well for me. I like it because it’s like, “hey, upgrade me, what are you waiting on.” I have one server that I use for my console only, and then I have two servers that are my monitors and data collectors. 

If you are not sure what the Data Collectors are, this will help you. Long story short: 

“Data collectors increase the performance capabilities of both your console and monitor.”

https://support.ControlUp.com/hc/en-us/articles/360002162597-ControlUp-Data-Collector

On my Console Server, I will back up my config. I just copied it to a file share in my case.

%AppData%\ControlUp

This is cool, and now it will use native AD. Good, add on.

Upgrade Monitors

Before

Right-click and click upgrade. This took about five minutes or so in my environment.

As you can see, they are on the new version now. About 10 minutes to upgrade them. Nothing too hard.

Upgrade Data Collectors Agents

In my case, I used the Monitors for the Data collectors. This is not the best practice. It’s best practice to have dedicated machines as data collectors.  

Upgrading the Agent on the Data collectors 

Upgrading the Agents

You will see a yellow Notification if they are behind.

Right-click the device, click agent control, and Upgrade/Install Remote Agent.

At times, when upgrading, the agent will fail. If this happens, I remove the server and re-add it, and then it upgrades it with no problem.

Example

I had Rory Monaghan looking over this blog, and he gave me some very valuable information. 

“One other thing I noticed, you had agent upgrades fail when pushed from the Console. One potential reason for this is that if someone installed the agent on a machine using the MSI rather than via the Console, the Console push fails. I work on a team of 4. Sometimes someone builds a new server or thinks they are helping during the upgrade process by uninstalling and installing the MSI, which in turn means next time I upgrade, the Console upgrade option fails.”

Example

You can do it at the higher level as well, as Rory showed me in the screenshot.

Rory gave me some good advice around this as well. I will be using this for my service desk. Thank you, Rory, “One of the reasons for missing data to Insights is that when a Monitor Server reboots or even when the service stops, it clears its agent to monitor connections. I discovered this too as I generate reports using ControlUp data: GitHub – Rorymon/ControlUp: ControlUp Resources and Scripts.

One final thing I do is restart the Monitor Service on the Monitors. The reasoning behind this is that I did an upgrade before, and data wasn’t being sent to Insights. I contacted support, and this was what they did. You don’t have to do this. I do it based on prior experience, and it is no big deal. It’s simple enough.

You will notice some addon in the toolbar at the top.

I am going to start a trial. 

This is really neat, and it’s the CU console but all WEB.

This Is my favorite part, and it gives you a high-level diagram that will allow you to click on each object and see an overview of what is going on. You can drill down and get granular on each section. This is an excellent tool for the helpdesk.

Cluster View

Host View

DataStore view

Machines View

User Session break down.

Delivery Group

Published Apps

References

Upgrade Guide for Hybrid Cloud v8.x to v8.x – Knowledge Center (ControlUp.com)

https://support.ControlUp.com/hc/en-us/articles/360002162597-ControlUp-Data-Collector

If you find it that the CU console is slow, you must follow this and add Data Collectors. This changed things for me big time.

https://support.ControlUp.com/hc/en-us/articles/207260875-Performance-Optimization-for-ControlUp-s-Real-time-Console-Monitor?source=search&auth_token=eyJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50X2lkIjo1Nzk0MDIsInVzZXJfaWQiOjM2NzY0OTc1NjkxNywidGlja2V0X2lkIjozMTI3NCwiY2hh

Feb 052021
 

Summary

This guide is geared around explaining how Zoom and Citrix work together. It will show you the Architecture and provide information for what is needed on the clients. There is information added in the document for education purposes as well.

Zoom VDI information 

  1. Zoom requires both the “Zoom Media Plugin” + “Zoom Client for VDI” to match exactly from version 2.1.5 documented at – https://support.zoom.us/hc/en-us/articles/360031768011-New-Updates-for-Virtual-Desktop-Infrastructure-VDI-
  1. The Citrix Team handles the “Zoom Client for VDI” installations on all VDI machines. The information here Is strictly for informational purpose
  1. For your company managed device You can use SCCM to push out the “Zoom Media Plugin” to corporate devices
  1. Personal devices that are being used to connect to Citrix VDI/Published will need the “Zoom Media Plugin” installed on their personal device. We provided a URL for the employee to go and download this.  Remember Its important to make sure the Plugin need to match on the Client and VDI side

The current VDI installer is 

Zoom VDI installer

5.459208

The Clients need to have this version

Zoom Plugin for Clients 

5.4.59208

VDI downloads and backwards compatibility Chart

  1. This is a link to show you the backwards compatiblity 

https://support.zoom.us/hc/en-us/articles/360041602711-VDI-downloads-and-backwards-compatibility

Zoom VDI Plugins for Clients URL

https://support.zoom.us/hc/en-us/articles/360052984292

High Level Architecture of Zoom in Citrix 

How to install the “Zoom Media Plugin” for a personal device

Open an internet browser of the user choice.

Put this URL in the search bar https://support.zoom.us/hc/en-us/articles/360052984292

Download the required Zoom Media Plugin for the operating system that is needed

In this example I have a Windows Operating System. I downloaded Windows x86 or x64: 5.4.59208.1207. Once it downloads, the Zoom Media Plugin. The typical area of download will be store in the Downloads folder. 

Double click on the  ZoomCitrixHDXMediaPlugin.msi. It will now open up and start the process.

Click next

Click next 

Click Next

Once its starts intalling, It will ask you if you want to allow the software to make changes to your device. Click yes

If you receive this error, you have to close out of the Citrix session, and Exit Citrix workspace

Before exiting the Citrix workspace, Please save all your work and properly exit the running application.

Once you complete this, proceed to exiting from Citrix Workspace.

Go to the task tray in the right-hand corner, hit the up arrow, and click “sign out”

If you get this, click sign out.

Give it 30 seconds, and procced to Exit Workspace.

Go to the task tray in the right hand corner, Hit the up arrow, and click “sign out”

Now go back to the zoom install, and click retry

You will then see this

You can verify this shows in control panel, under programs and features

You have completed the Zoom Media Plugin on the client device you are using. Now you go log back into the Citrix Virtual desktop and resume your work.

Testing Cam and Audio

VDA session

Open up the Zoom setting and look at the statistics to see what is doing.

