Symantec and Citrix PVS streamed pooled desktop

I am assuming by now everyone what happen when we use Symantec anti virus on PVS streamed virtual machine. This has been discussed in detail in the article from Symantec. Something to quote from

• Loss of communication between provisioned Symantec Endpoint Protection clients and manager.
• Duplicate client entries appearing in the Symantec Endpoint Protection Manager (SEPM) every time a provisioned client is rebooted.
• Provisioned Endpoint Protection clients switching between SEPM client groups, receiving wrong policies, not maintaining current definitions, etc.

To fix this Symantec suggest following :

1. Disable Tamper Protection on the SEP client; this must be done to allow the file and registry changes in steps below.
2. Close any open SEP Client GUIs, go to the command line, navigate to the Symantec Endpoint Protection program files directory and stop the SEP Smc service  smc -stop
3. Set SEP service to start manually. 
   In SEP 12.1, set HKLM\SYSTEM\CurrentControlSet\services\SepMasterService\Start=3
   In SEP 11.x, set HKLM\SYSTEM\CurrentControlSet\services\SmcService\Start=3

Now if you do not follow above two steps you wont be able make changes in the registry. If attempted following will be the error

 

So we must  follow steps as mention above and first of all disable Tamper protection. But how will you do so because as soon as you stop Symantec service as mention above you wont get GUI and if client is managed one this will be grayed out by default.

So how to set the SEP service to manual ?

a) From SEP server browse to Client and then choose the container for which we have to disable Tamper protection. Choose "General Settings"

b) Under general setting you can find Tamper Protection option uncheck the box for making changes from client side

c) Now when you check the client side it will be disabled

e) Now when you try to make registry changes then it will allow you to make the changes also you can verify that SEP service has been set to manual

Revert back the change made in step b) . Also now we have to implement the script for machine startup . Copy the file under netlogin folder on Domain Controller and then apply the policies like this 

Not sure why people can not write simple plain KB understood by everyone .

Comparison of Flash Redirection with XenDesktop

I had been hearing that flash redirection does not work  and many tried to prove it via their own videos or what ever mean they had, so I thought why should I left behind :).
I used my laptop running MacBook Pro with HP Windows 7 based thin client running XenDesktop 5.6. Thin client were running windows receiver3.3.  I choose virtual tour of Marina Bay Sands hotel Singapore


So first I choose to record a situation which have do not flash redirection enabled. And check this video for it




Now what happen when Flash redirection work can you find any difference with virtual tour , no yes ? Yeah one is MAC screen and other one is HP thin client screen . Other than that any difference ? O wait I forget to add one more thing, this flash display is over 300ms + of latency.I know you have many questions regarding setting and stuff like that. Drop me a note and we can discuss this.

Cisco IP Communicator (CIPC) Network Tab grayed on PVS streamed Virtual Machine

When CIPC is launched on PVS streamed windows 7 virtual machine , the network tab is grayed out.

It has been found that if anything below CIPC 8.6 is used have known behavior. It need to be insure that correct version of CIPC  need to be used

If  8.6 is used

 

then network option is available for editing

Shadowing across firewall

While doing shadowing across firewall by default people guess 1494/2598 but that is not the case. Shadowing is tested RPD over RDP /RDP over ICA and both have different result. 

We captured wireshark trace and found that 139 and 445 which is not responding to send sync.

Once we opened above port shadowing started working. So for shadowing to work across firewall we need to open port 139/445/1494/2598

Integrating VOIP 1: What would be best Citrix policy for SoftPhone

I had been testing softphone for a while now and was trying to find out what would be best Citrix policies for these softphone. I will be writing couple of series with regard to softphone, hence bear with me please :) .

We have tested following softphone on Virtual Hosted Desktop (VHD) and the mostly because of Call center manager setup which most of the organization have. Most organization uses MAC based extension registration and what does it mean in terms of virtualization, say if you are using Hosted Shared Desktop (XenApp) then it won't be possible to host softphone on XA. Even it is IP based extension registration it can be managed because Windows 2008 R2 allows you to have virtual IP . This changes are very difficult for voice team hence hosting such VOIP based application on XA does not work.

Soft Phone which we have tested so far

1.    Nortel
2.    Avaya
3.    Cisco
4.    Genesys
5.    CosmoDesk

All of them worked perfectly fine with Windows 7 as well as XP . Voice quality was perfect and close to that of physical desktop. To get the result  following set of  standard  XD policies had been used

Other then these policies many other factor contribute to this voice quality and some of them are

1. End device thin client /thick client

2. Receiver version used

3. End device operating system.

4. Headset used.

5. Voice codec used.

I will discuss some of the factor in my next posting. Till then thank you