Thursday, December 18, 2014

XenDesktop 7.5 Publish Application to Multiple Delivery Group

Recently I deployed XenApp/XenDesktop 7.5 environment with StoreFront 2.5. By default, using the GUI console, it only allows you to publish an application to a single Delivery Group.

If you have 4 servers and 2 delivery groups, and in each delivery group, 2 servers are registered, with this configuration in mind, you can only publish a particular application to a single delivery group, which equals to 2 servers only.

There was a requirement to be able to publish an application to all the 4 servers within 2 delivery groups. Apparently this is not possible using the GUI console.

However, using PowerShell you can !

You publish the application to the 1st delivery group using the GUI console, then you publish to the 2nd delivery group using the following

Add-BrokerApplication -Name "My Published App" -DesktopGroup "Delivery Group 2"

Note: There is a bug with this, which I believe is fixed with 7.6. The bug is if you were assigning a user to only a single delivery group, that user won't be able to see any of published application assigned to him/her. The user must be assigned to both delivery group.

Monday, December 15, 2014

Citrix XenApp 6.5 Cloning

Here are the steps I've followed successfully to clone a non Data Collector XenApp role without using PvS: 

Find out about VMware Customisation
yes or no

Find out Data Collector
qfarm

Local Admin Password
find out the username/password for local admin of the cloned machine

Shutdown XenApp Server
shutdown

Backup
Take a snapshot of all XenApp Servers
SQL database

Start the XenApp Server
start

XenApp Role Manager
Start XA Role Manager
Edit Configuration
Prepare this server for imaging and provisioning
Do NOT remove this server from the farm
Apply
Change IMA to Manual

(if) there is NO VMware customisation Wizard
Run sysprep here (or not if want to use as a VMware template later)

Shutdown XenApp Server
shutdown

Clone
Clone use vShpere Clone
- customize (if sysprep has not been done)
- no customize (if want to convert this as a template)

After finish cloning, convert the cloned VM to a template

Deploy
Deploy VM from Template and Customize
Make sure it does not have network connected
Remove from Domain
Let it reboot once

Join to Domain
Connect the network
Join the deployed VM to the domain
Reboot

Start IMA
Start IMA
Check Server Join to farm
Change IMA to automatic


Change the original master server IMA to automatic

Wednesday, November 12, 2014

Citrix PS or XenApp Data Store Move - Domain Service Account

To move Citrix SQL data store from one server to another and using domain service account rather than SQL built-in account, follow the process below


  • Stop IMA services from all Citrix servers
  • Backup the database from the source SQL server
  • Restore the database to the destination SQL server
  • Add the domain service account to the SQL server and assign dbo rights to the database that just been restored
  • Edit the MF20.DSN file on each Citrix Server and make sure the following value exist
UID = DOMAIN\USERNAME
Trusted_Connection=Yes
DATABASE=SQL-SERVER-DATABASE-NAME
WSID=CITRIX-SERVER-NAME
SERVER=SQL-SERVER-NAME[\INSTANCE]
  • Save the MF20.DSN file
  • Run the following command
dsmaint config /user:DOMAIN\USERNAME /pwd:PASSWORD /dsn:"FULL-PATH-TO-MF20.DSN FILE"

Note: /dsn: requires double quote ""

Then run this:

dsmaint recreatelhc

Then Start the IMA Service

Saturday, October 25, 2014

Getting AD NetBIOS Name From User DN

(Get-ADDomain (($user.DistinguishedName.Split(",") | ? {$_ -like "DC=*"}) -join ",")).NetBIOSName

Saturday, September 27, 2014

SSL Certificate Binding to Process

SSL certificate is usually used in Web Server, IIS for example. Obviously binding an SSL certificate to IIS site is a very straightforward task.

Using IIS Manager, you go to the site


Edit Site Bindings...