Picked my Mic up just fine

Rolling out

  1. When I needed to start rolling this out, I found that Zoom makes a user install as well. Just like teams. So, I found an uninstaller CMD and deployed it with Citrix WEM.
  2. When I user goes to connect to a meeting this will come up.
  1. It appears though if you have the Zoom VDI client in first it will not install this either.
  2. I Created a WEM external Task, that will run this.  %appdata%\Zoom\uninstall\Installer.exe /uninstall /silent
  1. I plan on app masking this location, I just need to make sure I don’t break Zoom and understand the details.
  2. Ideally, I would app mask this location C:\Users\%username%\AppData\Roaming\Zoom
  3. Add Zoom.exe into the CPU optimization area

Troubleshooting

  1. Citrix Virtual Desktops – Zoom – Microphone and video not working in ICA session
  2. https://support.citrix.com/article/CTX275259
  3. Download and install the Zoom Citrix Media Plugin found in the link below install the client of the VDA and the plugin on the endpoint:
  1. Note: Plugin version must be the same on the VDA and endpoint
  1. https://support.zoom.us/hc/en-us/articles/360041602711
  1. Additional resources:
  1. https://support.zoom.us/hc/en-us/articles/360031096531-Getting-Started-with-VDI

Zooms Troubleshooting Resource

https://support.zoom.us/hc/en-us/sections/200305593-Troubleshooting

VDI Client Registry Settings

https://support.zoom.us/hc/en-us/articles/360032343371-VDI-Client-Registry-Settings

Group Policy Settings

https://support.zoom.us/hc/en-us/articles/360039100051-Group-Policy-Options-for-the-Windows-Desktop-Client-and-Zoom-Rooms

Resources

http://axendatacentre.com/blog/tag/zoom-is-unable-to-detect-a-camera-citrix/

So far, I would say Zoom is very nice over its competitors. Not everyone is lucky though and can go out and purchase it. But if your company does, This guide along with http://axendatacentre.com/blog/tag/zoom-is-unable-to-detect-a-camera-citrix/ guide will get you going in a flash.

Feb 012021
 

Windows 2016 Deduplication on FSLogix Containers and ODFC 

During the time of running my Shrink Scripts (yes I have a couple I go back and forth with) for FSLogix, I noticed that my 4 TB Drive is becoming used more and more. There wasn’t really anything I could do at this point other than adding Disk space( Call me old, but I try to optimize as much space as possible before throwing more hardware at it). One of the things I could do is delete all older profiles that haven’t been used in 90 days. There are scripts that can do this for you. One is Jim Moyle, another is Rene Bigler ( Posted at the end of the quick blog). However, I must test this, and I don’t have the time to do this right now. So, Manuel Winker reminded me about Windows Deduplication. I have totally forgotten about this, and I am not sure how I did, to be honest.  So, this is how I did it and my results.

  1. Install the Data Deduplication Role (GUI)
  1. Powershell Install
  2. Install-WindowsFeature -Name FS-Data-Deduplication -IncludeAllSubfeature -IncludeManagementTools 
  1. After things are installed you need to set it up for the Volume that you will apply this to
  2. Open server manager, then navigate to File and storage services -> Volumes, select the desired volume, right-click and from the menu select Configure Data Deduplication.
  1. For this test, I am going to use the “General Purpose File server”
  2. This is a chart I pulled from the MS site on the difference
  3. https://docs.microsoft.com/en-us/windows-server/storage/data-deduplication/understand#usage-type-default
  1. For the Schedule, I had some advice from Mike Streetz.
  2. https://worldofeuc.slack.com/archives/CKBVDG48H/p1610685976025900
  3. I removed Enable Background Optimizations because I feel that it could cause issues and enabled a schedule based on some feedback with better control
  1. Let’s check my schedule with PowerShell
  2. Get-DedupSchedule
  1. I am going to kick it off and see what it does for me.
  1. Powershell
  2. Start-DedupJob -Volume D: -Type Optimization -Memory 75 -Cores 100 -Priority High -Full
  1. Before
  1. After
  1. Let check the status
  2. Get-DedupStatus -Volume D: | fl
  1. So, I save 1GB? WOW. After looking at this, I realized that I ran an FSLogix Shrink script 2 days ago. So, I needed to change it to 1 day for me. So that was not a really fair test.
  1. Test 2 is switching to VDI and to 1 day. Based on what I read on MS. This would help in saving around see the same OS over and over. But in this case, it’s just a test and I am not worried about that. 
  1. After
  1. So, I saved 92.71 GB.

10 I will switch it back just to see if I can squeeze more out, or if it better this way. But I doubt it.

  1. So ill run this again
  2. Start-DedupJob -Volume D: -Type Optimization -Memory 75 -Cores 100 -Priority High -Full 
  1. Results are the same. But this was a good experiment and If I saved 91GB on 500GB Volume. I gained 18.5% of Disk space back. 500×18.2% = 92.5
  1. What could I save on 4TB? If we take the math I have here, and just guesstimate (Guessing and estimating). Based on that, 4000 x 18.5% = 740GB. I could gain another 740GB. At 4TB Volume, my current free space is 670GB after an FSLogix Shrink job was run.  So, overall, that is 1.4TB back in my pocket. I call that I win and very happy. However, this could be less or more. 

In my opinion, this is a huge value to anyone running FSLOGIX Profile servers, or really any file servers. This quick blog is not anything fancy, but more of a reminder out there for those who forgot like me. Everyone be safe and  Until Next time folks.

Resources

https://worldofeuc.slack.com/archives/CKBVDG48H/p1610685976025900

https://docs.microsoft.com/en-us/windows-server/storage/data-deduplication/understand

https://docs.microsoft.com/en-us/windows-server/storage/data-deduplication/advanced-settings

Cleanup Jobs

Cleanup unused FSLogix Office 365 Containers – dready’s Blog

Delete Inactive FSLogix Profiles using PowerShell – hallspalmer_Blog (wordpress.com)

Delete old Profiles script

GitHub – FSLogix/Invoke-FslShrinkDisk: This script will shrink a FSLogix Disk to its minimum possible size

Oct 212020
 

Introdution

The Citrix WAN optimization policy (or “low bandwidth” policy) aims to compress and reduce the bandwidth used by the ICA protocol by lowering the visual quality for users with slow and unreliable connections. This article will benchmark the best possible configuration for the low bandwidth policy in a Citrix 7.15 LTSR CU3 environment.

Testing Protocol

In order to determine the most efficient WAN optimization policy in the Citrix environment (7.15 LTSR CU3), a benchmark tool will be used to execute a predefined set of actions for accurate data collection across the different tests run. The tool used for this documentation is PCMARK10 on Windows 2016. The test is composed with two specific configurations:

Web (Browsing + Multimedia): automated testing of HTML5 content rendered in a web browser, including video playback and rich media web browsing.

Office (Writing + Spreadsheets): automated testing of documents writing, with text typing simulation, images and text blocks pasting, pages scrolling, spreadsheets generation with large number of cells and graphics.

Web Browsing and Office tests are executed separately to measure the encoder performance in each context (multimedia or text).

Default configuration baseline

The ICA protocol configuration baseline for remote access by default is set to medium quality.

Specific settings excluded from configuration

Enable Extra Color Compression:
This setting will add extra picture compression at the expense of visually degraded quality. The measurements during the benchmark showed that this option added an interesting gain in term of bandwidth reduction, but the visual impact, especially on text, was not negligible. As you can see on the picture below, some text outputs are blurry and difficult to read.

The test is blurry beyond user acceptance when using Extra Color Compression

This option will be removed from the scope of the low bandwidth policy.

Target Minimum Frame Rate
The “Target minimum Frame Rate” setting is associated with the legacy mode (Adaptive Display or Progressive display configuration) but still referenced in 7.15 LTSR when using the compatibility mode. It is not clear how this setting is influencing the bandwidth compression when reaching low FPS and will not be included in the benchmark. The default value of 10 fps is used in all configurations.

Testing parameters

Different parameters are tested for a total number of six “Low Quality” tests (LQ1 to LQ6).

