Tuesday, December 15, 2015

Files not showing up "timely" for some users with DFS-R

Recently we started having a strange issue where users wouldn't be able to see files, but other users could.

The locations in question resided in a share with DFS-R setup.  Only one of the folder targets was enabled so all users are looking at the same share.  We could even confirm with DFS tab that they where pointed at the same locations, yet User1 couldn't see the file and User2 could see it.  Navigating to the exact path of the share would then display that the file did in fact exist.  Only the DFS path showed the issue.

No issues being reported with DFS-R or AD (both running Server 2012).
Taking a step back I recalled that we had fairly recently added a new DC to the environment (Windows Server 2012 R2).

After a quick look at DFS Namespaces I realized that the new DC had not been added as a namespace server.

Preliminary reports look promising that the missing namespace server was the cause for this anomaly.  Note to self, always add new DC to namespace servers!

Wednesday, October 28, 2015

XenApp - Auto Restored printers / Lynx... / XPS Document Writer

Gradually over the past year I've seen an issue where strange printers appear for user, sometimes more than 100 of them, making it hard for them to find the proper printer they want. Many of them have Document Writer in there name, but some are more mysterious with names starting with lynx* and even other names.

Some quick digging on the server and you can quickly see that it's somehow related to the Microsoft XPS Document Writer being autocreated from the clients machine. Here we only auto create the users default printers, but this one (known this for a long time) still creates even when it's not the default.

 Looking in the users registry its pretty easy to track some of the settings back to HKCU\Software\Citrix\PrinterProperties as well as a few other locations.

Once I began looking I found that the mysterious printers effected most of my users, not just one or two. Looking around on the internet I found this: http://www.travisrunyard.com/2014/07/09/lynx-auto-restored-xenapp-printers/ 

Makes sense... I did find that I could eliminate the issue without all of his steps though.

  1. Prevent XPS document writer from auto creating.
    1. Open AppCenter (XenApp 6.5) and go to my policies
    2. Make or modify existing user policy (make sure it filters to all users or use unfiltered policy)
    3. Printer driver mapping and compatibility - Microsoft XPS Document Writer - Deny (spelling of driver name must be exact) 

  1. Next we need to remove the junk registry setting for all users.
    1. Open GPO and make a new policy that applies to your XenApp servers
    2. Apply the loopback policy with merge - Computer Configuration - Policies - Administrative Templates - System - Group Policy
      1. Mode Merge
    3. Create preference to remove registry settings - User Configuration - Preferences - Windows Settings - Registry
      1. New Registry item
        1. Set to delete
        2. enter hive of HKEY_Current_User
        3. enter path Software\Citrix\PrinterProperties\Microsoft XPS Document Writer
    4. Update GPO on each XA server and test.

Note: I found that this took a long while to completely clear out since many of my users are part time.  I just had to sit back and be patient for everything to complete.  I did do some manual attaching to registry profiles and cleaning to help along the process for users that rarely work.

Tuesday, May 5, 2015

The source file name(s) are larger than is supported by the file system.

The source file name(s) are larger than is supported by the file system.  Try moving to a location which has a shorter path name, or try renaming to shorter name(s) before attempting this operation.

Recently I found that some operations in a backup maintenance job where failing because a file it was trying to remove was failing due to the filenames/path length.

I did the typical options available none of which worked:
  • Attempt to rename it via cmd prompt
  • Attempt to rename it via cmd prompt using the short name.  It contained several special characters and I never could figure out which one it was complaining about.
  • Attempt to rename the directories containing it.  Even using a single letter for each directory didn't reduce it enough.

In the end a simple command did the trick to get the path short enough.
  • Navigate into the directory in question
  • subst M: . (notice the period there indicating current directory)
  • del filename (or rename filename newfilename)
  • subst M: /D

Monday, April 27, 2015

8193 Volume Shadow Copy Service error - Access is denied

Log Name:      Application
Source:        VSS
Event ID:      8193
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      servername
Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
   Initializing Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3e927ae5-5139-42ad-bd99-6e467a3941eb}

This was occurring on my DHCP servers.  Apparently permissions to a key are removed when the DHCP role is installed.


