Mar 312017
 

Problem:
In my environment I have about 300 provisioned desktops, and when I update the vDisk sometimes it can take a while (days) before all of the VMs get the latest version.  Especially, in the case of a roll back I need a good way to get all of the VMs which are on the wrong version (and are waiting for a session) to boot to the correct version.

Solution:
POWERSHELL!!
Requirements:
I think powershell version 3, but since I did it with v4 I’ll say 4+
PVS powershell module installed (learn more here)
Powershell remoting enabled on your delivery controller (also need to supply the name in the script)

What the script does:

  1. Gets a list of the Collections in your PVS environment, and outputs it to out-gridview so you can select the collection you want to focus on
    1. If you hit cancel the script ends
  2. After your select the collection and hit ok it will get all of the devices in that collection which are powered on, and cannot access a maintenance/private disk image
  3. For each of the devices in that list it checks to see if they have the latest vDisk version, or if they have the correct OverRide version.
    1. If they do then it tells you the device is on the correct version, and moves on to the next device
    2. If they do not then it will pass the device name to the check function, and after moves on to the next device
      1. invokes powershell on the delivery controller to see if the VM is in use (powershell remoting required)
        1. If it is, it tells you it is in use and does nothing
        2. If it is not it will reboot the vm, and tell you

Here is the script!  Remember to test it before using it in a production environment.

 

Feb 092017
 

I recently ran into an issue after upgrading my XenDesktop environment to 7.12 from 7.11.  Prior to that update I was able to create MCS desktops in my XenServer pool with no issues.  After upgrading to 7.12 the newly created VMs would not register with the delivery controller, and according to XenServer they did not have the tools installed.  I found that the network card didn’t even appear in Network Connections, and in device manager it showed up as a Realtek adapter instead of the XenServer PV device it should have.

After further investigation I found that the new VMs were created missing some things in XenServer if compared to VMs which were working (xe vm-list name-label=<name of vm> params=all).  I posted on discussions.citrix.com to see if anyone had run into this issue before, and Carl Stalhood pointed me to this post.

Apparently, there is a private hotfix that will correct the problem, but it requries you do delete/re-create the machine catalog (which shows as the answer to the problem on the thread).  Reading through the post Paul Browne gives a much better/easier solution:
“Also in the short term to get your VM`s working correctly.

Shutdown the VM
putty or console into the XenServer

xe vm-list

(find UUID of the Vm you wish to fix)

xe vm-param-set has-vendor-device=true uuid=<UUID of the VM>

It should now work as expected.”

I wrote this PowerShell script to perform the operation, that Paul gives above, automatically across multiple VMs.  Requires Powershell v3, scripts enabled (set-executionpolicy to change it), and XenCenter to be installed on the machine the script is run from.  Read the comments of the script to see an explanation of what the script is doing.

Dec 052016
 

Background

Using Citrix Profile Management with profile streaming enabled should keep your logon times pretty low.  Recently, they updated the version of our Antivirus (Trend Micro) to the latest, and suddenly I started seeing desktops fail with “session prepare failure” errors.  After much investigation it had something to do with the behavior monitoring feature of the AV software hanging Citrix Profile Management long enough to cause the desktop to freeze/unregister.  Turning off the profile streaming option fixed that issue.

Since then I have noticed logon times have skyrocketed.  I used to see an average logon time of about 30 seconds, and after disabling profile streaming I see average times well over 1 minute (some individuals as high as 5 minutes).

In order to try to get our logon times back down to a reasonable time I wrote a script to investigate the profile store.  I found a few folders which contain a ton of files – files that have to be copied in at each logon slowing things down.

The Fix

I wrote a blog post a while back about using a Powershell Script to redirect folders via symbolic links.  You can find that here http://www.citrixirc.com/?p=315.   We can use that same method to redirect “bad” folders, but using Citrix Workspace Environment Management instead (no need to learn how to script!).  NOTE: Users must have the “Create symbolic links” right!

Instructions

Of course, you are going to need WEM setup in your environment.  Carl Stalhood has a great step by step on how to set it up here http://www.carlstalhood.com/workspace-environment-manager/.

A couple of caveats I would add to his blog post:
If you are installing on a PVS image before shutting down your maintenance/private mode vdisk to re-seal, kill the Norskale Agent Host Service.  For whatever reason if you don’t do this it can cause your vms in standard mode to take an obscenely long time to shutdown.
If you have a PVS environment and you have redirected the WEM cache to the persistent drive use a startup task to refresh the cache, force restart the Norskale Agent Host Service, and start netlogon after.  If the cache doesn’t already exist WEM doesn’t seem to check with the WEM server.  You have to create the cache, and then restart the service so that it reads it, and force restarting the Norskale Agent Host Service will stop netlogon (dependent on it).  Chicken or the egg thing…

Assuming you have WEM setup and running:

Create a Folders and Files action that creates the redirected folder structure in the user home directory or where ever you want to put it.  In the \\server\share\VDIPaths (or whatever you name it) have the folder structure laid out for all the folders you wish to redirect (empty folders) – this is your folder “template” directory:
ie: \\server\share\VDIPaths\Recent
\\server\share\VDIPaths\IELocal\DOMStore
\\server\share\VDIPaths\GoogleChrome\Googlelocal
etc.

The source path is the folder you just created and the target is where you want to put it.  Make sure overwrite target if existing and run once are unchecked
120516_1959_UsingCitrix1.png

Under Options – Copy Directory Content (creates the folder structure in the user’s %homeshare% folder or where ever you put it), and make sure the Execution order is “0” – happens first.
120516_1959_UsingCitrix2.png

Next we need to perform 3 tasks for each folder you want to redirect to the user %homeshare%\VDIPaths folder (or where ever you decide to put it)

We will first move the existing data in the profile to the redirect location, second delete the existing data in the profile, and finally create the symbolic link.

Move

The first thing we do is create the move operation.  Name it whatever you want.  The source is the local profile path to the user, and the target is where we want to move the files
120516_1959_UsingCitrix3.png

Under the Options Tab select Move Directory Content and set the execution order to 1.  We want the “VDIPaths\Recent” folder to have been created already by the create task
120516_1959_UsingCitrix4.png

Delete

Set the source path to the directory you want to delete
120516_1959_UsingCitrix5.png

Under the Options Tab select Delete Files / Folders and set the Execution order to 2 as we want the files to be moved to the new location prior to deleting.
120516_1959_UsingCitrix6.png

Create the Symbolic Link

The Source will be the %homeshare% location, and the target will be the local profile path location.
120516_1959_UsingCitrix7.png

Under the Options tab set the action to Create Directory Symbolic Link and set the execution order to 3.
120516_1959_UsingCitrix8.png

Assign tasks

Assuming you have already setup configured users you can now assign the 4 tasks above to your test user or group.  Going forward you will only need to create the latter 3 tasks, and just make sure you update the “template” directory accordingly.