Select the https (443)


The select the certificate from the list



Sometime you need to bind SSL certificate to a process or an application. If the application has got an interface or GUI to bind to an SSL certificate, great!. If not, then you need to follow the process here:

Get the application ID, by running WMI query:

wmic product list

This query produces a list of application name, its identifying number and install location


Get the application identifier number (highlighted)

The next step is to get the SSL certificate hash/thumbprint. To get this you can either run:

netsh http show sslcert


or

Get it from the certificate itself


Finally you can bind it using the following command:

netsh http add sslcert ipport=<ip address>:<port> certhash=<cert thumbprint> appid={<app id>}







Sunday, August 31, 2014

PowerShell Sorting Hash Table

This is just a quick one, how to sort PowerShell Hash Table:

$ht = @{}
$ht.Add(key1,value1)
$ht.Add(key2,value2)

$ht = $ht.GetEnumerator() | Sort-Object -Descending Value

Wednesday, July 16, 2014

PowerShell Module Quick Rundown

Yes, you have created PowerShell Script. But you better off converting your PowerShell script to a PowerShell Module.

To create a module, first you need to convert your script to a function. Test the function and when you are ready:

(optional) - Export Function to be exposed to the public
add the following line to the end of your PowerShell Script File
Export-ModuleMember -Function <Function Name>

Save the file as <ModuleName>.psm1
Note: <ModuleName> is the module name

Get the PS Module path
$env:PSModulePath

Go to the PS Module Path
Create a folder EXACTLY the same name with <ModuleName>
Store the <ModuleName>.psm1 to the PS Module Path folder created

Check the Module is now available
Get-Module -ListAvailable

Import Module
Import-Module <ModuleName>

To view command available in the module
Get-Command -Module <ModuleName>

(optional) - To Create Manifest
New-ModuleManifest -Path <Path to the .psd1 new manifest file> -FunctionsToExport <Name of functions to be exported> -Author <Author Name> -CompanyName <Company> - Copyright <Copyright> -ModuleVersion <version#> -Description <Module Description>

Note: Path must be the same location where the actual module file (.psm1) is located

Wednesday, June 25, 2014

Passed Microsoft Exam 074-409

Today, I passed 074-409 Microsoft Exam: Server Virtualization with Windows Server Hyper-V & System Center. Not bad... what's next I wonder?

Sunday, June 22, 2014

BitLocker Day

Today is the BitLocker day. I am BitLocking my file system with BitLocker. I have a QNAP and a File Server running Windows 2012 R2. My client machines, Windows 8.1 is having mapped drives that attach to the network shares on the File Server.

To secure the files:
Firstly I have a iSCSI drive set at QNAP and my File Server is using that drive by iSCSI initiator, lets say I: drive

Secondly, I create a VHDX file and store it in the I: drive. This newly created VHDX file is then mapped as a volume, lets say G: drive.

Thirdly, I have my data stored in the G: drive and share it as necessary to be used by my Windows 8.1 client.

Lastly, I enable BitLocker on the G: drive so that the VHDX is encrypted.

By having this configuration, the actual data is stored within the VHDX file which is encrypted by BitLocker. The I: drive is not encrypted - however it only contains .VHDX file(s) that need password if you want to mount that.

I purposely do not enable BitLocker auto-mount on G: drive. This to ensure if both File Server and QNAP are stolen, my data is not exposed. The only disadvantage of this method is that I need to mount the G: drive every time the File Server is rebooted - no biggie.


Thursday, May 08, 2014

Git Server Part #2

I found out today that WebDAV is not the best way to setup Git server. Instead we are better of using Git-HTTP-Backend or "Smart" HTTP

Also we are going to install gitweb too, to enable us viewing project and repositories using the web browser.

To install gitweb:

sudo apt-get install gitweb

Install fcgid Apache2 Mod:

sudo apt-get install libapache2-mod-fcgid

Enable all Apache2 modules required:

sudo a2enmod env alias fcgid

Restart Apache2:

sudo service apache2 restart

From the previous blog, I have Git website setup already, so I need to modify my site.conf file.

