Friday, December 28, 2012

Shadowing across firewall

While doing shadowing across firewall by default people guess 1494/2598 but that is not the case. Shadowing is tested RPD over RDP /RDP over ICA and both have different result. 

image

We captured wireshark trace and found that 139 and 445 which is not responding to send sync.

image

Once we opened above port shadowing started working. So for shadowing to work across firewall we need to open port 139/445/1494/2598

image

Thursday, December 27, 2012

Integrating VOIP 1: What would be best Citrix policy for SoftPhone

I had been testing softphone for a while now and was trying to find out what would be best Citrix policies for these softphone. I will be writing couple of series with regard to softphone, hence bear with me please :) .

We have tested following softphone on Virtual Hosted Desktop (VHD) and the mostly because of Call center manager setup which most of the organization have. Most organization uses MAC based extension registration and what does it mean in terms of virtualization, say if you are using Hosted Shared Desktop (XenApp) then it won't be possible to host softphone on XA. Even it is IP based extension registration it can be managed because Windows 2008 R2 allows you to have virtual IP . This changes are very difficult for voice team hence hosting such VOIP based application on XA does not work.

Soft Phone which we have tested so far

1.    Nortel
2.    Avaya
3.    Cisco
4.    Genesys
5.    CosmoDesk

All of them worked perfectly fine with Windows 7 as well as XP . Voice quality was perfect and close to that of physical desktop. To get the result  following set of  standard  XD policies had been used

image

Other then these policies many other factor contribute to this voice quality and some of them are

1. End device thin client /thick client

2. Receiver version used

3. End device operating system.

4. Headset used.

5. Voice codec used.

I will discuss some of the factor in my next posting. Till then thank you

Tuesday, November 27, 2012

Disk Size cannot be alter as it is used by running VM

We had an issue where VM were deleted but VHD where not able to delete . Button were grayed out

image

Virtual disk properties shows that it has two read only disk

image

Also VHD properties had following message "Disk size cannot be altered as the disk is already being updated or is in use by running VM

image

Finally to remove this we had enabled hidden object under view

image 

Those two read only disk can be stopped now and also can be deleted image

Friday, September 14, 2012

This operation can not be performed because the specific virtual disk could not be found

You will get the error message while starting the VM on XenServer "This operation can not be performed because the specific virtual disk could not be found"

image

After ejecting the mounted ISO VM booted normally

image

Thursday, September 13, 2012

Citrix Personal vDisk (565) dynamic expansion

Citrix has released latest version of PVD (Personal vDisk ) 565 which support dynamic expansion . What does it mean to you? Say you have created PVD of 10GB and for some reason you ran out of space

image

Space distribution is shown below

image

Now lets expand this P: drive from 10GB  to 15GB

image

And this is how space distribution changes

image 

Now say C: drive is full

image

Reboot  the VM and C: drive is expanded automatically

image 

This has been explained here

XenApp shadowing does not logoff user session

When helpdesk team close the shadowing session ICA shadowing session does not logoff from the server. Because of this reason no more shadowing will be allowed on this server by same users. Let's find out how does it happen . I am shadowing "citrix.test" using user "citrix.test" . This is what shown under App control center

image

When this session is terminated via Ctrl+ *

image

This will still be shown under App Center as disconnected

image

This disconnected session does not logoff  shadowing session gracefully. After looking at task manager it has been found that couple of process which was still running with PID

image

we were not able to kill Symantec Service Framework service even using local admin or domain admin

image

Created GPO and deliver following key using "Create" option

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\TWI

Value Name:LogoffCheckSysModules
Type:
REG_SZ
String: ccSvcHst.exe

image

as explained in CTX891671. After this registry changes Ctrl + * use to close the shadowing session.