Assign the first task (create VDI_Paths in my case) setting always true
Assign the second task (Move Recent in my case) setting always true
Assign the third task (Delete Recent in my case) setting always true
Assign the 4th task (Recent_Symbolic_Link in my case) setting always true
120516_1959_UsingCitrix9.png

0 – Create VDI_Paths – copies the folder structure to the user’s %homeshare% directory
1 – Move Recent – moves the contents of %appdata%\Microsoft\Windows\Recent to %homeshare%\VDIPaths\Recent
2 – Delete Recent – deletes the %appdata%\Microsoft\Windows\Recent folder
3 – Recent_Symbolic_Link – Creates a symbolic link at %appdata%\Microsoft\Windows\Recent pointing to %homeshare%\VDIPaths\Recent

You end up with something that looks like this:
120516_1959_UsingCitrix10.png

If you click into the Recent symbolic link you will see it still looks like it is on the local C: drive as far as the path goes, but it is “redirected” to the path you specified.  If it does not work check the Norskale Vuem Agent.log file in the user profile, and look for the error.  If it is a permissions issue, then you probably have to allow the user to create symbolic links via gpo and/or local policy (I put it both places just to be sure it takes).
120516_1959_UsingCitrix11.png

I have done this for the following paths thus far with success

%appdata%\Microsoft\Windows\Recent – all the recent places/docs a user has opened
%appdata%\Microsoft\Signatures – Outlook signatures
%localappdata%\Apps\2.0 – This one is for clickonce apps – I also had to make another task to create the “Apps” folder in the local profile in case it doesn’t exist (only one that is different from the rest)
%localappdata%\Microsoft\Internet Explorer\DOMStore – some IE cache that gets quite large
%appdata%\Microsoft\Office\Recent – all recent Office docs
%localappdata%\Google – Chrome cache
%appdata%\Mozilla – Firefox cache
%localappdata%\Mozilla – Firefox cache
%localappdata%\Apps\Evernote – Evernote (unfortunately some of my users need this)
%localappdata%\WebEx – WebEx Cache

Once you are certain all of the existing data for each of your users has been moved to their %homeshare% directory (or where ever you put it) you can exclude those folders from UPM, and remove the Move/Delete tasks.  It won’t hurt to leave them though…

Sep 302016
 

Environment

XenApp 7.6

700+ Delivered (published) Applications

60+ Windows servers (2008 R2 and 2012 R2)

 

Scenario

Recently I had a request to replicate 100+ applications from PROD to QA, using QA server configured with identical applications and identical application locations/paths. Obviously all paths to EXE files need to be the same in order for this to work 100% (unless I missed a memo and XA can now support publishing of identical applications from various paths.  As far as I know, this was not yet available in 7.6).  If QA server has some of the applications in different paths, not all is lost. You can still use this process and script to migrate large number of applications between delivery groups and then modify paths later in Studio.

While I could add few more lines to my PoSH script to actually replicate each application at a time, amount of time it took me to create this script and ability to duplicate applications in Studio seemed unnecessary.

My goal was to replicate, or proper Citrix term would be duplicate all applications and then assign them to another delivery group. Seems simple enough for Citrix and PoSH guru. But for those who are just getting their feet wet could use following process to speed up their delivery time to less than 5 mins and go look for the end of the Internet, while telling client it took you hours 😉

 

Process

1 – I will be duplicating all requested applications using ol’ Citix Studio.

2 – I will run script below to change Delivery Group and application folder, as visible by the user (you mileage might vary, depending on your requirements)

This script/process is no rocket science, but might help someone to quickly replicate applications and migrate them to another delivery group, instead of publishing them over again.  Modify script below according to your environment before running it.  (WARNING: It is fairly simple script, so review and try to understand exactly what this script is doing, before executing it.)  Also, I am no expert when it comes to creating powershell scripts, but just another Citrix admin.  So, pardon if you can make it better.  Please do improve and share!  I am all for helping fellow Citrix admins anyway I can.  Even if it’s buying a pint!

 

Step 1

citrixirc1Create alternative application folder in Studio.  For our scenario I am going to create folder named “QA” inside already created “Europe” folder.

Right-click on all applications that you need to replicate in QA (you can select multiple applications at once).

Click Duplicate Application 

Now select all duplicates and drag them over to QA folder.  In my scenario I will be dragging these to Europe\QA.

Step 2

Below script will prompt for the admin folder name where all the duplicates reside (that’s the new folder you just created.  In my example it’s called Europe\QA).  I repeat- do not select your production applications folder, as script will move all your production apps to new delivery group.  Use newly created QA folder where you moved all duplicate applications to in step 1 above.

It is assumed that new delivery group is already created.

Another item to note; there is an optional line (in yellow) to change client-side folder location of newly created applications.  This is to help users identify whether they are running PROD or QA applications. It also looks cleaner in Storefront or WI.  You can add more commands into Foreach loop.  Things like modifying users who have access, or changing actual name of the application and etc.  My goal was to keep all the same and just deliver from QA server.

Script

asnp Citrix*

$adminfolder = (Get-BrokerApplication -MaxRecordCount 10000).AdminFolderName | sort | select -unique | Out-GridView -Title "Select Admin Folder Name" -OutputMode Single
$applist = Get-Brokerapplication -AdminFolderName $adminfolder
$originalDG = (Get-BrokerDesktopGroup -MaxRecordCount 10000).Name | sort | Out-GridView -Title "Select Original Delivery Group Name" -OutputMode Single
$newDG = (Get-BrokerDesktopGroup -MaxRecordCount 10000).Name | sort | Out-GridView -Title "Select New Delivery Group Name" -OutputMode Single

Write-Host "Migrating all applications in $adminfolder`nFrom $originalDG Delivery Group to $newDG Delivery Group" -ForegroundColor Green

foreach ($app in $applist.ApplicationName){
                Write-host "Migrating $app"
                Get-BrokerApplication -ApplicationName $app | Add-BrokerApplication -DesktopGroup $newDG
                Get-BrokerApplication -ApplicationName $app | Remove-BrokerApplication -DesktopGroup $originalDG
                Get-BrokerApplication -ApplicationName $app | Set-BrokerApplication -ClientFolder "Europe\QA" #optional to show all applications inside QA folder and not in the same folder with production apps
 }