Modification #1 - Give Access to git-http-backend 

<Directory /usr/lib/git-core>
Require all granted
Options +ExecCGI +FollowSymLinks
</Directory>

Modification #2 - Setup Alias for Gitweb

Alias /gitweb /usr/share/gitweb

<Directory /usr/share/gitweb>
Options +FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi
</Directory>

Modification #3 - Add Script Alias


ScriptAliasMatch "(?x)^/(.*/(HEAD | info/refs | objects/(info/[^/]+ | [0-9a-f]{2}/[0-9a-f]{38} | pack/pack-[0-9a-f]{40}.(pack|idx)) | git-(upload|receive)-pack))$" /usr/lib/git-core/git-http-backend/$1

Modification #4 - Add Environment Variables

SetEnv GIT_PROJECT_ROOT /home/www/git
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv REMOTE_USER=$REDIRECT_REMOTE_USER

Next is to configure Gitweb. Edit gitweb.conf

sudo vi /etc/gitweb.conf

Change the $projectroot to the location of your project root folder
Save it

Next is to delete the gitweb.conf from /etc/apache2/conf.d/ folder

Now to access your gitweb, just point to: http://git.domain.tld/gitweb

Sunday, April 27, 2014

Setting Up Git Server for Remote Repository

I have been wanting to have my own local software development repository. My development 'mode' is ON again and ready to rock-and-roll. While using Visual Studio 2013, I noticed that it natively supports Git. Looking it further, found this amazing tutorial jump start of Git on MVA.

Git is a distributed repository model, however it also supports remote repository where commits can be pushed to the central remote repository and be shared with others if needed.

I am running my own Ubuntu server and while developing on my Visual Studio 2013 Git-ing locally, I would also like to 'Sync' all the commits to the central repository. So setting up Git 'Server' on my Ubuntu server is a good idea.

Git supports multiple protocols, like SSH, Git and HTTP. I prefer the later as I might want to collaborate with other developers in the future and HTTP is the better option for that.

I have Ubuntu 14.04 LTS Running Apache 2.4.7

Install Git

So, firstly first -setting up Git on Ubuntu server by running apt-get:

apt-get install git-core

Directory Structure

Now, I am going to create the home folder for this site located in: /home/www/git, then create different path for each prod, test and dev repos. To do that:

cd /home/www
mkdir git
cd git
mkdir prod
cd prod
mkdir repo01
cd repo01
git --bare init
git update-server-info


As you can see above, I am creating the first Git repo in /home/www/git/prod/repo01 and initialise the Git bare repository. Do the same thing for each test and dev repos.

Next, let's take ownership of the file structure

cd /home/www/git
chown -R www-data.www-data .

Apache Configuration

Next is to configure Apache2 to enable WebDAV Module and setup a new site for Git:
To enable WebDAV on Apache2, run the a2enmod command:

a2enmod dav_fs

after you enable the module, you can check with a2query

a2query -m dav_fs
a2query -m dav

To create the site, do the following:

cd /etc/apache2/sites-available
vi git.domain.tld.conf

once the editor opens, use this content:

<VirtualHost *:80>
ServerAdmin info@domain.tld
ServerName git.domain.tld
ServerAlias git2.domain.tld
#Indexes + Directory Root
DirectoryIndex index.php
DocumentRoot /home/www/git/
#Log Files
ErrorLog /home/www/log/git.error.log
CustomLog /home/www/log/git.access.log combined
<Directory /home/www/git>
DAV on
Require all granted
</Directory>
</VirtualHost>


The most important line is the DocumentRoot where you points to the folder where the root of Git repository will be. The second one is DAV on for WebDAV.

At this stage there is NO authentication and authorization setup on the Apache VirtualHost and I will show you how to use Active Directory as the LDAP for authentication later. Also noted that it is running on HTTP only at this point. In the future if I would like to publish this to the Internet, I will setup a reverse-proxy with HTTPS on the Internet-facing interface.

Testing Git

To test Git, on the client side:

mkdir /home/user/test
cd /home/user/test
git init
git remote add origin http://git.domain.tld/prod/repo01
touch index.php
git add .
git commit -a -m "Testing commit"
git push origin master


have fun!