Test results

LQ5 is the most efficient configuration in this benchmark, with 65% gain in multimedia and web browsing testing and 47% gain in office and text testing, compared to the standard medium quality (MQ), and without noticeable compression artefacts and pixelisation. The use of selective H.264 encoding (LQ1 to LQ4) is slightly more efficient for web and multimedia activities, but will give less gain in office and text editing activities, and will add noticeable compression artefacts. For office and text editing, the “Compatibility mode” in LQ5, which use a traditional JPEG compression, is more stable (less artefacts) and more efficient for compression in this scenario. The 8-bit mode is interesting for office and text bandwidth compression but offers poor performances with web browsing and multimedia, and will substantially degrade the user experience in this mode.

WAN optimization user policy settings

The settings used in the policy are detailed below:

Desktop UI

Audio

Graphics

Visual Display

Multimedia (redirection)

Low Bandwidth Policy Diagram

Sep 192020
 

 I recently converted from VMware to AHV, and I wanted to show how I did Nutanix Files 3.7 with FSlogix. While I haven’t moved everything over yet, but I have tested this very hard, and it’s solid as iron. I still use VMware for my datacenter servers, but we wanted our Citrix Environment on all Nutanix because it’s a solid product, and it’s simplified so that we can focus in other areas. This is how I did it, and I have learned a lot so far in the process. I am by far no expert and this is for beginners like myself. I had a lot of help from the Nutanix Slack EUC channel, and especially Jarian Gibson.  This is a single site, which is 3 FSVM only. 

In regard to setting up Nutanix Files, this video is very useful.

Nutanix Files – Shares are not accessible from clients that are on the same subnet with Nutanix Files storage network

https://portal.nutanix.com/page/documents/kbs/details?targetId=kA00e000000LLtGCAW

*****Client access network must not be on the Storage network. ****

Does not work:

File Client 10.50.175.0/21

Files Access Network 10.50.105.0/24

Files Storage Network 10.50.175.0/21

Works:

File Client 10.50.175.0/21

Files Access Network 10.50.175.0/21

Files Storage Network 10.50.105.0/24

Make sure that either the client is on a subnet different from the Storage Network or that all three the client, Files access Network, and Files storage network IP addresses belong to the same subnet.

The screenshot on deploying Files is very high level. The video will help you understand more.

For me, all I wanted was SMB. Then insert a username and password so it can join AD

I left this blank

For the DNS and Naming, at first, I did this (automatic)

But I had some bad reverse PRT issues. So, I fixed them, then went and manually added it.

I mad them Static Records. 

Then I clicked on verify, and it was good.

Here is a Pic I found from Christainn Binkhoff site that gave a logical understanding of the layout.

Machine generated alternative text:
Outlook OST, 
Windows Search DB, 
OneDrive Cache, S4B 
GAL 
SMB & NFS 
SMB

I read a lot of material on 3.6 and one of the things I found was this

https://portal.nutanix.com/page/documents/details/?targetId=Files-v3_6:Files-v3_6

Ensure that the client and storage networks use a tagged VLAN. The client and storage networks must have separate subnets if the networks are not the same. If the same network is used for both clients and storage, then IP addresses must be unique. Clients on the same subnet as the storage network will not be able to access the shares or exports.

I am not 100% if this applies to 3.7, But I followed it anyway to make sure I had no issues.

Overview of the bigger picture.

The CVM and FSVM layer

Nutanix Files VMs have access to two networks:

  • External network – it is used by clients and external services communication
  • Storage or internal network – it is used for communication between Files VM and the Nutanix cluster.

The FSVM layer and communication

I used Prism element to configure this

Create the Nutanix Files – File Share

open the file server menu in Prism Element and click on Create a Share/Export in the top right-hand corner

You need to open the file server menu in Prism and click on Create a Share/Export to get in the list 

The name of the share will be the share name within the UNC path to the share of the Files

An example of my File Share is “FSLogix_Office_Containers”

After putting in the information above, you have the option to configure Access Based Enumeration to hide other FSLogix Office 365 folders/User Profiles from other users.

ABE can be compared with the Access Based Enumeration setting within Windows File Services as well

 *Note*

The CLI run afs smb.set_conf “restrict nonamdin access” “no” section=global” isn’t needed for Files 3.7. I reached out to Jarian Gibson to confirm this as well. Thanks, Jarian!

 As I learned you will want to use distributed for Profiles. The explanation is below, and it is explained well.

Machine generated alternative text:
Basics 
Create a share/export 
Settings 
o 
o 
use "Distributed" share/export type instead of "Standard" 
aest suited for home directories. user profiles and application folderx This 
option distributes top-level directories across Fileserver VMS and allovvs for 
increased capacity and user connectionx 
Note that only folders can be created at the root and these top-level folders must 
be managed using Nutanix Files MMC plugin and can be downloaded from 
ated. a distributed share/export cannot be downgraded to standarff 
Enable Self Service Restore 
Enable File System Compression 
Enable Access Based Enumeration (ABE) 
Blocked File Types 
You can also block file types on the file serveNaII shares) from file server update 
Encrypt SMB3 Messages 
Cancel
Machine generated alternative text:
Create a share/export 
Summary 
Basics 
File Server 
Share/export Name 
Share/export Path 
Protocol 
Max Size 
Share/export Type 
File System Compression 
Encrypt SMB3 Messages 
Citrix Profiles 
'Citrix Profiles 
SMB 
Distributed 
Not Enabled
Machine generated alternative text:
Protocol Settings 
PROPERTH 
Authentication 
Client Access 
ABE 
Self Service 
Restore 
SMS PROTOCOL 
Kerberos {AD) 
Read-write 
NFS PROTOCOL 
Cancel 
Create

Shares

Machine generated alternative text:
Ck access 
sktop 
lbvn/oads 
Disk C:) 
:uments

Now Download MMC from Nutanix to manage permissions. I found out that I still could manage permission for what I was trying to achieve. Once again I reached out to slack around this and it for TLD permission as René Bigler explained it to me. Thank you again

https://portal.nutanix.com/page/documents/details?targetId=Files-MMC-Plugin-v3:Files-MMC-Plugin-v3

Share permission you can’t change. You will need to control it with NTFS. I was updated by Jarian that you can modify shares.  But you need to open MMC and add the Share Snapin. 

“if you want to change share permissions from the default of Everyone full control you have to use Shared Folders MMC snap-in. If you don’t change default share permissions, then NTFS permissions will take precedence.”

Typically, on a windows file share, I removed everyone, and lock it down with a group instead. It’s just something I have always done, and it just me. However, it’s not needed if the NTFS permission is set up correctly. 

Screenshot from an example that was shown to me.

As you can see now, You can do this.