Bonus

BTW, using similar add-brokerapplication command you can publish, or rather deliver same application from multiple delivery groups.  Just comment out remove-brokerapplication command and it will now launch from servers in prod and qa, or any other DG of your choice.  Comes really handy when you have multiple DGs that host different applications, but some of the applications are identical.  You can spread the load across multiple DGs.  Think of it as a worker groups concept in XA 6.x with server groups.   I had such requirement that was easily achievable in XA 6.x, but not so much in XA 7.x.  I paid for someone’s case of beer when they told me that I can use above mentioned command to deliver same application from multiple DG’s, as it’s not clearly documented by Citrix. There is a surprise…

That’s all folks. My first ever citrixirc blog.  Whoo-hoo!

Over and out.

Jul 252016
 

As in my previous post we are querying the Citrix monitordata tables in SQL instead of doing web queries against ODATA because it is super fast.

The script needs to run as a user who has at least read rights to the database.  Just like the original it will query the monitordata tables to gather the information, but I think I have improved on the queries a bit.  Also, just like the original it gets a lot more information than what is actually needed, so the queries can be used again for other information (logon duration reporting, accessing outside vs inside report, client version reports, etc.).  Feel free to edit and use this script as you see fit.

Here is the updated script!  Pay attention to anything marked with multiple hashes (####).  It is referencing something you need to change for your environment (ie: sql server name), or items of note.

Here is an example of the updated report.

Report

Jul 212016
 

CLICK HERE FOR UPDATED VERSION

My boss wanted a report to show the usage of our XenDesktop environment (desktop sessions only), so I wrote a script that queries the delivery controller once per minute to get sessions.  It then writes that information to an .xml file, and then I have another script that reads the .xml file to report on usage.  Well, that is a bit complicated, and all that data already exists in the ODATA in director.  I have demonstrated how to query that data in a previous script I wrote to get logon times, but gathering each web table and then combining can take a long time.

That ODATA information is also in the monitordata tables of your Citrix database (which is split off into a separate database from the main database after 7.8 I think), and querying SQL is A LOT faster!

The script I wrote needs to be run as a user who has at least read rights to the database.  It will query the monitordata tables and combine the information into an array which can output the information we want.  For example if you query monitordata.session it will give you all the sessions, but the only indication of which user launched that session is the UserID field… which is just a number.  You have to join monitordata.session and monitordata.[user] in order to figure out who it actually was in that session.  The query I wrote actually gets a lot more information than is needed for this script, so I can use it as a basis to write more scripts.  Feel free to use this as a base for your own scripts… if you do note that all the date/time values in the database are UTC time.

Here is the script!  Be sure to pay attention to anything marked with ####

Here is an example report email.

Capture

Jun 212016
 

This will be short and sweet (hopefully sweet).  If you have a session recording server setup you may notice that the entries/files don’t go away on their own.  Here is how to clean them up:

Just create a scheduled task to run the code below once per day (as system – elevated):

C:\Program Files\Citrix\SessionRecording\Server\Bin\icldb.exe remove /RETENTION:7 /DELETEFILES /F /S /L

remove = remove from the database
/RETENTION = days of files to keep (above code will keep 7 days)
/DELETEFILES = delete files as well
/F = Force
/S = Suppress copyright
/L = Log to event log

Me being the powershell lover that I am created a script (one liner below), saved the .ps1, and created a scheduled task to run powershell calling my script.
StartProcess -FilePath ‘C:\Program Files\Citrix\SessionRecording\Server\Bin\icldb.exe’ -ArgumentList “remove /RETENTION:7 /DELETEFILES /F /S /L”

May 062016
 

If you have tried to use Windows 10 in XenDesktop with Citrix Profile Management you have probably run into two major issues.

The Issues
The first issue is the start menu… which is now a database located at %localappdata%\TileDataLayer\Database.  At logoff when profile manager tries to copy it off it can’t due to services locking the files.  This results in the user logging on and their start menu not working.

The second issue revolves around SMB2/3.  SMB1 would close files as soon as it was done with them, but 2/3 leave them open for a little longer in case they are requested again.  This means when a user logs off and their Pooled Random desktop shuts down file locks can remain in the profile store if the shutdown process happens too fast (which it does 99% of the time).  Basically, if a user was to logoff and then try to log back on in a short period of time their logon would be greatly delayed due to the “ghost” file locks.

The Workarounds
Start Menu – This one is a bit tricky.  When a user logs off we need to stop the Tile Data model server and State Repository Service (in that order) so that profile manager can copy the start menu database off to the user store.  Here is the rub… a normal user cannot stop these services, so you can’t use a logoff script!  Here is what you do… logon as a local administrator and…

  1. Create a powershell script on the root of C:\ – name it logoff.ps1
    1. Open powershell_ise.exe as administrator and write these 2 lines in the white space at the top (if no white space hit the new button to create a new script).
      stop-service tiledatamodelsvc -force
      stop-service staterepository -force
    2. Save it as C:\logoff.ps1 (or put it where ever you want – just remember where it is)
  2. Right click the start menu – hit run – type in taskschd.msc and hit ok
  3. Right click the Task Scheduler Library node and select Create Basic Task…
  4. Name it whatever you want – I named mine logoff – hit next
  5. Select “When a specific event is logged” on the next screen and hit next
  6. Under Log: start typing “Sec”  the Security log should show up
  7. Under Source type in “Microsoft Windows security auditing” (no quotes)
  8. Event ID will be 4647 – hit next
  9. leave Start a program selected – hit next
  10. in the program/script blank C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  11. in the add arguments blank “-executionpolicy unrestricted -file c:\logoff.ps1” (no quotes) – if you put the script somewhere else make sure you have the path correct.
  12. click next, and on the next screen check the box “Open the Properties dialog…” and hit Finish
  13. Click Change User or Group, type in “system” (no quotes) and hit ok
  14. Check “Run with highest privileges”, and hit ok

Now when a user initiates a logoff the system will stop the Tile Data model server and State Repository Service.  This will allow profile manager to copy off the start menu database.

