Create preconfigured AppCenter / Delivery Services Console

In the past I've always just had the other IT staff configure the Delivery Services Console on first run themselves.  With AppCenter I found that each time they launched it through their Citrix Profile it wouldn't save the server discovery.

Found the following that worked perfectly.  This allowed me to configure their server discovery and add in the idle times and reorder the columns as desired for everyone.

http://support.citrix.com/article/CTX126752

Windows 2008 R2 Password Notification causes more issues than helps

With Windows 7 / 2008 R2 Microsoft changed the way password notifications look. 

After upgrading from PS 4.5 to XenApp 6.5 we fairly quickly found that the default password expiration notification changes from 14 days down to only 5 days.  This doesn't work well in an environment where part time workers may be off a week at a time.  No problem, set the GPO and mark it for 14 days right...  One would think.

Unfortunately, MS changed the popup.

This presents 2 issues in my environment:

• The popup doesn't display for long enough  (this can be corrected via GPO)
• Users tend to miss it
• Or ignore it
• CTRL+ALT+END doesn't work for our Citrix sessions. 
• When connected through the web interface it just doesn't do anything
• When connected from a thin client (Wyse and HP clients) it disconnects the session  ACK!

In our case when connecting from:

• Thin Client - CTRL+ALT+DEL works fine...
• Web Interface - CTRL+F1 works

After messing around with several options I ended up opting for the following:
http://serverfault.com/questions/140816/with-no-password-expire-notification-at-logon-in-windows-7-how-are-you-configur

With a slight amount of modification to the message you can make it fit your scenario.
I then added it to GPO as a user configuration logon script.  With this I added the GPO Loopback mode as "Merge" and applied the policy to the machines that needed it (Citrix, RDS / Terminal Services, others)

Dim oDomain Dim oUser Dim maxPwdAge Dim numDays Dim warningDays warningDays = 300 Set LoginInfo = CreateObject("ADSystemInfo") Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "") strDomainDN = UCase(LoginInfo.DomainDNSName) strUserDN = LoginInfo.UserName Set oDomain = GetObject("LDAP://" & strDomainDN) Set maxPwdAge = oDomain.Get("maxPwdAge") '======================================== ' Calculate the number of days that are ' held in this value. This is line 20 '======================================== numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _ maxPwdAge.LowPart) / CCur(-864000000000) 'WScript.Echo "Maximum Password Age: " & numDays '======================================== ' Determine the last time that the user ' changed his or her password. '======================================== Set oUser = GetObject("LDAP://" & strUserDN) '======================================== ' Add the number of days to the last time ' the password was set. '======================================== whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged) fromDate = Date daysLeft = DateDiff("d",fromDate,whenPasswordExpires) 'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged if (daysLeft < warningDays) and (daysLeft > -1) then Msgbox "Your password expires in " & daysLeft & " day(s)" & chr(13) & "Date Expires: " & whenPasswordExpires & chr(13) & chr(13) & "Press CTRL-ALT-DEL and select the 'Change a password' option" & chr (13) & chr (13) & "NOTE: For PPH Citrix Website:" & chr (13) & "If you logged in through the PPH Citrix Website then please press CTRL+F1 and select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!" End if '======================================== ' Clean up. '======================================== Set oUser = Nothing Set maxPwdAge = Nothing Set oDomain = Nothing


Who would have thought that something as simple as "changing your password" would be such a

nuisance and so poorly implemented by Microsoft.

Fixing the Outlook Address Cache / Autofill after recreating email address in Exchange

Recently I had a scenario where we wanted to convert a distribution group to a user mailbox. This was an email address that everyone uses. Of course this can't be done without deleting the dist group and creating as a user mailbox. Unfortunately when you delete the distribution group and recreate as a user the Outlook autocomplete / autofill will break because the value that outlook looks at is different for the new object.

This will result in a NDR like the following: (for dist group test@mydomain.org)

Delivery has failed to these recipients or groups:

'Test' <mailto:IMCEAEX-_O%3DHERE_OU%3DEXCHANGE%2B20ADMINISTRATIVE%2B20GROUP%2B20%2B28FYDIBOHF23SPDLT%2B29_CN%3DRECIPIENTS_CN%3DTesta56@mydomain.com>

The e-mail address you entered couldn't be found. Please check the recipient's e-mail address and try to resend the message. If the problem continues, please contact your helpdesk.