Set the NTFS Permissions on the Nutanix Files share

Make sure that the following best practices NTFS rights are set on the Nutanix Files – file share location. The procedure is the same as for a normal Windows File Server but now on the Nutanix Files namespace folder share

Open the File Share and open the Security properties

 NTFS permission Table

Machine generated alternative text:
User Account 
CREATOR OWNER 
SYSTEM 
Administrator 
users 
users 
users 
Users 
Folder 
Subfolders and Files Only 
This Folder, Subfolders and Files 
This Folder, Subfolders and Files 
This Folder Only 
This Folder Only 
This Folder Only 
This Folder On 
Permissions 
Full Control 
Full Control 
Full Control 
Create Folder/write Data 
List Folder/Read Data 
Read Attributes 
Traverse Folder/Execute File

This is how did it below

Machine generated alternative text:
Name: 
Ouuner: 
Advanced Security Settings for 
D... 
Administrators 
dministrators) Change 
Permissions 
For additional information, 
Permission entries: 
Auditing 
Effective Access 
double-click a permission entry. To modify a permission entry, select the entry and click Edit (if available). 
Type 
Allow 
Allow 
Allow 
Allow 
Allow 
Allow 
Princi 
Administrators 
CREATOR OWNER 
Domain Admins 
SYSTEM 
IT Service Desk Maint 
Authenticated Users 
Access 
Full control 
Full control 
Full control 
Full control 
Modify 
Read, write & execute 
Inherited from 
None 
None 
None 
None 
Applies to 
This folder, subfolders and files 
Subfolders and files only 
This folder, subfolders and files 
This folder, subfolders and files 
This folder, subfolders and files 
This folder only 
Enable inheritance 
Replace all child object permission entries wuith inheritable permission entries from this object

Here is my GPO for around Fslogix (Again this is for RDSH 2016 and windows 10 1607/1809. Remember Server 2019 will be different. So please don’t enable Search in the GPO for Server 2019. 

C:\Users\LOCAL_~4\Temp\5\msohtmlclip1\02\clip_image011.png
Machine generated alternative text:
nclude Outkok geronalizatbn data in container 
nclude Outbok personalization data in container 
nclude Sharecoint data in container 
nclude Sharepoint data in container 
nclude Skype data in container 
nclude Skype data in container 
NW-tier of ger&ssBn VH DS to persist 
Nunter of ger&ssion VH DS to persist 
Store earch databaæ in Of-fee 365 container 
sync OST to VFD 
VH D kcatBn 
VH D bcation 
Virtual disk type 
Offwe 365 and Directory Naning 
Swap dirætory n.ane 
Swap directory nanz convonents 
Setting 
Enabled 
Setting 
Enabled 
Setting 
Enabled 
Setting 
Enabled 
Setting 
Enabled 
Setting 
Enabled 
Setting 
Enabled 
Setting 
Enabled 
Setting 
Enabled 
Enabled 
Sing I equser sea n: h 
Move OST to VHO
Machine generated alternative text:
Profik &ntainers 
Albw concurrent uær essBns 
Alknv conculEnt uær sessions 
Déte kcal profik when FSLcgix Profik shouh appt}' 
Déte kcal profik when FSLcgix Profik should appt} 
VH D-pq alkcatBn 
Dynaröc VH DOq allocation 
Profik type 
VH D kcatBn 
VH D bcation 
Profik &ntainersl &ntainer and Naning 
Swap dirætory n.ane 
Swap directory nanz convonents 
Virtual disk type 
Setting 
Enabled 
Setting 
Enabled 
Setting 
Enabled 
Setting 
Enabled 
Setting 
Enabled 
T for pmfile and fallback to readonly 
Setting 
Enabled 
Setting 
Enabled 
Setting 
Enabled

Profile I logged in and my profile was created.

Machine generated alternative text:
Home 
Quick access 
Desktop 
Douunloads 
OSDisk 
Documents 
FSLogix_Llser 
Containers 
Name 
davism 
Date modified 
9/17/202011:10AM 
File folder

ODFC (Didn’t set the flipflop here-missed by mistake) 

Machine generated alternative text:
Home 
FSLogix_Office Containers 
Nehmork 
FSLogix_Office 
Containers 
Name 
Quick access 
Desktop 
Douunloads 
OSDisk 
Documents 
davism 
Date modified 
9/1 7/2020 10:32 AM 
File folder

Lets Test Access base enumeration

Machine generated alternative text:
Name 
Test Citrix 
Test Citrix Properties 
Security 
Environment 
Sessions 
COM+ 
Remote control 
DigitalPersona 
Remote Desktop Services Profile 
General Address Account 
Member Of 
Published Certificates 
T elephones 
Organization 
Password Replication Dial-in Obiect 
Member of: 
Name 
Domain users 
Active Directory Domain Services Folder 
users
Machine generated alternative text:
HOME 
oo 
oo 
Excel 2016 
exspend 
O 
FADB 
o 
First Data 
Fiserv SCO 
Test Citrix 
Account Settings 
About 
Log off 
Harland

I can’t see davism from my test citrix account.

Machine generated alternative text:
FSLogix_Llser 
Organize • 
Nehmork 
New folder 
Name 
Containers 
O 
Date 
Quick access 
Desktop 
Douunloads 
Documents 
Microsoft. Word 
This pc 
File name: 
modified 
No items match your search. 
All Word Documents 
Tools

Test NTFS permission on davism. I forced it so I could test the NTFS.

Machine generated alternative text:
Home 
o 
Nehmork 
FSLogix_Office_Containers 
Name 
ODFC davism.VHDX 
Destination Folder Access Denied 
You need ermission to 
Date modified 
9/17/202011:10AM 
efform this actio 
Type: File folder 
davism 
Hard Disk Image 
Search 
200, 704 KB 
Date modified: 9/1 7/2020 10:32 AM 
Cancel

I must admit, it a very good feature Nutanix has, and I look forward to learning more around continuous availability (tech preview) and expanding this out to a DR site so the data can all replicate. I don’t know how to do this yet. But I will learn it soon.

Sources

Slack: Jarian Gibson and Nutainx-euc

https://www.christiaanbrinkhoff.com/2018/10/18/configure-fslogix-office-365-containers-with-nutanix-files-afs-better-together/

https://portal.nutanix.com/page/documents/details?targetId=Field-Installation-Guide-v4-5:set-network-reqs-c.html%23concept_1mm_xwq_nh

https://portal.nutanix.com/page/documents/details?targetId=Files-v3_7:fil-file-server-manage-c.html

Dec 232019
 

This is an older upgrade, but you can still use it as a reference point.

There are a lot of guides out there, and this isn’t to repeat any of them, but how I did it.

Great blogs

https://www.carlstalhood.com/workspace-environment-management/

https://www.mycugc.org/blogs/cugc-blogs/2018/07/20/how-to-update-citrix-workspace-environment-managem

WEM Upgrade Process

*NOTE*I use BISF for all my images, In this post, you will see I don’t run these. BISF will do it for me when I seal up my image

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe update
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe eqi 3