Ghost File locks
This one is pretty easy – we just delay the shutdown with a shutdown script.  This allows the file locks to be released at shutdown.  Here is what you do… (you should still be logged on as a local administrator)

  1. Run powershell_ise.exe as administrator and type these 2 lines in the white space at the top… again if no white space hit the new button.
    stop-service brokeragent -force
    start-sleep -s 30
  2. Save it as C:\shutdown.ps1 (or where ever you want)
  3. Right click the start menu – hit run – type in gpedit.msc
  4. Under “Computer Configuration\Windows Settings\Scripts” double click on Shutdown
  5. Click the PowerShell Scripts tab
  6. Click Add – browse to the script you just created – hit ok
  7. Hit Ok again on the shutdown properties box, and close the local group policy editor

At shutdown this script will kill the brokeragent service (just in case delaying the shutdown would allow the desktop to appear “available” again), and delay the shutdown by 30 seconds.  This allows all file locks in the profile manager store to be released.

Bonus – UPM policy settings for Windows 10 (These are mine, so you may need to tweak for your environment – of course redirect all you can)

Exclusion list (registry) 
Software\Microsoft\Office\15.0\Excel\Resiliency
Software\Microsoft\Office\15.0\PowerPoint\Resiliency
Software\Microsoft\Office\15.0\Word\Resiliency
Software\Microsoft\Office\15.0\OneNote\Resiliency
Software\Microsoft\Office\15.0\Outlook\Resiliency
Software\Microsoft\Internet Explorer\Recovery

Exclusion list – directories
$Recycle.Bin
$Recycle.Bin
AppData\Local\Microsoft\Windows\Burn
AppData\Local\Microsoft\Windows Live
AppData\Local\Microsoft\Windows Live Contacts
AppData\Local\Microsoft\Terminal Server Client
AppData\Local\Microsoft\Messenger
AppData\Local\Microsoft\OneNote
AppData\Local\Windows Live
AppData\Local\Sun
AppData\Local\Google\Chrome\User Data\Default\Cache
AppData\Local\Microsoft\Windows\Temporary Internet Files
AppData\Local\Temp
AppData\LocalLow
AppData\Roaming\Sun\Java\Deployment\cache
AppData\Roaming\Sun\Java\Deployment\log
AppData\Roaming\Sun\Java\Deployment\tmp
AppData\Roaming\Citrix\PNAgent\AppCache
AppData\Roaming\Citrix\PNAgent\Icon Cache
AppData\Roaming\Citrix\PNAgent\ResourceCache
AppData\Roaming\ICAClient\Cache
AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys
AppData\Roaming\Macromedia\Flash Player\#SharedObjects
AppData\Roaming\Microsoft\Excel
AppData\Local\Microsoft\Internet Explorer\Recovery
AppData\Roaming\Microsoft\Word
AppData\Roaming\Microsoft\Powerpoint
AppData\Local\Microsoft\Windows Mail
AppData\Local\Microsoft\Office\15.0\OfficeFileCache
AppData\Roaming\Dropbox
AppData\Local\Dropbox
Dropbox
AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
Sharefile
AppData\Roaming\Microsoft\Templates\LiveContent
AppData\Local\Downloaded Installations
AppData\Local\Cisco\Unified Communications\Jabber\CSF\Voicemail
AppData\Local\Cisco\Unified Communications\Jabber\Voicemail
AppData\Local\Microsoft\Windows\Themes
AppData\Local\Microsoft\Windows\WER
AppData\Local\Microsoft\Windows\WebCache.old
AppData\Local\ATT Connect
AppData\Roaming\Sharefile\Outlook
AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
AppData\Local\Skype
AppData\Local\Assembly\dl3
AppData\Local\Cisco\Unified Communications\Jabber\Crash Dump
AppData\Local\Cisco\Unified Communications\Jabber\CSF\Logs
AppData\Roaming\Microsoft\Internet Explorer\UserData
AppData\Roaming\Spotify
AppData\Local\Spotify
AppData\Local\Microsoft\Windows\PriCache
AppData\Local\Packages
AppData\Local\Microsoft\Windows\Application Shortcuts
OneDrive
AppData\Local\Microsoft\CLR-v4.0_32
AppData\Local\Microsoft\GameDVR
AppData\Local\Microsoft\Group Policy
AppData\Local\Microsoft\Media Player
AppData\Local\Microsoft\OneDrive
AppData\Local\Microsoft\PlayReady
AppData\Local\Microsoft\Windows\1033
AppData\Local\Microsoft\Windows\Caches
AppData\Local\Microsoft\Windows\Explorer
AppData\Local\Microsoft\Windows\GameExplorer
AppData\Local\Microsoft\Windows\Notifications
AppData\Local\Microsoft\Windows\Ringtones
AppData\Local\Microsoft\Windows\RoamingTiles
AppData\Local\Comms

Exclusion list – files
AppData\Local\Microsoft\Windows\UsrClass.dat*
*thumb*.db
*icon*.db

Files to synchronize
AppData\Local\Microsoft\Office\*.qat
AppData\Local\Microsoft\Office\*.officeUI
AppData\LocalLow\Google\GoogleEarth\*.kml
AppData\Roaming\Microsoft\Excel\Excel*.xlb
AppData\LocalLow\Sun\Java\Deployment\deployment.properties
AppData\Roaming\ShareFile\Outlook\config.cfg
AppData\Roaming\ShareFile\Outlook\log.txt

Directories to synchronize
AppData\Roaming\Microsoft\Credentials
AppData\Roaming\Microsoft\Crypto
AppData\Roaming\Microsoft\Protect
AppData\Roaming\Microsoft\SystemCertificates
AppData\Local\Microsoft\Credentials
AppData\Roaming\Microsoft\Excel\XLSTART
AppData\Roaming\Microsoft\Word\STARTUP
AppData\LocalLow\Sun\Java\Deployment\ext
AppData\LocalLow\Sun\Java\Deployment\security

Folders to mirror
AppData\Local\Microsoft\Windows\INetCookies
AppData\Local\Microsoft\Windows\WebCache
AppData\Roaming\Microsoft\Windows\Cookies

Process Internet Cookie files on logoff  – Enabled

Process logons of local administrators – Enabled

Profile streaming – Enabled

Path to user store – \\server\share\%username%.%userdomain%\!CTX_PROFILEVER!!CTX_OSBITNESS!

Enable Profile management – Enabled

One more bonus!!
Based mostly on this Citrix blog – Windows 10 Optimization for XenDesktop – I wrote a powershell script to automatically optimize your Windows 10 gold PVS image… available HERE.