Monday, March 17, 2014

Setting Up Hyper-V 2012 R2 Server Core

In the past year or two, I used to have 2 Hyper-V Servers. They are good for hypervisor platform. The best thing I like about having 2 Hyper-V Servers is Replication. I need the replication to make sure my critical virtual machines are available when one of the hosts failed.

Anyway, I decided to shutdown one of the hosts. I still need the replication for my critical virtual machines. My physical host has got a local RAID controller, on which all the virtual machines are running. I decided to create a virtual Hyper-V Server 2012 R2 Core running on this physical host.

Within the virtual Hyper-V server, I initiate iSCSI to my QNAP NAS and set the Hyper-V replication settings to use this iSCSI disk as the target for Hyper-V replication, e.g. all replicated vdisk will be stored in the iSCSI disk

The challenge is to configure Hyper-V server core, which by default has the firewall enabled.
Firstly, I need to enable the firewall for Remote Disk Management. The rules are there, but by default is disabled. We need to find the group on which the rules are specified.

To find the grouping:

Get-NetFirewallRule | Select DisplayGroup -Unique | Sort DisplayGroup


As you can see there is a group called Remote Service Management and Remote Volume Management

 To find the rule within the group:

Get-NetFirewallRule | Where {$_.DisplayGroup -eq "Remote Service Management"} | Select Name


As you can see there are 3 rules associated with the group. To enable them:

Get-NetFirewallRule | Where {$_.DisplayGroup -eq "Remote Service Management"} | Enable-NetFirewallRule

You then need to do the same thing for Remote Volume Management and Hyper-V Replica HTTP

Once you have enabled all the rules, from your physical host, using Server Manager, you can add your Hyper-V Core Server and right click on the server and run Computer Management from the context menu


Now because I would like to run iSCSI initiator from this virtual Hyper-V Core server, I then enable the Microsoft iSCSI Initiator Service and change its startup type to be Automatic

You then need to setup the iSCSI, by running iscsicpl from the command prompt of the Hyper-V Core Server


Enter the details of your iSCSI target and then using the Disk Management you can format and assign a drive letter to the newly created iSCSI disk. Once you have the disk, using Hyper-V Manager, run Hyper-V Settings


Within Hyper-V Settings, select Replication Configuration



Select Enable this computer as a Replica Server, and select either Use Kerberos (HTTP) or Use certificate-based Authentication (HTTPS)



Lastly, specify the default location to store Replica files


You can now start replicating your Virtual Machines!!

Monday, February 24, 2014

Java 7 Update 45 Security Warning Workaround

I am sure you have seen this warning message from Java:



Basically you need to click "I Accept..." and Run button to continue with your broken Java application. The worst thing is that, even you accept and terms and click Run every time this happens, some times it still does not want to run the Java application

This behaviour starts happening if you have Java 7 Update 45 installed.

There are work arounds obviously, first you can downgrade your Java to version before Update 45.
Or your can disable Java cache on your endpoint, by going:

In windows:
  1. Control Panel
  2. Java
  3. General Tab
  4. Temporary Internet File
  5. Settings button
  6. List item
  7. New Dialog : Temporary Files Settings dialog
  8. Disable the option : keep temporary files on my computer.

Tuesday, January 28, 2014

PsExec and PsInfo

PsExec and PsInfo have always been a great tools to execute remotely. I recently needed to push Flash Player 12 to remote machines.

I copied both PsExec.exe and PsInfo.exe  and flashplayer12-0_install_win_ax.exe file to my machine C:\Temp

To check the installed software on my machine, I run:

C:\Temp> PsExec.exe \\remote-machine -u DOMAIN\Username -c -f C:\Temp\PsInfo.exe -accepteula -s

-c : copy the PsInfo.exe to the remote machine
-f : force copy if the file exists on the remote machine
-s: Info for software

To Install the Adobe Flash 12 ActiveX on the remote machine, I run:

C:\Temp> PsExec.exe \\remote-machine -u DOMAIN\Username -c -f -h C:\Temp\flashplayer12-0_install_win_ax.exe -install

-h : run the installer with higher privileges
-install : adobe silent install flag