How to set alias for Desktop Director URL

When desktop director is installed , it can be accessed via http://<server name >/Desktopdirector  . But DNS will not allow you to create alias , so you will be always need to type http://<server name >/Desktopdirector  . In order to get access via just server ie.  http://<Servername> we need to make change in IIS or create Default.htm file under wwwroot folder. Content of Default.htm will be  
Other way of doing is to redirect http request from http://<servername>/desktopdirector to http://<servername> from IIS
image

Friday, September 7, 2012

ClientName variable as hostname via Citrix AGEE

When hosted desktop is launch via AGEE it display the host name with something like WI_  . This makes some of the application behave weird which uses this variable. Mainly some CRM application which uses this hostname . This can be verified via running set command.

image 

To fix this small change on WI can help . Uncheck the below options

image

And after that when application like hosted shared desktop is launched it display the correct CLIENTNAME="workstationname"

image

Tuesday, August 28, 2012

How to manage XenApp 6.5 and XenDesktop 5.x using Desktop Director 2.1

Last time I wrote a blog and refer to blog by Dane Yong  http://blog.itvce.com/?p=408  for installing  DD which can integrate both XA and XD.  After that I tried following again and it never worked. There are several other blogs which says how to integrate XA6.5 and XD5.6 together. They also mention to use different ISO but here is what you need to do

  1. In this example we are using dedicated DD which does not have any other component.
  2. Mount XenDesktop 5.6 ISO image to the machine  and run Autorun.exe -> Install XenDesktop option -> deselect all options except Desktop Director
  3. On the bottom of the page where Desktop Director is selected, an input box will appear asking you to enter a controller in the XenDesktop site commence installation

                 image   

     4.   Open Internet Explorer – open the Desktop Director site, confirm XenDesktop site is enumerated successfully

     5.      Run IIS Manager, open the Application Settings for the DesktopDirector folder. Add the

                Service.AutoDiscoveryAddressesXA option with relevant XA server

image

6.  Open Internet Explorer and log in to the Desktop Director site again. Confirm that XenDesktop is enumerated successfully

      on the main landing page and that searching for a user shows their XenApp sessions too

image

You can reach out incase you are not able to make it work :P

How to capture memory dump of Windows 2003 PVS Streamed VMs

Prep XenApp vm to enable COM port debugging.

1. Logon to XenApp vm and run “msconfig” from command line.

2. Select “Boot.ini” tab, then click “Advanced Options” button and check to enable the following checkbox and selected values.

“/DEBUG”

“/DEBUGPORT=COM1:”

“/BAUDRATE=115200”

3. Reboot server to take effect

Attach a Virtual Serial Port to VM

While the target XenApp vm is running on Xenserver console command line issue the following command to enable virtual COM port redirection to a separate machine running sockpipe tool and Windbg:

#xe vm-param-set uuid=<UUID of the VM> other-config:hvm_serial="tcp:<<IP-of-the-Windbg-machine>>:7001"  

(can use any open ports beside port 7001 on the machine running sockpipe/Windbg) .  This command can be run even if the VM is not running.

Configure Debug session

1. From sockpipe/windbg machine disable Windows firewall or 3rd party Anti-virus/firewall, etc.

2. Start sockpipe via command line (run in administrator mode for the command line if it’s Win7 or Win2K8), and run command “sockpipe mypipe 7001”

"mypipe" is name given to the pipe being used to connect to the VM. This needs to be  unique for all the Debug Session and so should be the port number.

image

Start Windbg and select “File > Kernel Debug” and enter the following on the first COM tab:

· Baud Rate=115200

· Port=\\.\pipe\mypipe

· Check the “Pipe” check box

· Click OK button

image

If the VM is running then reboot the XenApp VM so the virtual COM port of the VM will be redirected to sockpipe/windbg machine IP address. If the VM is not running, just start the VM

How to Capture

When XenApp vm experience hang or freeze, on Windbg machine select “Debug > Break” within Windbg to enter break point.  On bottom of Windbg you can type the command

“.dump /f c:\temp\fulldump.dmp” (or whatever location you have enough free disk space to hold the entire memorydump of same size as the vm’s physical memory)

Now wait for the full memory to copy out of the VM thru it’s virtual COM port.

Download Dump Configurator from CTX129575  

Download Sockpipe

Source : Based on input provided by my colleague Vipul Tripathi

Sunday, August 5, 2012

Provisioning Server error : No ARP Reply

Environment :  

XS= 6.0.2 with latest patch
PVS =6.1 HF1 running on Dell R720
Target=Windows 7 32 bit VM
Hardware = Dell R720  , NIC =BCM57712
Core Switch : Nexus5K

Problem description:When the target's  were booted   it use to contact the PVS server but while downloading image ARP use to time out. This use to happen with few machine say 3 out 5 machine.

image

Troubleshooting :