Nov 052015
 

As a Citrix CSP, having a good set of scripts to deploy a base environment is critical. Setting up 50 environments by hand would take far more time than with good scripting. Now that I’ve finally had some time to sit down and not be working on 6.5 stuff, I have been able to write scripts to install and configure XenDesktop 7.6 with Storefront 3 using PowerShell (and some batch). Full disclosure! I am NOT good at PowerShell, or scripting in general. I’m sure there are a million better/easier ways to do these things, but what I have works, dammit. The point of this blog is to show you the commands, and what they do. I will attach my final scripts where you can tune and tweak as needed.

As always, credit where credit is due. I took some code from Aaron Parker from here. I also took some code from Eric from here. Lastly, I’d like to give a BIG THANKS to Esther Barhel (@virtuEs_IT) for helping me out with the non-documented Storefront 3 PowerShell commands.

If you have read my blog, most of my environments are built for the SMB/SMG space. That being said in this blog we will be setting up a single instance configuration. There will be a single server with both the XDC and Storefront roles on it. You could easily take this code to add additional XDCs or Storefront servers to your environment. I will be using code snippets to explain what they are for during the blog.

The first thing we want to do is install XenDesktop. As this is a small environment, we are going to use SQL Express on the XDC. Personally, I do not like to use SQL instances, so in my configuration I am going to install SQL with the default instance instead of the SQLEXPRESS instance. For this, I have created a directory with the XD7.6 disk extracted and shared on the network. I then created a SQL directory and extracted SQL2014 Express in there. I shared this directory out as XA76. (Long live XenApp!)

Installing SQL and XenDesktop

This first “Script” simply does a net use to the share, installs SQL, then installs XenDesktop with only the Controller and Studio roles. Note that you do not want to install Storefront yet. This script will reboot the server. As a scripting/PowerShell noobie, I learned a lot during this. For example. In PowerShell, the use of –% tells PowerShell to stop parsing code after those characters. This helped me a lot because PowerShell was trying to parse the \’s and /’s and failing miserably.

net use --% x: \\10.56.90.20\XA76
x:
cd '.\SQL'
write-host "Installing SQL"
 .\SETUP.EXE --% /QS /ACTION=install /FEATURES=SQL,Tools /INSTANCENAME=MSSQLSERVER  /IAcceptSQLServerLicenseTerms=true
cd ..
cd '.\x64\XenDesktop Setup'
write-host "Installing XenDesktop"
.\XenDesktopServerSetup.exe --% /components CONTROLLER,DESKTOPSTUDIO /NOSQL /quiet /configure_firewall
shutdown -f -r -t 2

XenDesktop Configuration

After the server is done rebooting, we can start with the configuration of the XenDesktop Site. First thing we want to do is setup the databases. I’m going to setup the default databases to the local system we just installed SQL on, using the NetBIOS Name of the domain as the site name. In this example $NBN is NetBIOS Name.

New-XDDatabase -AllDefaultDatabases -DatabaseServer $env:COMPUTERNAME -SiteName $NBN

The next thing we want to do is setup the Site. In my configuration, I use the NetBIOS name and append it to the DBs. In this example $LDB would be CitrixConfigLoggingTEST where TEST is the NetBIOS name. The same is done with the Monitor Database and Site Database.

New-XDSite -DatabaseServer $env:COMPUTERNAME -LoggingDatabaseName $LDB -MonitorDatabaseName $MDB -SiteDatabaseName $SDB -SiteName $NBN

Next, we want to setup licensing. This is pretty self-explanatory. This sets the license server and the port. IT then sets the product and edition. I generally use a generic DNS name for the licensing server, “ctxlicesnse” in this example, that points to the license server IP address. Then this sets up the product code and product edition. My example shows a setup for XenDesktop Advanced edition. You can get these variables with the following commands.

PS C:\> Get-ConfigProduct

Code                    Name
----                    ----
XDT                     XenDesktop
MPS                     XenApp
PS C:\> Get-ConfigProductEdition -ProductCode XDT
PLT
ENT
APP
ADV
STD

Here is my code to add licensing.

Set-XDLicensing -LicenseServerAddress ctxlicense -LicenseServerPort 27000
Set-ConfigSite -LicensingModel Concurrent -ProductCode XDT -ProductEdition ADV

Next, we setup a Machine catalog. This assumes that we already have at least one VDA setup, already pointed to this Delivery Controller. This is a simple persistent desktop Machine Catalog. This is setup for XenApp type Full Desktops (MultiSession), and we add the first XD box to the Machine Catalog.

New-BrokerCatalog -SessionSupport MultiSession -ProvisioningType Manual -AllocationType Random -Name 2012R2 -Description 2012R2 -PersistUserChanges OnLocal -MachinesArePhysical $true
New-BrokerMachine -MachineName TEST-RDU-XD-01 -CatalogUid 1

This next bit of code sets up the Desktop Group. This code snip was taken from Aaron Parker’s blog here and edited for my using. I encourage you to read his blog page to understand what this stuff does. It is much more involved than my code, and does a great job setting up the delivery group. I will try to break down the piece for all of us though. Let’s walk through the variables first.

$XDC = $env:COMPUTERNAME
$assignedGroup = "$NBN`\$NBN`_CTX_Desktop"
$desktopGroupName = "Some Desktop Group"
$desktopGroupPublishedName = "Some Desktop Group"
$desktopGroupDesc = "Some Desktop Group"
$colorDepth = 'TwentyFourBit'
$deliveryType = 'DesktopsandApps'
$desktopKind = 'Shared'
$sessionSupport = "MultiSession"
$functionalLevel = 'L7_6'
$timeZone = 'EST Eastern Standard Time'
$offPeakBuffer = 10
$peakBuffer = 10
$machineCatalogName = "2012R2"

You can set a TON of stuff in here, and it can get complicated when you are doing MCS/PVS and stuff. In this example, we are setting up a XenApp Full Desktop to the Machine Catalog we created above (2012R2). $deliverytime can be DesktopsOnly, DesktopsandApps, or AppsOnly. $deliverykind can be Shared or Private. $sessionSupport can be MultiSession or SingleSession. This is a new environment, with all 7.6, so we set the $functionalLevel to L7_6. This can be set to 5, 7, or 7.6. There are so many other commands in here that Aaron has detailed; I won’t go into them here. The command I have used for this example is below.