WEM Upgrade layout

Infrastructure Services

  1. Run the installer of the Infrastructure Services version you want to upgrade to. 
    1. This may not be needed, but I do it as a safety net.
  2. You should manually stop the Norskale Infrastructure Services service before upgrading to ensure the upgrade is successful.
Machine generated alternative text:
ices (L 
Norskale Infrastructure Service 
Stop the service 
Restart the service 
Description: 
Norskale Infrastructure Broker Service 
Net.Tcp Port Sharing Service 
Netlogon 
Network Connection Broker 
Network Connections 
Network Connectivity Assistant 
Network List Service 
Network Location Awareness 
Network Setup Service 
Norskale Infrastructure Service 
Ice can cmmcn lent o ution 
OfficeScan NT Listener 
OfficeScan NT RealTime Scan 
Offline Files 
Optimize drives 
Performance Counter DLL Host 
Performance Logs & Alerts 
Phone Service 
Plug and Play 
Portable Device Enumerator Service 
Power 
Print Spooler 
Printer Extensions and Notifications 
Framework 
Stop 
Resume 
All Tasks 
Refresh 
P rope rties 
Help 
Problem Reports and Solutions Control Panel Support 
Description 
Provides ability to share TCP ports cn.'er 
Maintains a secure channel between thin. 
Brokers connections that allow Window... 
Manages objects in the Network and Din. 
Provides DirectAccess status notification. 
Identifies the networks to which the co... 
Collects and stores configuration infor... 
The Network Setup Service manages th... 
This service delivers network notification. 
Infrastructure Broker Service 
advanced solutions and featur... 
commands and notifications fr... 
Real-time, Scheduled, and Ma... 
ne Files service performs maint... 
e computer run more efficientl... 
emote users and 64-bit process... 
nce Logs and Alerts Collects 
the telephony state on the dev... 
computer to recognize and ad... 
group policy for removable 
power policy and power polic... 
ice spools print jobs and handl... 
This service opens custom printer dialo... 
This service provides support for viewin...
Machine generated alternative text:
Name 
Agent Group Policies 
Configuration Templates 
Citrix Workspace Environment Management Agent Setup.exe 
Citrix Works ce Environment Mana ement Infrastructure Services Setu .exe 
Ope n 
Run as administrator 
Pin to Start 
Restore previous versions 
Send to 
Copy 
Create shortcut 
Delete 
Rename 
Pro perties 
Date modified 
1/2/2019 2:48 PM 
1/2/2019 2:50 PM 
1/2/2019 2:48 PM 
1/2/2019 2:48 PM 
1/2/2019248 PM 
Type 
File folder 
File folder 
Application 
Application 
Application 
Size 
71,557 KB 
66,610 KB
Machine generated alternative text:
Citrix Workspace Environment Management Infrastructure Services - InstallShieId X 
Welcome to the InstallShield Wizard for Citrix 
Workspace Environment Management 
Workspace 
Infrastructure Services 
The InstallShieId(R) Wizard will install Citrix Workspace 
Environment Management Infrastructure Services on your 
computer. To contnue, dick Next. 
WARNING: This program is protected by copyright Ian and 
internatonal treates. 
Next >
<img src="https://lh5.googleusercontent.com/KuesNN5mrm5CYACOhR1zT0AAzgwo3gS_uxyavyEWM3h6YHjk9jmt8WO0JGI62hkt7wd-0JbqRrZx7Kdpfvp-6h7sdgAElhYIw_SjYI3ml7E4dbEox6QFe6iN-CWdTDdcaLX-ZUg" alt="Machine generated alternative text: Citrix Workspace Environment Management Infrastructure Services License Agreement Please read the following license agreement careMIy. CITRIX LICENSE AGREEMENT – InstallShieId This is a legal agreement ("AGREENENT") between the end-user customer ("you"): the providing Citrix entity (the applicable providing entity is hereinafter refe«ed to as "CITRIX"). Your location of receipt of the Citrix pro duct (hereinafter "PRODUCT") an maintenance (hereinafter "NIANTENANCE") detennines the providing entity as identified at
Machine generated alternative text:
Citrix Workspace Environment Management Infrastructure Services - Instal[ShieId 
Customer Information 
Please enter your information. 
user Name: 
Qrganiza bon: 
"star CLI 
InstallShieId 
Next >
Machine generated alternative text:
Citrix Workspace Environment Management Infrastructure Services 
Setup Type 
Choose the setup type that best suits your needs. 
Please select a setup type. 
@Complete 
- InstallShieId 
All program features will be installed. (Requires the most disk 
space.) 
O custo 
Choose which program features pu want installed and where they 
will be installed. Recommended for advanced users. 
InstallShieId 
Next >
Machine generated alternative text:
Citrix Workspace Environment Management Infrastructure Services 
Ready to Install the Program 
The wizard is ready to begin installation. 
Click Install to begin the installation. 
- InstallShieId 
If pu want to review or change any of your installation settings, dick Back. Click Cancel to 
exit the wizard. 
InstallShieId 
Install
Machine generated alternative text:
Citrix Workspace Environment Management Infrastructure Services - InstallShieId 
InstallShield Wizard Completed 
No rkspæe 
The InstallShieId Wizard has installed Citrix 
Workspace Environment Management Infrastructure Services. 
Click Finish to exit the wizard. 
[Z Start the Database Management utility.
  1. Now start the Database Management Utility which will lead in 5b.

Upgrade Database

Machine generated alternative text:
WEM Database Management Utüt-y 
Database Management 
Create 
täB*e r Stibn : 
Upgrade 
ÜætöbSSe pdzte 
ciTR!X• 
Workspace Environment Management
Machine generated alternative text:
Citrix Workspace Environment Management Console - Install... 
Installing Citrix Workspace Environment Management Console 
The program features you selected are being installed. 
Please wait while the InstallShieId Wizard installs Citrix Workspace 
Environment Management Console. This may take several minutes. 
Status: 
Removing backup files 
InstallShieId
  1. Now launch the Infrastructure Services Configuration Utility again:
  1. C:\Program Files (x86)\Norskale\Norskale Infrastructure Services\Norskale Broker Service Configuration Utility.exe”
  1. Repopulate with all values that you took the note off in the initial tests and allow the services to restart
C:\2B6A64A5\7B474F2F-D05A-4FF0-B277-E68F9B34537D_files\image013.png

Service account used here.

Machine generated alternative text:
Configuraton Management 
Load Configuration 
Database Settngs 
Save Con figuration 
Net'A•ork Settngs 
Advanced Settngs 
Da tabase Main tenance 
Licensing 
@ Enable scheduled database maintenance 
Stabsbcs retention period (days): 
System monitoring re ten ton period (days): 
Agent registrations retention period (days): 
Execution time (HH:MM): 
02:00
Machine generated alternative text:
WEM Infrastructure Service Configurabon 
Configuraton Management 
Load Configuration 
Database Settings 
Save Con figuration 
Advanced Settings 
Database Maintenance 
Licensing 
Administr a bon por t: 
Agent service port: 
Cache synchr onizaton port: 
WEM monitoring port: 
8287
Machine generated alternative text:
Configuration Management 
L oad Con figura bon 
ave Configuraton 
Net'A'ork Settings 
Infrastructure Service Configuration 
Broker Service will be restarted to apply settngs, Do you vvant to proceed? 
Adva
Machine generated alternative text:
Home 
Configure license server 
L;cense Mar,aoemerit 
Actions 
Applications 
NeF•vork Drives 
Virtual Drives 
Registry Enmes 
Envir onrnen t Variables 
e ports 
Filters 
Assignments 
System Optimization 
Policies and-profiles 
Securiy 
Get Help Options 
Support Local Settng: 
About 
We&spsce 
About Ctrtx Workspace Environment Management Console 
Citrix Workspace Environment Management Console 
Version 1808.0.1.1 
@ 2018 Citrix Systems, Inc. All rights reserved. 
Version 1808.0.1.1 
@ 2018 Citrix Systems, Inc. All rights reserved.