Diagnostic information for administrators:

Generating server: Server.mydomain.com
IMCEAEX-_O=HERE_OU=EXCHANGE+20ADMINISTRATIVE+20GROUP+20+28FYDIBOHF23SPDLT+29_CN=RECIPIENTS_CN=Testa56@mydomain.com
#550 5.1.1 RESOLVER.ADR.ExRecipNotFound; not found ##



As Ben points out this can easily be fixed: https://www.simple-talk.com/sysadmin/exchange/exchange-e-mail-addresses-and-the-outlook-address-cache/

This helps keep our 200+ users from having to fix on their own or more likely calling the help desk to have us fix it


And to help convert the IMCEAEX string
http://support.microsoft.com/kb/2807779

\Windows\System32\config\system Status: 0xc000014c missing, or corrupt

On a Lenovo E520 running Windows 7 x64 user ran out of power and system crashed.  When it came back up the user was presented with:
File: \Windows\system32\config\system
Status: 0xc000014c
Info: Windows failed to load because the system registry file is missing, or corrupt.

I tried using the Lenovo recovery media without success.

I then plugged in a Dell recovery disc and just went into the Windows recovery cmd prompt.  At that point I found that the hard disk was mapped to the D drive.

sfc /scannow /offbootdir=d:\ /offwindir=d:\windows


After it finished running I rebooted the computer and gave back to the user (after tucking away my handy Dell disc)

IIS7 - Cannot find the certificate request that is associated with this certificate file

Seems like once a year (or longer) when I renew our SSL cert this causes me some headache.  The worst part about the error is that it's false and the cert was created just fine!

In this case I create the CSR and get the new cert which is delivered in PKCS #7 (.p7b).  When you "complete Certificate Request" and point it to the p7b file (note you have to change it to *.*) you then get the error "Cannot find the certificate request that is associated with this certificate file".

At that point I usually troubleshoot if I created the p7b incorrectly (which I did nothing wrong).


Instead you just need to click OK and then hit refresh (F5) on the IIS7 certificates screen.  Your new cert appears :)

At this point you can export it as pfx and convert to pem if needed.

Script - detect users SID and make registry changes based on it

Deploying some laptops I needed to add registry changes to the account.  Unfortunately the accounts where not domain accounts making it slightly harder.

To complicate matters registry for these particular machines is disabled by GPO and we didn't want to enable it.  Thus the user can't run the reg add themselves AND for each computer the user SID is different.

Solution was to use psgetsid to find the users sid and then add the reg keys using this from an account that has access to regedit on the machine.

Example:
For /f "delims=" %%i in ('c:\admin\psgetsid.exe usernameofaccounttochange') DO set usersid=%%i

reg add "HKU\%usersid%\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /t REG_SZ /d 460000001e00000001000000000000000000000000000000010000000000000018dc31de5756ce0100000000000000000000000000000000 /f
reg add "HKU\%usersid%\Software\Microsoft\Windows\CurrentVersion\Explorer" /v EnableAutoTray /t REG_DWORD /d 0 /f



Note:  You can also use %username% to detect the currently logged on user and retrieve sid for the script, BUT if you do this note that if UAC is enabled or prompts then the username that will return will be that of the admin account that you enter for UAC.  Which is likely not what your after.

Internet Explorer slow on first open

Configuring new laptops we found that Internet Explorer was very slow loading the first time when connecting to a new network (in our case wireless networks).  This was with IE8, IE9, IE10 on a Windows 7 x64 machine using both the 64 and 32 bit versions of IE. 

After many hours of cursing I found that this was due to the following setting:
Internet Options, Connections, LAN settings, Automatically detect settings.

Unchecking this options fixed the issue.


In the registry this is found here:
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections" /v "DefaultConnectionSettings" /t REG_SZ /d 460000001e00000001000000000000000000000000000000010000000000000018dc31de5756ce0100000000000000000000000000000000 /f

In particular, the 01 set that I have bolded is what disables it (09 is enabled).
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/cb6abb30-4360-4d3d-93fc-61823b2a5c20

Note: in our case this only effected WLAN connections.  Broadband and LAN did not display the issue (unless WLAN was also connected at the same time).