New-BrokerDesktopGroup -ErrorAction SilentlyContinue -AdminAddress $XDC -Name $desktopGroupName -DesktopKind $desktopKind -DeliveryType $deliveryType -Description $desktopGroupPublishedName -PublishedName $desktopGroupPublishedName -MinimumFunctionalLevel $functionalLevel -ColorDepth $colorDepth -SessionSupport $sessionSupport -InMaintenanceMode $False -IsRemotePC $False -SecureIcaRequired $False -Scope @()

The next thing we need to do is to add machines to the desktop group.

$machineCatalog = Get-BrokerCatalog -AdminAddress $XDC -Name $machineCatalogName
Add-BrokerMachinesToDesktopGroup -AdminAddress $XDC -Catalog $machineCatalog -Count $machineCatalog.UnassignedCount -DesktopGroup $desktopGroup

Then we want to add users to the desktop group

$brokerUsers = New-BrokerUser -AdminAddress $XDC -Name $assignedGroup
New-BrokerEntitlementPolicyRule -AdminAddress $XDC -Name ($desktopGroupName + "_" + $Num.ToString()) -IncludedUsers $brokerUsers -DesktopGroupUid $desktopGroup.Uid -Enabled $True -IncludedUserFilterEnabled $False

Lastly, we want to allow access through Access Gateway

New-BrokerAccessPolicyRule -AdminAddress $XDC -Name $accessPolicyRule -IncludedUsers @($brokerUsers.Name) -AllowedConnections 'ViaAG' -AllowedProtocols @('HDX','RDP') -AllowRestart $True -DesktopGroupUid $desktopGroup.Uid -Enabled $True -IncludedSmartAccessFilterEnabled $True -IncludedSmartAccessTags @() -IncludedUserFilterEnabled $True

Here is the full script from start to finish.

add-pssnapin c*
$XDC = $env:COMPUTERNAME
$nbn = $env:USERDOMAIN
$assignedGroup = "$NBN`\$NBN`_CTX_Desktop"
$LDB = "CitrixConfigLogging" + $nbn
$MDB = "CitrixMonitor" + $nbn
$SDB = "Citrix" + $nbn

# Desktop Group properties
$desktopGroupName = "Some Desktop Group"
$desktopGroupPublishedName = "Some Desktop Group"
$desktopGroupDesc = "Some Desktop Group"
$colorDepth = 'TwentyFourBit'
$deliveryType = 'DesktopsandApps'
$desktopKind = 'Shared'
$sessionSupport = "MultiSession"
$functionalLevel = 'L7_6'
$timeZone = 'EST Eastern Standard Time'
$offPeakBuffer = 10
$peakBuffer = 10
$machineCatalogName = "2012R2"

write-host "Creating Citrix Databases"
New-XDDatabase -AllDefaultDatabases -DatabaseServer $env:COMPUTERNAME -SiteName $NBN

write-host "Setting up Site"
New-XDSite -DatabaseServer $env:COMPUTERNAME -LoggingDatabaseName $LDB -MonitorDatabaseName $MDB -SiteDatabaseName $SDB -SiteName $NBN

write-host "Setting up licensing"
Set-XDLicensing -LicenseServerAddress ctxlicense -LicenseServerPort 27000
Set-ConfigSite -LicensingModel Concurrent -ProductCode XDT -ProductEdition ADV

write-host "Setting up Machine Catalog"
New-BrokerCatalog -SessionSupport MultiSession -ProvisioningType Manual -AllocationType Random -Name 2012R2 -Description 2012R2 -PersistUserChanges OnLocal -MachinesArePhysical $true
New-BrokerMachine -MachineName TEST-RDU-XD-01 -CatalogUid 1

$VerbosePreference = "Continue"

write-host "Creating Desktop Group"

If (!(Get-BrokerDesktopGroup -Name $desktopGroupName -ErrorAction SilentlyContinue)) {
Write-Verbose "Creating new Desktop Group: $desktopGroupName"
$desktopGroup = New-BrokerDesktopGroup -ErrorAction SilentlyContinue -AdminAddress $XDC -Name $desktopGroupName -DesktopKind $desktopKind -DeliveryType $deliveryType -Description $desktopGroupPublishedName -PublishedName $desktopGroupPublishedName -MinimumFunctionalLevel $functionalLevel -ColorDepth $colorDepth -SessionSupport $sessionSupport -InMaintenanceMode $False -IsRemotePC $False -SecureIcaRequired $False -Scope @()
}
If ($desktopGroup) {

Write-Verbose "Getting details for the Machine Catalog: $machineCatalogName"
$machineCatalog = Get-BrokerCatalog -AdminAddress $XDC -Name $machineCatalogName
Write-Verbose "Adding $machineCatalog.UnassignedCount machines to the Desktop Group: $desktopGroupName"
$machinesCount = Add-BrokerMachinesToDesktopGroup -AdminAddress $XDC -Catalog $machineCatalog -Count $machineCatalog.UnassignedCount -DesktopGroup $desktopGroup

Write-Verbose "Creating user/group object in the broker for $assignedGroup"
If (!(Get-BrokerUser -AdminAddress $XDC -Name $assignedGroup -ErrorAction SilentlyContinue)) {
$brokerUsers = New-BrokerUser -AdminAddress $XDC -Name $assignedGroup
} Else {
$brokerUsers = Get-BrokerUser -AdminAddress $XDC -Name $assignedGroup
}

$Num = 1
Do {
$Test = Test-BrokerEntitlementPolicyRuleNameAvailable -AdminAddress $XDC -Name @($desktopGroupName + "_" + $Num.ToString()) -ErrorAction SilentlyContinue
If ($Test.Available -eq $False) { $Num = $Num + 1 }
} While ($Test.Available -eq $False)
Write-Verbose "Assigning $brokerUsers.Name to Desktop Catalog: $machineCatalogName"
$EntPolicyRule = New-BrokerEntitlementPolicyRule -AdminAddress $XDC -Name ($desktopGroupName + "_" + $Num.ToString()) -IncludedUsers $brokerUsers -DesktopGroupUid $desktopGroup.Uid -Enabled $True -IncludedUserFilterEnabled $False