Upgrade Admin Console

Machine generated alternative text:
Application Tools 
View 
Manage 
Home 
* Quick access 
Desktop 
Downloads 
Documents 
[e Pictures 
System32 
This pc 
Netwo rk 
Share 
Workspace- Environment- Management-ve 1808-00-01-01 
Citrix WEM 1808-Latest 
Network jaxnavy.org data 
Name 
Agent Group Policies 
Configuration Templates 
IT 
IT Software Installs 
vsl ctxwen, 
Workspace- Environment- Management-ve 1808-00-01-01 
Date modified 
1/2/2019 2:48 PM 
1/2/2019 2:30 PM 
1/2/2019 2:48 PM 
1/2/2019 248 PM 
1/2/2019 2:48 PM 
Workspace-Erwironment-Management-'F 1808-00-01-01 
Citrix Workspace Environment Management Agent Setup.exe 
Citrix Workspace Environment Management Console Setup.exe 
Citrix Workspace Environment Management Infrastructure Services Setup.exe 
Type 
File folder 
File folder 
Application 
Application 
Application 
Size 
71,557 KB 
60610 KB 
55,992 KB
Machine generated alternative text:
Citrix Workspace Environment Management Console - InstallShieId Wizard 
Preparing to InstaH.„ 
Citrix Workspace Environment Management Console Setup is 
preparing the InstallShieId Wizard, which will guide you 
through the program setup gruess. Please wait. 
Extractng : Citrix Workspace Environment Management 
Console msi

Upgrade Agent host

I just do the basic install, I use to tell it to install the Cache on the D drive. But that’s really not needed anymore. I use BISF, and tell it to move it for me. I like to have a D drive on my machines (PVS).

You can read here in the comments

https://www.mycugc.org/blogs/cugc-blogs/2017/11/30/wem-advanced-guidance-part-1

<img src="https://lh3.googleusercontent.com/y_7dA9IAdcwNO_befM2TzorfgrO2_S4EePHhRS2odleNFuS9k2vHwPZ2HZ_4k3viOxmVF9iX3nnOskjxhCPsRj__eO0n1Py0yYI1z9_xhYKESAL6XbsQuB2JpCFZNWjG8Ygtklo" alt="Machine generated alternative text: Home Share View Application Toolr Workspace-Em.'lronment-Managernent-'F 1808-00-01-01 Manage
Machine generated alternative text:
Citrix Workspace Environment Management Agent - InstallShieId Wizard 
Welcome to the InstallShield Wizard for Citrix 
Workspace Environment Management Agent 
Wo rkspace 
The InstallShieId(R) Wzard will allon pu to modify, repair, or 
remove Citrix Workspace Environment Management Agent. To 
continue, dick Next. 
Next >

Then just follow the basic prompts

Update new ADMX and ADML Files

For me, it’s this

\\Domain.org\SYSVOL\Domain.org\Policies\PolicyDefinitions

Changes In 1903 and up

Keep this in mind

Now If your upgrading beyond 1903 Remember the paths have changed

Reference

James Kindon, has done the work for you, Use his scripts.

The following changes are going to occur so be ready:

  1. A new clean installation of the WEM Agent will result in a complete change of Service Names and Folder Structures as below 
  • The new Service name is: Citrix WEM Agent Host Service 
  • The new process name is: Wem.Agent.Service.exe 
  • The new path structure is: %ProgramFiles%\Citrix\Workspace Environment Management Agent
  1. An upgraded installation of the WEM agent will result in partial changes to your environment: 
  • The new Service name is: Citrix WEM Agent Host Service 
  • The new process name is: Wem.Agent.Service.exe 
  • The path on the file system will not be altered and will remain as it was: %ProgramFiles%\Norskale\Norskale Agent Host

Be aware also that in both clean and upgraded deployments, the Windows Event logs will change from Norskale Agent Service to WEM Agent Service


Old (Pre Cloud Service 1903 and On-Prem 1909)New (Post Cloud Service 1903 and On-Prem 1909)
Installation path%ProgramFiles%\Norskale\Norskale Agent Host%ProgramFiles%\Citrix\Workspace Environment Management Agent
Service nameNorskale Agent Host ServiceCitrix WEM Agent Host Service (WemAgentSvc)
Process nameNorskale Agent Host Service.exeCitrix.Wem.Agent.Service.exe
Event LogsNorskale Agent ServiceWEM Agent Service




1912 has introduced some new changes as well.

https://docs.citrix.com/en-us/workspace-environment-management/current-release/whats-new.html

*One thing to note on Port*

Cache synchronization port. (Applicable to Workspace Environment Management 1909 and earlier; replaced by Cached data synchronization port in Workspace Environment Management 1912 and later.) The port on which the agent cache synchronization process connects to the infrastructure service to synchronize the agent cache with the infrastructure server. The cache synchronization port must be the same as the port you configured for the cache synchronization port (WEM Infrastructure Service Configuration > Network Settings) during the infrastructure services configuration. The port defaults to 8285 and corresponds to the AgentCacheSyncPort command-line argument.

Cached data synchronization port. (Applicable to Workspace Environment Management 1912 and later; replaces Cache synchronization port of Workspace Environment Management 1909 and earlier.) The port on which the agent cache synchronization process connects to the infrastructure service to synchronize the agent cache with the infrastructure server. The cached data synchronization port must be the same as the port you configured for the cached data synchronization port (WEM Infrastructure Service Configuration > Network Settings) during the infrastructure services configuration. The port defaults to 8288 and corresponds to the CachedDataSyncPort command-line argument. Alternatively, you can specify the port using a command-line option in the silent installation of the WEM agent

Wayne Lui states its backward compatible and still listens, But I would add this into your Firewall Ruleset.

Port information

https://docs.citrix.com/en-us/workspace-environment-management/current-release/reference/ports.html

Jul 292019
 

Update: Added cli functionality.
Update: Added 2nd pass of defrag to fix the profile ballooning issue that sometimes occurs.
Update: Added ability to target profiles over “X” size for compacting
Update 3/31/2020: Fixed a bug that didn’t allow the new tool to run as a scheduled task. Fixed in version 2003.1
Update 4/21/2020: Fixed bug that didn’t assign drive letters to vhd(x) files when running via CLI. Which breaks the defrag, and in turn doesn’t free up any space for diskpart to shrink. Fixed version is 2004.1.
Update 4/23/2020: Added the ability to sort profiles in the GUI. Clicking the stop button should dismount vhd(x) files automatically. Uses optimize-volume instead of defrag – should be MUCH faster. Also does not need drive letters anymore. Version 2004.2
Update 4/27/2020: Tool now detects RW disks and will not attempt to compact multi session profile disks if in use. Version 2004.4
Update 4/29/2020: Tool will find hidden .vhd(x) files. Version 2004.5
Update 5/26/2020: Fixed the optimize-volumes to use “retrim” after defraging the volume. This will increase processing time, but shrink the vhd(x) files much more. Version 2005.1

Update 6/24/2020: Added defrag back – which seems to do a lot better at freeing up space. Instead of giving a drive letter it sets the drive up as a mount point in the TEMP directory of the user running it (random named folder that will start with “_FSL”). With this I have updated the command line so you can process more than one vhd(x) at a time. TAKE NOTE OF THE NEW COMMAND LINE OPTIONS AS THEY HAVE CHANGED! Version 2006.1
UPDATE 6/25/2020: Bug fix – the 2006.1 version would leave the last vhd(x) attached when using the -tasks # switch. No, popups in cli to stop processing if it doesn’t find any vhd(x), and instead of “N/A” it will show the file size if the file is locked in the after column. Fixed in version 2006.3.
Edit: Version 2006.4 now – last bug fix for the day hopefully. Forgot to add the check for RW.VHD(X) files.