Prevent domain users from logging into computer

We have a number of laptops that are in a common area (ie conference rooms, shared amongst staff) as well as out in the field where they use them more as a "thin client" to connect back to a Citrix environment.  On these laptops we don't want them logging in as their domain account and having the ability to copy sensitive files to the local disk.  We also don't want a specific domain user logging into a laptop then walking off without logging off and thus effectively preventing the next user from accessing the computer (unless they hard power the system, which isn't what we want).

In the past with Windows XP I was able to quickly remove this access for domain users while not effecting domain admins by removing the following groups from the local "users" group via a script during setup.
Net localgroup users "domainname\Domain Users" /delete
Net localgroup users "NT Authority\Interactive" /delete
Net localgroup users "NT Authority\Authenticated Users" /delete



If you attempt this in Windows Vista and above it results in slow logon, logoff, blank desktop, etc.  IE, it doesn't work.
http://support.microsoft.com/kb/970879



The easy way around this (and the proper fix anyways) is to simply limit the "allow logon to this computer" setting in GPO.

If you open gpedit.msc on the local machine you can see the normal settings for this key:

So we can see that we can easily remove the "users" group from the list.  This will prevent anyone that falls in the "users group" from logging in. 

Now you need to add any of the specific usernames that you do want to allow to login.
This for example could be a specific local account or specific domain user accounts.

I highly recommend that rather than doing this with the local GPO you do it in the domain GPO with an OU specific GPO that contains the computers you want it to effect.  Ensure you don't attach the GPO at the wrong OU or you'll cause havoc across your environment.



Note: depending on your environment setup this could have unexpected results.  Specifically if you have certain users accounts that are non-admin that have to access the system for certain tasks (backups, services, scanning, etc).

XenApp 6.5 Get-XAPrinterDriver shows removed drivers

When attempting to replicate drivers in a new farm with Powershell I found that using the Get-XAPrinterDriver -ServerName CtxTest01 would return a list of servers that included old drivers that had been removed (and didn't include new drivers that had been installed).

Rebooting did not help.  Looking back at the scenario recreating the LHC may have worked.

Update-XAPrinterDriver -ServerName CtxTest01

After running the above drivers showed as expected.


Replicate drivers:
http://support.citrix.com/article/CTX126125

printer driver is not installed error on 2008 Print Server

This is nothing new, been around for years, but every year or so I have to spend another 10 minutes having to search out the answer again.

On a Windows 2008 R2 print server I switched a printers driver to another driver and was greated with "printer driver is not installed on this computer. Some printer properties will not be accessible unless you install the printer driver. Do you want to install the driver now?".

Installing the driver again (was already installed) doesn't help.


http://social.technet.microsoft.com/Forums/en-US/winserverprint/thread/5101195b-3aca-4699-9a06-db4578614e2d/


This effects out of the box HP printer drivers.  In my case the HP 4100 series PCL drivers.

Navigate to
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Print\Printers\(printers name)\PrinterDriverData
Change the key HPTrayCount to 12.

Do this for each printer (and repeat anytime you change the driver).

Server 2008 R2 - Remove Libraries, Network, and Favorites from Explorer

During the deployment of XA65 I quickly found that I didn't want the Libraries, Network displaying.  Also, I wanted to remove certain content from Favorites, but leave the desktop (since we redirect our desktops to a central store).

 

Microsoft didn't provide a great way of removing this functionality.  Fortunately there are many in the comunity that are sharp and figured this out on their own.

 

Thanks to Marco Sues from this Citrix thread for the solutions: http://forums.citrix.com/thread.jspa?threadID=266828

 

From this we're able to quickly add the necessary keys into GPO for all our Citrix servers to remove the undesired libraries for both x64 and x32.  In addition to adding the keys you also need to give SYSTEM full control over the shellfolder.  This can be done if you use Computer Config/Policies/ Windows Settings/Security Settings/Registry to change the permissions. Use GPO preferences to update the attributes keys.