# Check whether access rules exist and then create rules for direct access and via Access Gateway
$accessPolicyRule = $desktopGroupName + "_Direct"
If (Test-BrokerAccessPolicyRuleNameAvailable -AdminAddress $XDC -Name @($accessPolicyRule) -ErrorAction SilentlyContinue) {
Write-Verbose "Allowing direct access rule to the Desktop Catalog: $machineCatalogName"
New-BrokerAccessPolicyRule -AdminAddress $XDC -Name $accessPolicyRule -IncludedUsers @($brokerUsers.Name) -AllowedConnections 'NotViaAG' -AllowedProtocols @('HDX','RDP') -AllowRestart $True -DesktopGroupUid $desktopGroup.Uid -Enabled $True -IncludedSmartAccessFilterEnabled $True -IncludedUserFilterEnabled $True
} Else {
Write-Error "Failed to add direct access rule $accessPolicyRule. It already exists."
}
$accessPolicyRule = $desktopGroupName + "_AG"
If (Test-BrokerAccessPolicyRuleNameAvailable -AdminAddress $XDC -Name @($accessPolicyRule) -ErrorAction SilentlyContinue) {
Write-Verbose "Allowing access via Access Gateway rule to the Desktop Catalog: $machineCatalogName"
New-BrokerAccessPolicyRule -AdminAddress $XDC -Name $accessPolicyRule -IncludedUsers @($brokerUsers.Name) -AllowedConnections 'ViaAG' -AllowedProtocols @('HDX','RDP') -AllowRestart $True -DesktopGroupUid $desktopGroup.Uid -Enabled $True -IncludedSmartAccessFilterEnabled $True -IncludedSmartAccessTags @() -IncludedUserFilterEnabled $True
} Else {
Write-Error "Failed to add Access Gateway rule $accessPolicyRule. It already exists."
}

} #End If DesktopGroup

Installing Storefront

This portion of the scripting is going to do a bunch of things. It will install the pre-requisites for Storefront, including IIS. It installs Storefront. It imports a certificate and binds it to the default website. The sets up the initial Storefront base URL then finishes the configuration. The first thing I did was to copy the 3.x version of CitrixStoreFront-x64 into my share to the x64\StoreFront directory and overwrite the default one. Luckily, this works so we can use XenDesktopServerSetup.exe again to install it.

The first thing we are going to do is install the pre-requisites and install Storefront. Again, I am just going to do a net-use to my share and run everything.

net use --% x: \\10.56.90.20\XA76
Import-Module ServerManager
write-host "Installing Storefront Prereqs"
Add-WindowsFeature AS-Net-Framework,Web-Net-Ext45,Web-AppInit,Web-ASP-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Default-Doc,Web-HTTP-Errors,Web-Static-Content,Web-HTTP-Redirect,Web-HTTP-Logging,Web-Filtering,Web-Windows-Auth,Web-Client-Auth
x:
cd '.\x64\XenDesktop Setup'
write-host "Installing Storefront"
.\XenDesktopServerSetup.exe --% /components STOREFRONT /NOSQL /quiet

Next, we want to import the certificate and bind it to the default web site. First, we ask for the cert password.

$myPW = read-host -Prompt "Enter Cert Password here"

We then want to import the certificate and assign it to the default website. Copy the .pfx file to the root of C:\. You will need the thumbprint of the certificate to put in the XXXXXXXXXXXXXXXXXX location of the script.

$certpw = ConvertTo-SecureString -String $myPW -Force -AsPlainText
Import-PfxCertificate -filepath "C:\cert.pfx" Cert:\LocalMachine\My -Password $certpw
New-WebBinding -Name "Default Web Site" -IPAddress "*" -Port 443 -Protocol https
cd IIS:
cd .\SSLBindings
Get-Item Cert:\LocalMachine\My\XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX | new-item 0.0.0.0!443
c:

Storefront Configuration

This gets us all set to start configuring Storefront. We will first need to import the Storefront PowerShell modules.

. "C:\Program Files\Citrix\Receiver StoreFront\Scripts\ImportModules.ps1"

Let us take a look at some of the variables we will be using here.

$nbn = $env:USERDOMAIN
$GatewayAddress = "https://site.domain.com"
$Farmname = "XenApp76 Farm"
$Port = "80"
$TransportType = "HTTP"
$sslRelayPort = "443"
$LoadBalance = $false
$FarmType = "XenDesktop"
$fqdn = "$env:computername.$env:userdnsdomain"
$baseurl = "https://" + $fqdn
$SFPath = "/Citrix/" + $nbn.toLower()
$SFPathWeb = "$SFPath`Web"
$SFPathDA = "$SFPath`DesktopAppliance"
$GatewayName = "TEST-RDU-NS-01"
$staservers = "http://" + $fqdn + "/scripts/ctxsta.dll"
$snipIP = "10.56.13.9"

Again, keep in mind this is a small environment, so we will be using a single server for the XDC/Storefront roles. My $baseurl variable will resolve to https://server.domain.local. I set the store name to $nbn (NetBIOS Name), in this example it is TEST. Then using some simple PowerShell I set $SFPath, $SFPathWeb, and $SFPathDA to /Citrix/test, /Citrix/testWeb, and /Citrix/testDesktopAppliance respectively. You can set these variables as appropriate for your environment. The first command we want to run will do the initial configuration of Storefront.

Set-DSInitialConfiguration -hostBaseUrl $baseurl -farmName $Farmname -port $Port -transportType $TransportType -sslRelayPort $sslRelayPort -servers $fqdn -loadBalance $LoadBalance -farmType $FarmType -StoreFriendlyName TEST -StoreVirtualPath $SFPath -WebReceiverVirtualPath $SFPathWeb -DesktopApplianceVirtualPath $SFPathDA

The next thing I do here is setup the beacons. I set this up now because if you setup the gateway first, it sets the $baseurl as an external beacon. In my configuration, I do NOT want $baseurl to be an external beacon. At the time of writing this blog, Citrix has not written the full documentation for these PowerShell modules. I have already put in an RFE to get these up on Citrix’s site. That being said, I was not able to figure out HOW to remove an external beacon. The gateway module detects if you have any external beacons configured. If it detects none are configured, it automatically makes $baseurl and www.citrix.com the two external beacons. Setting up the external beacons is as simple as these commands.

$beaconID = ([guid]::NewGuid()).ToString()
Add-DSGlobalExternalBeacon -BeaconID $beaconID -BeaconAddress http://www.google.com
$beaconID = ([guid]::NewGuid()).ToString()
Add-DSGlobalExternalBeacon -BeaconID $beaconID -BeaconAddress http://www.citrix.com

Next, we are going to add a NetScaler gateway to the configuration. Reference the variables above. Not too much complicated in this command. This box is also the XDC, so the STA setup simply points to http://server.domain.local/scripts/ctxsta.dll.