Do not use this tool if you are doing any differencing disks!
Diff disks, no problem!

This post is an updated version of my original profile compacting script ( http://www.citrixirc.com/?p=829). I wrote it using Powershell Studio and converted it into an executable. This version does not require the Hyper-V powershell module as it diskpart to perform the shrink function.

Requirements:

  1. Administrative rights on the machine running the tool, and read/write to the profiles.
  2. .Net 4.5
  3. Recommend not running from a machine which has any .vhd(x) attached

Instructions/How it works:

  1. The program will remember the last directory selected (via an .ini file – if it exists), or you can click the “…” button at the top left to browse to the root directory of your profile share.
  2. Once a directory is selected it will list all .vhd and .vhdx files along with their current size and their current locked status in descending order by size. (this can take a little while depending on how many vhd(x) files are present – be patient)
  3. Select the profile(s) you wish to compact (you can select multiple using ctrl and shift+click)
  4. Click the compact button, and the program will process each profile selected one at a time
    1. Checks one more time to make sure the file is not locked
      1. If it is, it will skip on to the next one
    2. Gets the current size again before processing
    3. Attaches the vhd(x) in R/W mode
    4. Creates a random named folder in the user’s temp directory starting with “_FSL”
    5. Mounts the vhd(x) to that folder
    6. defrags the volume
    7. Detaches and re-attaches as read only
    8. Uses diskpart to compact the vhd(x)
    9. Gets the size of the file post processing
    10. Updates the results pane
  5. After it has run through all the selected profiles it will display the total reduction in MB at the bottom.
  6. Update: To run via CLI simply run from command prompt with the following options
    -path \\servername\share (path to the root vhd(x) share)
    -size 4096 (minimum size to touch in MB – will skip any vhd(x) smaller)
    -tasks # (number of concurrent vhd(x) files to compact – there is no limit, so be careful not to overload the machine you’re running this on)

    Examples:
    Run against all vhd(x) files one at a time
    ShrinkFSL.exe -path \\servername\share\

    Run against all vhd(x) files 2 at a time
    ShrinkFSL.exe -path \\servername\share -tasks 2

    Run against all vhd(x) files over 5GB
    ShrinkFSL.exe -path \\servername\share -size 5120

    Run against all vhd(x) files over 5GB AND process 2 at a time
    ShrinkFSL.exe -path \\servername\share -size 5120 -tasks 2
    1. A log file in csv format will be generated in the same directory that ShrinkFSL is run from. Shrink_MMddyyy_HHmmss.log
    2. If you stop the process make sure you disconnect any vhd(x) file that may be lingering, and delete _FSL folders in the temp directory!

You can keep track of the .vhd(x) attaching/detaching via diskmgmt.msc if you want. If for some reason the program hangs up you can click the stop button. It will detect if there is a vhd(x) attached, and detach it.

Always test new tools in Development/UAT environments prior to running in production! If you have any questions/comments please post here, and I will respond as soon as I can.

Here is a link to the tool (Updated 6/25/2020)
https://david62277.sharefile.com/d-saad8432c8994f61b

Oct 022018
 

According to this article, they say ” SAML with Microsoft Azure is only supported if you are using AD FS”. We are not using ADFS in our environment. We are simply using Azure AD Connect to do Password Synchronization into Azure AD from our on-premises Active Directory Domain Services. I figured out a way to make this work without using ADFS.

Log into your Azure instance, click on “Azure Active Directory” and select “Enterprise Applications”. Click “New Application” and select “Non-gallery application”

Call it something and hit “Add”

While this is configuring, log into your ConnectWise Manage server and go to the URL (https://{site}/v4_6_release/auth/{companyId}/metadata) This will download a metadata file. Save it somewhere.

Back in the Azure portal, your Enterprise Application should now be up. Click on “Users and Groups” and add a group that you would like and hit “Select”, then “Assign”. I am going to select a group with all of our Active Directory users her. (Remember: Our environment is setup using Azure AD Connect with password sync)

Next, click on “Single sign-on” and select “SAML”

I’m using the “New Experience” here. You can switch to and from it with the following button at the top.

Click edit on “Basic SAML Configuration”. Then click “Upload metadata file” at the top and upload the metadata file you downloaded above. It will add the top two lines. I have added the “Sign on URL” manually by just adding the base URL. After you are done with all of this, click “Save”

Next, download the Base64 cert (Under “SAML Signing Certificate”) and save it somewhere.

Under #4, copy both the “Login URL” and the “Azure AD Identifier” into notepad somewhere.

Next, select the “old experience” using the button at the top.  Set “User Identifier” to “user.employeeid” and click “Save” at the top.

You can switch back to the “New Experience” now. You should see your change here:

Log into Manage and go to “System” and “Setup Tables” then “SSO Configuration”. Click “+” to add a new one.

Enter a description and put in “SSO Type” of “SAML” (You may want to set this to inactive while you are screwing with it). Select the location in the top right.

Enter “Login URL” in the “Login URL” field

Enter “Azure AD Identifier” in the “Identity Provider ID” Field

Upload the Base64 certificate from above.

Click “Save”

When you are ready to test it, uncheck the “Inactive” button, and save the configuration.   The login will look like this now:

One last tidbit.  If somehow you DO lock yourself out of your environment, you can change your SSO configuration directly in the database. Just find dbo.SSO_Configuration, and set your “Inactive_Flag” to True.  Not that I did that or anything.  🙂 🙂

Sep 272017
 

Tick tock, tick tock. June 30th, 2018 is fast approaching and will be here before we know it. If you are anything like me, you still have plenty of old 2008R2 XenApp 6.5 farms lying around. I’m sure you have seen all the articles like this, this, this, and this. These are great resources on how to migrate your XenApp 6.5 farm information into a 7.x site collection. However, everything I have read is missing a critical piece of information that I needed in my environment. How do I get my existing session hosts migrated into this 7.x site collection? I have seen this Citrix article that states the basic premise, however most things I have read/heard state that you should always install a clean VDA and reinstall your applications.  For my environment, this just is not feasible.  I have hundreds of applications across dozens of customers and Active Directory forests. Many of these applications were difficult to install on XenApp in the first place. Some of them required software vendor coordination to install. There is the issue of license key transfer, etc. etc. Too many issues arise for this to work in any sane amount of hours. For my needs, I needed to figure out a consistent way to move my workers from 6.5 to 7.x. I needed to upgrade my hosts, plain and simple. If you have ever tried to uninstall XenApp 6.5, it does not do a very good job, sadly.  It leaves a lot of remnants that the 7.x installation detects and then fails to install the VDA.  A LOT.