1.      Broke the bond , tested with Xenbridge/Open V Switch mode
2.    Finally put the virtual PVS and DHCP on same VLAN , all the target worked booted perfectly. This gave us thought that intra VLAN something is wrong. This translate into layer 3 issue . When target and PVS are on same VLAN , layer 3 act as a     layer 2 and just f/w the packets.
3.    We decided to test something else , used the working VM mac with non -working VM and voila. This gave us déjà vu that something messed at layer 3.
4.    Now Q was how do I separate Nexus 5K in the core and create my own layer 3 on Dell switch to test intra VLAN testing. Dell blade switch M8024 can also act as layer 3. We created layer 3 VLAN with different gateway. Now we moved our v PVS on this network. We also had to extend our DB and AD to this PVS as well ? So we added static route to one leg of PVS. Now streaming traffic was in separate VLAN and Target were in separate VLAN. One target boots it does intra VLAN communication to PVS . PVS intern fetch those info from DB /AD using backend connection. This way I eliminated layer 3 Nexus . Above setup can only be replicated on single host

CISCO troubleshooting:

1.    Core had VPC configured on their Active /Standby pair. We decided to shut down one leg and see if this works. To our surprise every thing work.
2.    We captured two set of trace one with VPC shut down and one without VPC shut down.

Here is what we see when VM's work : When ARP request received by CISCO core they does return back the MAC address of the targets image

But when it does not work then it does not broadcast the MAC .

image

Basically, depending on the hashing algorithm of the Dell switch, a packet may arrive at either the HSRP active or standby.  If the packets arrived on the HSRP standby, it would forward it over the peer-link towards the HSRP active which would then result in the ARP reply being broadcast . For other streams, the Dell switch would send the packet to the HSRP active which would result in a unidirectional reply and this works fine. This turned out to be KNOWN bug and CISCSO advised them upgrade their IOS to 5.0(3)N2(2).

As per bug Symptom:
ARP response from the Nexus 5000 is sent as a broadcast instead of a unicast. Some TCP/IP implementations on Network interface cards do not accept a broadcast ARP response and will not install an ARP entry in their ARP database. Such
clients will not be able to access network resources.

Conditions:
When the arp request is received on the HSRP standby switch and sent over the peer link to the HSRP active switch.

Once the IOS upgraded , this fixed this problem

How STA works for typical XenDesktop Deployment

This post is dedicated to my colleague who has done wonderful analysis of how STA works .Contents is not as it as because some of them are internal to Citrix.image

1. User clicks Desktop link "POOLDG-01" to request a remote desktop connection, actually is requesting an ICA file

2. WI asks XMLService for the "Address" of required VDA.

3. WI asks XMLServcie for the "LaunchRef".

4. WI asks XMLServcie for the "LogonTicket" using below XML protocol

5. WI sends request to standalone STA for another Ticket, AG uses it for session validation as well as identify the VDA

       it should proxy ICA for

image

 

6. WI now has all the information needed, then it returns back the new wrapped ICA file to client
[POOLDG-01]

7. wfica32.exe works on client side to parse the ICA file and connect to remote VDA thru AG: ag01.homa.com:443

8. AG checks with Standalone STA on the Ticket passed in to check if session is valid
    Address=;40;STA5195C7C8D65F;81AF47C9F9859D64A7C84617FE904040

9. AG uses the "ServerAddress" to connect VDA on 192.168.1.81:1494, the LogonTicket then will be passed as a parameter LogonTicket=F41E843C8EC6F8C8055D679E545552

10. VDA asks DDCService to validate the Ticket, DDCService checks the Ticket information in IMA, redeems the Ticket, retrieved user's credential associated with Ticket

11. DDCService returns user's credential to VDA so that VDA could proceed with logon

 

For troubleshooting STA's issue :

1. How to Enable STA Logging on the STA Servers

2. The Status of the Secure Ticket Authority (STA) is Marked as DOWN for the Access Gateway Enterprise Edition Virtual Server