$GatewayID = ([guid]::NewGuid()).ToString()
Add-DSGlobalV10Gateway -Id $GatewayID -Name $GatewayName -Address $GatewayAddress -Logon Domain -IPAddress $snipIP -SessionReliability $false -SecureTicketAuthorityUrls $staservers -IsDefault $true

The previous command creates the NetScaler gateway. We then have to enable NetScaler authentication and link this gateway to the store.

$gateway = Get-DSGlobalGateway -GatewayId $GatewayID
Set-DSStoreGateways -SiteId 1 -VirtualPath $SFPath -Gateways $gateway
Set-DSStoreRemoteAccess -SiteId 1 -VirtualPath $SFPath -RemoteAccessType "StoresOnly"
Add-DSAuthenticationProtocolsDeployed -SiteId 1 -VirtualPath /Citrix/Authentication -Protocols CitrixAGBasic
Set-DSWebReceiverAuthenticationMethods -SiteId 1 -VirtualPath $SFPathWeb -AuthenticationMethods ExplicitForms,CitrixAGBasic

This next command was from the Eric’s blog referenced above. This disables the check publisher’s certificate revocation to speed up console start-up

set-ItemProperty -path "REGISTRY::\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\" -name State -value 146944

Lastly we as we are using $fqdn as $baseurl, we will want to turn the loopback to OnUsingHTTP because the certificate is not going to match. You can look at more details on this command here.

Set-DSLoopback -SiteId 1 -VirtualPath $SFPathWeb -Loopback OnUsingHttp

There we have it. Storefront configuration is DONE, dude! All we need to do is setup an internal DNS cname to point site.domain.com to server.domain.local and we have single URL for internal/external access to your XenDesktop 7.6 environment.

Full Script is below.

# Certificate Password
#==================
$myPW = read-host -Prompt "Enter Cert Password here"

# StoreFront Parameters
#==================
$nbn = $env:USERDOMAIN
$GatewayAddress = "https://site.domain.com"
$Farmname = "XenApp76 Farm"
$Port = "80"
$TransportType = "HTTP"
$sslRelayPort = "443"
$LoadBalance = $false
$FarmType = "XenDesktop"
$fqdn = "$env:computername.$env:userdnsdomain"
$baseurl = "https://" + $fqdn
$SFPath = "/Citrix/" + $nbn.toLower()
$SFPathWeb = "$SFPath`Web"
$SFPathDA = "$SFPath`DesktopAppliance"
$GatewayName = "TEST-RDU-NS-01"
$staservers = "http://" + $fqdn + "/scripts/ctxsta.dll"
$snipIP = "10.56.13.9"

#write-host "Mapping Drive"
net use --% x: \\10.56.90.20\XA76
Import-Module ServerManager

write-host "Installing Storefront Prereqs"
Add-WindowsFeature AS-Net-Framework,Web-Net-Ext45,Web-AppInit,Web-ASP-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Default-Doc,Web-HTTP-Errors,Web-Static-Content,Web-HTTP-Redirect,Web-HTTP-Logging,Web-Filtering,Web-Windows-Auth,Web-Client-Auth
x:
cd '.\x64\XenDesktop Setup'

write-host "Installing Storefront"
.\XenDesktopServerSetup.exe --% /components STOREFRONT /NOSQL /quiet

#write-host "Copy certificate to C:\ before moving on"
#pause

write-host "Installing Certificate"
$certpw = ConvertTo-SecureString -String $myPW -Force -AsPlainText
Import-PfxCertificate -filepath "C:\wildcard.vc3advantage.com-NEW.pfx" Cert:\LocalMachine\My -Password $certpw
New-WebBinding -Name "Default Web Site" -IPAddress "*" -Port 443 -Protocol https
cd IIS:
cd .\SSLBindings
Get-Item Cert:\LocalMachine\My\8CE850C9DCD7C26DF8E8FD4C44BF7D9E586E8AD1 | new-item 0.0.0.0!443
c:

# Import Storefront module
#==========================
write-host "Installing Storefront Modules"
. "C:\Program Files\Citrix\Receiver StoreFront\Scripts\ImportModules.ps1"

# Setup Initial Configuration
#============================
write-host "Initial Storefront Configuration"
Set-DSInitialConfiguration -hostBaseUrl $baseurl -farmName $Farmname -port $Port -transportType $TransportType -sslRelayPort $sslRelayPort -servers $fqdn -loadBalance $LoadBalance -farmType $FarmType -StoreFriendlyName TEST -StoreVirtualPath $SFPath -WebReceiverVirtualPath $SFPathWeb -DesktopApplianceVirtualPath $SFPathDA

write-host "Configuring Beacons"
$beaconID = ([guid]::NewGuid()).ToString()
Add-DSGlobalExternalBeacon -BeaconID $beaconID -BeaconAddress http://www.google.com
$beaconID = ([guid]::NewGuid()).ToString()
Add-DSGlobalExternalBeacon -BeaconID $beaconID -BeaconAddress http://www.citrix.com

$GatewayID = ([guid]::NewGuid()).ToString()
Add-DSGlobalV10Gateway -Id $GatewayID -Name $GatewayName -Address $GatewayAddress -Logon Domain -IPAddress $snipIP -SessionReliability $false -SecureTicketAuthorityUrls $staservers -IsDefault $true
$gateway = Get-DSGlobalGateway -GatewayId $GatewayID
Set-DSStoreGateways -SiteId 1 -VirtualPath "/Citrix/test" -Gateways $gateway
Set-DSStoreRemoteAccess -SiteId 1 -VirtualPath /Citrix/test -RemoteAccessType "StoresOnly"
Add-DSAuthenticationProtocolsDeployed -SiteId 1 -VirtualPath /Citrix/Authentication -Protocols CitrixAGBasic

write-host "Disable check publisher's cert revocation"
set-ItemProperty -path "REGISTRY::\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\" -name State -value 146944

write-host "Setting Loopback to OnUsingHttp"
Set-DSLoopback -SiteId 1 -VirtualPath $SFPathWeb -Loopback OnUsingHttp
May 072015
 

Just a quick script to grab XenDesktop 7.x licensing info… would probably work on XA 7.x as well.  As the script is written it has to be run on the licensing server itself, but you could easily rewrite it with an “Invoke-Command” to allow it to run remotely.  You could also modify it to email you when the licenses go above a certain threshold, and set it as a scheduled task.  The script just does “get” commands, so there is no risk (as it is) to your environment… go nuts.

http://pastebin.com/97C7kxHq