I developed a process that does the following:

  • Uninstalls XenApp 6.5 (For real)
  • Upgrades 2008R2 to 2012R2
  • Installs the VDA

I will be sharing with you the uninstallation of XenApp 6.5.  I spend countless hours (less than my estimate of fresh install, exponentially, of course) on this process figuring out what pieces 7.x detects and going back to the uninstallation to add the removal of that piece to the script.  A lot of the things I found needed to be uninstalled in a specific order, or other pieces would fail.

The first part of this script uninstalls all 7 Rollup Packs, in reverse order.

start-process -ea 0 -Filepath "msiexec" -Argumentlist "/uninstall {D23001A2-7FF8-EAFD-7E32-58B3A003F5B5} /package {1471A89F-8CAB-4C46-89AB-942432D1DD3D} /passive REBOOT=ReallySuppress" -wait
start-process -ea 0 -Filepath "msiexec" -Argumentlist "/uninstall {6534B232-8426-2242-316E-D9B1F5A46E1A} /package {1471A89F-8CAB-4C46-89AB-942432D1DD3D} /passive REBOOT=ReallySuppress" -wait
start-process -ea 0 -Filepath "msiexec" -Argumentlist "/uninstall {ED7485F0-8579-F605-3326-9D058656F2B0} /package {1471A89F-8CAB-4C46-89AB-942432D1DD3D} /passive REBOOT=ReallySuppress" -wait
start-process -ea 0 -Filepath "msiexec" -Argumentlist "/uninstall {D511345D-32F8-8940-8B55-398DBDE50F66} /package {1471A89F-8CAB-4C46-89AB-942432D1DD3D} /passive REBOOT=ReallySuppress" -wait
start-process -ea 0 -Filepath "msiexec" -Argumentlist "/uninstall {38D5B4B1-08DD-E8BA-3D9C-AEE979D52A7C} /package {1471A89F-8CAB-4C46-89AB-942432D1DD3D} /passive REBOOT=ReallySuppress" -wait
start-process -ea 0 -Filepath "msiexec" -Argumentlist "/uninstall {B1CF9796-DC5D-2498-CA8D-E03BF20DDD70} /package {1471A89F-8CAB-4C46-89AB-942432D1DD3D} /passive REBOOT=ReallySuppress" -wait
start-process -ea 0 -Filepath "msiexec" -Argumentlist "/uninstall {B4A6E274-BC1D-D17F-17AE-B7BB94FE8493} /package {1471A89F-8CAB-4C46-89AB-942432D1DD3D} /passive REBOOT=ReallySuppress" -wait
start-process -ea 0 -Filepath "msiexec" -Argumentlist "/uninstall {343BE097-0B21-F62C-9D0A-886C9D142DBF} /package {1471A89F-8CAB-4C46-89AB-942432D1DD3D} /passive REBOOT=ReallySuppress" -wait

The next part of the script does the uninstallation of on XenApp 6.5.

start-process -ea 0 -Filepath "msiexec" -Argumentlist "/x {1471A89F-8CAB-4C46-89AB-942432D1DD3D} /L*v c:\output.log CTX_MF_FORCE_SUBSYSTEM_UNINSTALL=Yes /passive REBOOT=ReallySuppress" -wait

The next part of the script does uninstallation of all of the crap that is left after this uninstall.

start-process -ea 0 -Filepath "msiexec" -Argumentlist "/x {68376322-B36A-47CE-A637-37943D56476A} /passive REBOOT=ReallySuppress" -wait
start-process -ea 0 -Filepath "msiexec" -Argumentlist "/x {C4567AFA-6577-46C6-9153-457509317506} /passive REBOOT=ReallySuppress" -wait
blah blah blah A ton more uninstallation crap here

During testing I ran through this uninstallation at least 50 times. I took a snapshot of the XenApp 6.5 system, tested the uninstall, reverted to the snapshot and tested again. The insane thing is that I would get different results, and different failures, randomly throughout my testing. What is the definition of insanity? “Doing the same thing over and over again expecting different results” Well, I guess I’m officially insane. Due to this, I added 2 more XenApp 6.5 servers to my testing in order to see what other failures this process may uncover. This was a smart idea, because I found many more things that needed to be scripted in an attempt to catch them all. So many orphaned services, registry keys and files left, randomly after each uninstall. Frustrating! Most were only found until after the 2012R2 upgrade and trying to install the VDA and digging into the logs for specific failures. VERY frustrating! I was tempted to hit the bottle many times at work during this process.

This next part was annoying and odd, and may not be necessary in your environment. I had a bitch of a time getting some of the C++ redistributables uninstalled. These are a critical component of XenApp 6.5 AND 7.x. If these are not removed cleanly, the VDA installation process fails miserably. I was not able to uninstall mine as they kept pointing to the original installation directory that did not exist anymore. I ended up downloading the installation files to a directory on the C: and changing the registry to point the installation to that location. Sigh.

This portion uses the PowerShell module Expand-ZIPFile to extract the installation files to the C:. I have attached everything at the end of the article. You can use whatever method you would like to extract the files. Please note the .reg file sets the install (uninstall) directory to C:\.

Expand-ZIPFile –File "C:\uninstallme.zip" –Destination "C:\"
REG IMPORT C:\fixme.reg

After these files are in place, I am able to successfully uninstall these C++ components.

start-process -ea 0 -Filepath "msiexec" -Argumentlist "/x {1D8E6291-B0D5-35EC-8441-6616F567A0F7} /passive REBOOT=ReallySuppress" -wait
start-process -ea 0 -Filepath "msiexec" -Argumentlist "/x {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} /passive REBOOT=ReallySuppress" -wait
start-process -ea 0 -Filepath "msiexec" -Argumentlist "/x {743C9F75-F327-4D1C-9016-6C573930ADC1} /passive REBOOT=ReallySuppress" -wait

After this portion. Reboot. Finally. This process takes a good half hour, at least, depending on your hardware.

Lastly, there is a cleanup script that removes all the orphaned services, registry keys, and files that I found to be left during multiple uninstall attempts. It also removed the Remote Desktop Services role.

$Ctxmemop = Get-WmiObject -Class Win32_Service -Filter "Name='Citrix 64-bit Virtual Memory Optimization'"
$Ctxmemop.delete()
$CtxAudioSvc = Get-WmiObject -Class Win32_Service -Filter "Name='CtxAudioSvc'"
$CtxAudioSvc.delete()
Blah blah remove more crap here
Remove-Item "C:\Program Files (x86)\Citrix" -recurse -force
Remove-Item "C:\Program Files (x86)\Common Files\Citrix" -recurse -force
Blah blah delete more crap here
Import-Module ServerManager
Remove-WindowsFeature Remote-Desktop-Services

Reboot. This part of the script doesn’t take long at all. This should now give you a clean slate (tabula rasa) in which you can upgrade and install the VDA.

The rest of the process is pretty self-explanatory. You do an in-place upgrade of 2008R2 to 2012R2. Then install the VDA. There is a lot more to it, and I can post a write-up if comments demand it.

I have attached the scripts/files to github. Thanks to braynyac (Tim Riegler) for posting them for me.

I hope this has been helpful to some of you. This was very time consuming and I hope I have saved some of you a ton of time who are in the same situation as we are in our XenApp 6.5 environment.

Have fun!

Link to all github with all files.