 

Favorites:

x64 = HKEY_CLASSES_ROOT\CLSID\{323CA680-C24D-4099-B94D-446DD2D7249E}\ShellFolder

x32 = HKEY_LOCAL_MACHINE\Software\Wow6432Node\CLSID\{323CA680-C24D-4099-B94D-446DD2D7249E}\ShellFolder

for both

Attributes = a9400100

dword / hex

 

 

Libraries:

x64 = HKEY_CLASSES_ROOT\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder

x32 = HKEY_LOCAL_MACHINE\Software\Wow6432Node\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder

for both

Attributes = b090010d

dword / hex

 

 

Network:

x64 = HKEY_CLASSES_ROOT\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder

x32 = HKEY_LOCAL_MACHINE\Software\Wow6432Node\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder

 for both

Attributes = b0940064

dword / hex

 

Once this is set in your GPO do gpupdate /target:computer and then logoff and back on. (explorer needs to reinitialize)

 

 

In my case I decided I didn't want to remove Favorites since it gives quick and easy access to the desktop.  Instead I redirected it to a central location for all users.  This implys that end users won't be able to add their own "favorites" to the folder.  This can be done with folder redirection and then place the desktop shortcut in the folder.

You could also easily redirect it to their own personal stash and the script the removal of the unwanted "links" (located in the users Links folder)

 

 



Netlogon 5719 at startup

This issue was a real booger and I almost threw in the flag and called in the big guns.

This error has been around for awhile.  There is a lot of information out there on it and a LOT of reasons it can occur.

I've actually run across this now twice.  Once in my server VM environment and also on new desktops.  It is possible / likely they are related due to the use of switches being simular / same.


In this post I'm focusing on the Virtual Environment issue.

I first discovered the issue when building an Exchange 2010 server and finding that the services where not starting automatically on boot.  This led me to find the Netlogon 5719.  After a review of the events it was obvious that this service was attempting and failing to start before the network was connected.

After find this: http://support.microsoft.com/kb/938449 I tried some of the suggestions with no help. Note this setup was with ESXi 5.1 going back to HP ProCurve switches (2810's).  STP was off on the switches.  Also, connected to the same switches is a XenServer environment and a few physical servers which do not see the issue.

Some of the different posts and KB's I found suggested that this isn't an issue and can safely be ignored as long as you can reach the DC to login.  After the set timeperiod Group Policy will apply.  Unfortunately this is NOT a solution nor a good workaround (for desktops, servers, anything).  This causes lots of issues in a domain environment especially where folder redirection, logon scripts, etc.  The proper fix is to be able to get the NIC to initialize before netlogon OR for MS to provide a method for admins to reliably force netlogon to wait for the NIC.

After messing around for awhile I discovered that this only occurs if the NIC is set to static IP.  When set to DHCP all works as expected.

So, at this point we could do DHCP reservations to make it work, BUT this isn't a solution for DC's or DHCP servers, and sometimes a static address is necessary or easier.

After finding a thread on VMWare communities that was exactly my issue it was suggested to try changing the ArpRetryCount.
http://communities.vmware.com/thread/316237?start=15&tstart=0

Bingo!

This could indicate a deeper network issue or possibly a flaw in logic as to when netlogon service should attempt to start.


Note: I also commonly see an issue very simular to this on workstations with SSD's (some differences, occurs when set to DHCP but not static, etc).  In these cases changing the ArpRetryCount does not help although I did find that it is heavily dependent on the type of switch that the workstation is plugged into.  For instance, the issue occurs when plugged into HP ProCurve switches, but does not occur when plugged into cheapo Linksys / Cisco switches.  This likely indicates configuration issue with HP ProCurve (although, many report same or simular issues with enterprise Cisco switches).  It may also be caused by the type of NIC / driver on the system (ie Realtek driver issue).  I have not been able to dig into this issue in great detail yet.

Citrix print management service crashing

Awhile back I posted about cleaning up print drivers in XA4.5. Recently I started to have issues again with printers not being auto created with what appeared to be the same issue of the spooler crashing and taking the Citrix service with it. Oddly it wasn't logging the crash though.

(see this post: http://didyourestart.blogspot.com/2009/04/terminal-server-citrix-printing-errors.html)

It then occurred to me that it's not the same issue! Duh

On a pool of 8 XenApp 5.0 (windows 2003) with R07 installed I've found that occasionally the Citrix Print Management Service will crash.  Note that in this instance the Print Spooler is NOT crashing, only the Citrix Service.  I determined this by using the script in my other printing issue post so that it would log when the print spooler crashed.  In this case no log was ever generated on the servers after a failure.