Saturday, July 28, 2012

Verint Impact 360: Playback does no show via Hosted Shared desktop

Verint playback don't play via Hosted shared desktop while it play via RDP session . When it played via RDP session it will show the wavelength like this
image
But when it played via Hosted share desktop then it is played like this
image
For this to work we have to make sure we have compatible IE at Agent and Server side . Following are the setting suggested by Verint
Impact 360 QM & Analytics has been tested and is now fully compatible with Microsoft Windows 7 32-bit Operating System, Microsoft Windows 7 64-bit Operating System and Internet Explorer 8 (IE8) Compatibility mode.
Compatibility mode can be set using one of the following ways:
• Setting Client Website IE8 Compatibility View
• Setting Server Website IE8 Compatibility View
Record on Demand (ROD) was modified so that the latest Desktop installation can work with Windows 7 32-bit and Windows 7 64-bit successfully. This latest version ensures that all desktop applications run in the Windows 7 32 bit Operating System and IE8 Compatibility mode environment.
IE8 Compatibility Mode
Microsoft enables you to work with IE8 in Standard mode and in Compatibility mode. Impact 360 QM & Analytics V10 only supports IE8 when IE8 is working in Compatibility mode.
IE8 Compatibility mode allows content designed for previous web browsers to still function properly when using the Internet Explorer 8 browser. Although sites on the public internet display in the IE8 Standards Mode by default, switching in and out of Compatibility View (between IE7 and IE8 modes) happens automatically without a browser restart.
A new user interface button () located in the navigation bar just to the right of the address bar (next to the refresh button) controls the Compatibility View feature.
To work in Compatibility mode, click the Compatibility View button as shown in the following screen:
image
Setting Client Website IE8 Compatibility View Each client can set IE8 Compatibility mode by adding or removing websites, to the compatibility view using the Internet browser.
To add or remove websites to the Compatibility View:

1  From the browser click Tools > Compatibility View Settings. The Compatibility View Settings window displays.
image
2  Enter the name of the website you want to add in the Add this website field and click Add.
Setting Server Website IE8 Compatibility View
By setting the Hub server Impact 360 Portal websites to IE8 Compatibility view clients can view the Portal content without having to manually add or remove websites to the browser Compatibility view.
The following Portal websites must be set on each Hub server with IIS installed:
•Ultra
•businessobjects
•FillOut
•FormManagementWS
•MdalWS
•SpeechAnalytics
•Toolbox
•UserManager
•UltraGlobalizer
To set properties of Portal websites on Hub servers:
1 Right click My Computer and select Manage. The Computer Management window displays.
2.  From the Computer Management (Local) tree on the left pane, select Services and Applications>Internet Information Services (IIS) Manager>Web Sites>Default Web Site.
3 . Right click on the Ultra website and select Properties. The Ultra Properties window displays.
NOTE
The following websites can also be configured in the same way from the Default Web Site node: businessobjects, FillOut, FormManagementWS, MdalWS, SpeechAnalytics, Toolbox, UserManager, UltraGlobalizer.
4  From the HTTP Headers tab click Add. The Add/Edit Custom HTTP Header window displays.
image
5 . In the Custom header name field enter the following name: X-UA-Compatible
6 . In the Custom header value field enter the following value: IE=EmulateIE7
7 . Click OK>Apply>OK.
8  . If the Inheritance Overrides window opens, click Select All.
image
Also if above setting does not work , check with Verint , they have few patches which they can share to make it work . It require multimedia pack to do the play back
clip_image002

Friday, June 29, 2012

Unable to connect to the management console after PVS 6.1 config was successful

I was trying to configure PVS6.1 setup on windows 2008R2, configuration went successful but I tried to connect to server using console got following error : Event ID 11 Cannot establish a connection to the database because the server cannot be found

image

When the PVS config wizard run it usually populate registry with  the database info in encrypted format. But in my case this was missing

clip_image002

I checked the CTX129060 and policy was applied as mention

clip_image002[6]

We captured processmon and it has some info

image

Following CTX129161 explain to change value to 1 but we had this value , what we did changed to 0 and that worked for us

clip_image002[8]

Monday, June 11, 2012

How to change AGEE login page widget and remove Fileshare tab

When login to AGEE with NS version 9.3 , you will see screen like shown below. Sometime customer don't want to show File Share tab as well as shrink this widget .

image

This has been documented in CTX120643 but it mention some wrong line number for NS build 9.3. For NS build 9.3 change the following under homepage.html file at /netscaler/portal/template/homepage.html. Add as suggested in CTX120643 and shown below at like 602.

image

Once this is done you also need to rearrange the block for that make the changes in same line at line number 567 to the value

image

Save this setting as discussed in CTX12643

image

Now the page will look like this

image