Thursday, February 16, 2012

Integrating IBM Tivoli Access Manager for Enterprise Single Sign-On 8.0 on XenDesktop 5.5

IBM TAM-ESSO use its own GINA called engine.dll. When a new user logs on from the AccessAgent GINA, the private desktop first verifies that the user is a valid user, and then creates a Windows desktop for that user. It then loads the user's Windows profile, and creates the user's shell (starting Windows Explorer, and so on) for the user to interact with the desktop. When we install XD 5.5 VDA , it has its own GINA picagina.dll which works along with Microsoft GINA which is MSGINA. It is very important to understand how this authentication will take place as you want WI to perform AD based authentication for the VDA.

In order to integrate we should follow the order of installation of SSO and VDA. First AM-SSO is installed on Virtual Desktop.

To install use executable and it will walk you through installation wizard

  1. Double click and run the wizard

image

2.  This TAM E-SSO agent create a folder called Encentuate which was acquired by IBM.

image 

3. This is will ask for TAM SSO server

image

4.  Configuration of TAM SSO server will prompt to reboot.

image

5. After reboot  following screen will come which says GINA is modified . Login to windows logon

image

6. Check the following registry location and note down the change in GINA location . This Gina is from AM-ESSO which is "engine.dll"

image

7.  Now install the VDA 5.5 and reboot the machine check the same winlogon key  and verify the GINA. Now there is two GINA . One GINA modified by VDA and other had been added by Microsoft.

image

8. In order to work with SSO the sequence of GINA should be in the following order PICAGINA >> TAM-ESSO GINA >> MSGINA. Reboot this machine into safe mode and point both the registry key to following location.

image

9. After that VD is boot and assigned to the desktop group which I am not going to show here. Once the desktop launch it will be prompt for the AM-ESSO user name and password.

image

10. Once it is authenticated it will pass Active directory authentication . First time it will prompt to save the password

image

If you try to install the VDA first and SSO second then this is what the error message will come

image

Thanks to my friend Sandip for providing  CTX119665

Also Red book from IBM helped to give fair idea about AM-SSO GINA

Posted by Vikash Kumar Roy at 11:59 PM 0 comments
Labels:

Wednesday, February 15, 2012

How to Change Desktop Dirctor Dashboard Display

Desktop Director by default display only five count for display of Catalogs and Desktop Groups. 

image 

To change this display we need to make changes on IIS setting on Desktop Director server . This is located under Application setting of DesktopDirector website as shown below

image

After this change reset the IIS.  After this change Desktop Director display  10 setting. image

Posted by Vikash Kumar Roy at 11:03 PM 0 comments
Labels:

Monday, February 6, 2012

How to shut down arrogant VM on XenServer

Sometime VM hang and restarting xapi and toolstack  will not  help . There is a good way of doing this , oh yeah

1. Run xe vm-list and in this case INBLREHVDI0007 is the VM which says running image

2. Run list_domains command and find out domain ID . In this case it is 246.image

3. Destroy the domain using . This will sit as usual but press control + c and come out of the prompt.image

4. Run list_domains and check the domain ID has been changed.image

5. Reboot the VM and it will work perfectly .

image

Source is here

Posted by Vikash Kumar Roy at 11:51 PM 1 comments
Labels:

Saturday, January 21, 2012

How to monitor XenDesktop VDA registration Event ID's using EdgeSight

By default EdgeSight  provide template to monitor VDA event ID which is for XD 4.0

image

Detail of this template point to the event ID which is meant for XD 4.0

image 

So in order to monitor VDA 5.0 registration failure with DDC we need to create custom alert and update database with this event ID .

image

Select system Alerts in the below screen.

 image

Select the windows event log on the next screen in order to define the event ID.

image

Here define the event ID 10500 and event source as Citrix Desktop Service

image

Here click on next to assign to the desktop site.

image

Here choose which desktop groups you need to apply this template to.

image

Here again choose and select desktop group .

image

Here choose to create the new alert action

image

Here select email as the notification mechanism.

image

Here choose the alert email recipient and the subject line. Click finish to come out of the loop.

image

Now we need to make changes to SQL to accept this event ID. Open the ES database and run the SQL queries

select * from alert_config  . This will list the alertconfigid, choose the highest one. In my case it is 20

image

Now check the existing data which has been updated.

Select * from alert_config_value where alertconfigID=20image

Now we have to database with more event id

update alert_config_value set key_value = '10501,10502,10508' where key_name='EventID' and alertconfigid=20

Rerun the select query  Select * from alert_config_value where alertconfigID=20

to confirm if the other event ID is updated.

Posted by Vikash Kumar Roy at 12:33 AM 0 comments
Labels:

Monday, January 16, 2012

How to display more line item on Desktop Director DashBoard.

Quite confusing from the title of the blog , isn't it ? Well this has been a normal situation when dashboard is launched only 5 desktop group status will be shown on the dashboard as shown below.image

This can be modified by changing IIS attribute of DesktopDirector application settings as shown below.

clip_image002

Posted by Vikash Kumar Roy at 3:14 PM 0 comments
Labels:
Subscribe to: Comments (Atom)