I then added a new short script and set it to run on failure of the Citrix Print Management Service.  On the next failure sure enough I had my log showing the failure time.

Batch File contents
net start "Citrix Print Manager Service"
SET logfile=C:\AdminTools\CitrixCrashLogs.log
ECHO Citrix print management service crashed on %date% at %time% on %computername% >> %Logfile%

I then set the Citrix Print Management Service to run this program on failure.

This tells me that it's a different issue causing the failure of the Citrix service since print spooler isn't actually crashing.  I believe this is an issue that was introduced sometime post R05 as I never had the issue (that I'm aware of) until updating to R07.  Note that I had skipped installing R06.  I also tested this on a fresh Citrix build with the same results.

I now implement the above batch file as part of my build on all XenApp servers.  This has reduced the help desk calls for this issue down to 1 or less a quarter.

Convert XenServer XVA to VMDK for VMWare ESXi 5.1

During our conversion from XenServer to VMWare I had one machine that had a woopsy and would no longer boot in XenServer without BSOD.  Of course, this is the ONE machine I didn't snapshot first HA.

Environment:
XenServer 5.6 SP2
ESXi 5.1


Cause:
During the conversion, I uninstalled the XenServer tools.  When I went to use VMConverter on the machine it couldn't find the disk due to drivers on the SCSI controller.  So, I went to select a generic driver for the controller and low and behold, I selected the wrong one and rebooted.  ACK  Of course I was greeted by the BSOD.


Solution:
I could have just rebuilt the machine, but it was one of those pain machines (ie, reconfiguring it would be more painful then spending an hour seeing if I could fix it).

1. Export from XenServer to XVA format
1. I tried to export to OVF, but it would fail and after some quick looking on the citrix forums it looked like it would likely be easier to export to xva then convert to ovf
2. XenConvert v2.3.1  (version 2.5 doesn't have the options necessary to do this)
1. From = Xen Virtual Appliance
2. To OVF
3. This converts to OVF format which gives you 2 files, an OVF and a VHD
3. WinImage v8.5 (http://www.winimage.com/download.htm)
1. Disk dropdown
2. Convert virtual hard disk image
3. Select the OVF (vhd file)
4. OK
5. Type name and change save as type to vmdk
6. When you click save the conversion starts
7. At the end you don't need to mount it with winimage
4. Create a new virtual machine using the datastore that you want.
1. Edit the VM and delete the Hard Disk
2. Browse the datastore and delete the vmdk file
5. Veeam FastSCP (I used the older version)
1. Copy the 2 files that WinImage created to the datastore VM Folder
1. both are vmdk files.  One will be large the other small.  Both are required for this to work (otherwise when you add a hard disk in the next step it won't see it)
6. Back in VMWare now
1. Add hard disk
2. Browse to the VMDK and select it
3. Boot
4. Login and install tools
5. Restart
7. Change the disk from IDE to SCSI
1. In VMWare edit the VM and add a new hard disk of 1GB using SCSI (this pulls the controller into the image)
2. Delete the disk you just created
3. shutdown the VM
4. Now we have to edit the vmdk, this can be done using vi, but I'm a windows guy so I used notepad++ on my workstation
1. pull a copy of the small vmdk down to your local drive using Veeam FastSCP
2. edit with notepad++
3. modify the line "ddb.adapterType = "ide" change to "lsilogic"
4. save and push the file back up to the datastore overwriting
5. Delete the primary IDE hard disk
6. Browse the datastore and delete the 1GB vmdk that we created earlier (for getting the LSI controller installed)
7. Add new hard disk and point to the vmdk
8. It will find it as SCSI / LSI Logic
9. Note: if you have a CDROM, it will be IDE 0:1, so you'll want to delete it and re-add it so that it picks up IDE 0:0
10. Boot

That wasn't so bad...


Your results may vary :)

Convert from XenServer 5.6SP2 to VMWare ESXi 5.1

Recently we converted our main environment from XenServer 5.6 SP2 (Lefthand Networks SAN/iQ) to VMWare ESXi 5.1 (Nimble Storage CS240).

First off, we looked very hard at XenServer 6, Hyper 2012, and ESX.  After getting hands on for each solution VMWare imo was hands down easier to use and gave better results.

Next, Nimble Storage is awesome!  If your looking at storage give them a good look.



The conversion is pretty easy really, but if you get the steps wrong you can end up with BSOD and other ickyness.  This worked for me, your experience may be different.  I took snapshots at the Lefthand level and XenServer level before touching anything.  Results may vary.

There may be an easier way, doesn't really matter to me. This worked consistantly for me so I'm stickin to it.

It's best practice to rebuild rather than convert.  I only converted machines that couldn't be rebuilt, where being replaced soon (but not ready to replace just yet), or when I was short on time and had to move it immediately. 

Server 2008 / 2008 R2

1. Download and install VMWare Converter 4.3, yes, the older version
2. Disable any services necessary (ie, IIS, etc)
3. Ensure your logged in through the default view, not RDP.
4. Uninstall XenTools and reboot
5. Go into Device Manager
6. You'll see that the SCSI Controller doesn't have a driver.
1. VMWare converter won't see the disks because of this
7. Right click the SCSI Controller
8. Update Driver Software
9. Browse my computer for driver software
10. Let me pick from a list of device drivers on my computer
11. (Standard IDE ATA/ATAPI contoller)
1. IDE Channel
2. If you get the wrong one you'll likely see a BSOD upon reboot
12. Reboot
13. Open VM Converter
14. Convert Machine
15. Select "This local Machine"
16. Note that "View source details..." lights up. Click it
17. Ensure that a Source disk is listed (if you didn't change the controller driver then none will be listed and it will error when you attempt to convert)
18. Type in the info for one of your VMWare hosts
19. Select your datastore target
20. Change RAM, CPU, etc as fit
21. Finish and wait
22. Once it's completed shutdown the VM in XenServer
23. In the VMWare console edit the VM.
24. Delete the CDROM and Hard Disk
25. Add a new Hard Disk as the SCSI 0:0 and point to the VMDK
26. Add new CDROM with basic settings
27. Start the machine and install tools
28. Note that the VM Version is listed as 4
1. Shutdown the VM
2. Right click the VM and choose the option for "Upgrade Virtual Hardware"
3. It should now show as a vmx-09
29. Change the nic to vmxnet3 if desired
30. Boot and change IP address if needed
31. Uninstall VMWare converter

Since typing the Windows 2008 section, I tried something new that worked amazingly well with little downtime.  I did this with Windows 2008 RTM x32 and Windows 2008 R2 successfully.

1. Download and install VMWare Converter 4.3.  New version may work better.
2. Open VM Converter
3. Convert Machine
4. Select "This local Machine"
5. Type in the info for one of your VMWare hosts
6. Select your datastore target
7. I had to edit the devices and change the controller to IDE
8. Finish and wait
9. At this point it's extermely important to remember that we don't want both VM's on at the same time.  BUT I wanted to ensure that my new VMWare VM would boot...
10. Change Settings
1. Change network to an isolated network off production.
11. Delete the CDROM and Hard Disk
12. Add a new Hard Disk as the SCSI 0:0 and point to VMDK
13. Add new CDROM with basic settings
14. Start the machine
15. Uninstall XenServer Tools
16. Reboot
17. Install VMWare Tools
18. Shutdown
19. Note that the VM Version is listed as 4
1. Shutdown the VM
2. Right click the VM and choose the option for "Upgrade Virtual Hardware"
3. It should now show as a vmx-09
20. Boot the server and ensure it boots
21. Shutdown VMWare VM
22. Shutdown XenServer VM
23. Edit VMWare VM and change NIC to production network
24. Boot and change IP address if needed
25. Uninstall VMWare converter

I was amazed how well this worked.  NOTE: I did this on fairly unimportant systems.  Not sure I'd do it with systems that are critical (besides, I rebuilt anything critical, converting is never my first choice)

Windows 2008 RTM: I also had to delete the NIC (which was listed as Flexible) and add a new one for VMXNET3.

One final strange thing I noticed is that the IntialKeyboardIndicators key would get messed up.
This is found under KHEY_USERS\.Default\Control Panel\Keyboard
It would be set to 21474836648 after conversion
Changing this back to 0 made it work as expected.