Tuesday, February 24, 2015

Netscaler 10.5 password field missing

With Netscaler 10.5 and Web Interface 5.4 users were greeted with a logon screen with the password field missing.  This was on IE11.

The fix ended up being pretty simple.  Just hit Ctrl + F5.
According to Citrix this has to do with the Netscaler's static page caching feature (used to improve performance).  

Tuesday, February 3, 2015

Fortigate upgrade v5.2.2 build 642 - no external access after update

After upgrading of our Fortigate 100D cluster to v5.2.2 build 0642 (going from v5.0 build 04429) we no longer had internet access.  Traffic from external to internal still worked fine, just internal to external failed. 

At the time while in the frantic search for what the heck happened I hadn't noticed that the only traffic that failed was traffic through policies that used the Service = ALL.  In hind site I can now see it since that explains why external to internal traffic all worked (specified services only!)

After beating my head against the wall for about 15 minutes I called Fortinet support.  Once I had a support rep on the line and said "upgraded to v5.2.2, all is lost, world is falling in around me" he instantly had an answer.
  • Click Policy & Objects
  • Objects
  • Services
  • Edit the ALL service
  • Take note of what the Protocol Number is.  In my case it was 6.
  • Change to 0
  • Click OK
Instantly all my internal to external ping monitors came back to life.

Apparently it's a known issue that can sometimes occur during the upgrade to v5.2.2 (not sure if it effects other builds).

Thursday, January 15, 2015

Citrix Director 7.6 with XenApp 6.5 - WinRM exception

On one of my servers I was seeing the below after setting up Citrix Director 7.6.

The BIG hint here was the "The requested data could not be found in the data".
Easy answer, I forgot to install the DirectorWMIProvider_x64.msi. 

Log Name:      Application
Source:        Citrix Director Service

Event ID:      4
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      Director.my.domain.com
The description for Event ID 4 from source Citrix Director Service cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

The requested data could not be found in the data 'The virtual desktop via WinRM service reported an exception. See the event log for more information.' ('http://Director.my.domain.com:5985/wsman').

User: 'my.domain.com\username'
Console operation: 'Retrieving running application details for IMA Session…'

Additional information:
'Exception of type 'Citrix.Dmc.Common.NotFoundException' was thrown.'

the message resource is present but the message is not found in the string/message table

Citrix Director 7.6 with XenApp 6.5 - Installation / Setup

If you've seen some of the demonstrations of the new Citrix Director 7.6 it's pretty cool!

I wanted to provide the director so that other IT staff here could easily terminate specific process / applications.  They tend to terminate entire sessions when really only a specific process is necessary (frozen app that crashed - we have one in particular that is troublesome).

Below is how I setup and got it to work.  There are actually some pretty decent guides available from Citrix that cover all these steps in decent detail.

Citrix XenApp 6.5 with Hotfix Rollup Pack 2 and 5.
XenApp servers running Windows 2008 R2 SP1
Citrix Director 7.6.1 running on Windows 2012 R2

We'll need at least the following machines for my mock setup:
1 x Windows 2012 R2 for the Citrix Director. name = Director
1+ x XenApp 6.5 running as the controller (no applications hosted). name = XAController
1+ x XenApp 6.5 session host mode (no xml). name = XA01
Note: you don't have to install any machines as host mode if you don't want to, I have redundant controller's that don't host any apps, and then install all my "app" servers as session host mode.

Setup Citrix Director: (Director)
  1. Install and configure your Windows 2012 R2 server
  2. Install IIS
    1. Web Server
      1. Common HTTP Features:
        1. Default Document
        2. Directory Browsing
        3. HTTP Errors
        4. Static Content
        5. HTTP Redirection
      2. Health and Diagnostics:
        1. HTTP Logging
        2. Logging Tools
        3. Tracing
      3. Performance:
        1. Static Content Compression
        2. Dynamic Content Compression
      4. Security: 
        1. Request Filtering
        2. Basic Authentication
        3. Windows Authentication
      5. Application Development: 
        1. .Net Extensibility 4.5
        2. ASP
        3. ASP.NET 4.5
        4. CGI
        5. ISAPI Extensions
        6. ISAPI Filters
        7. Server side Includes
      6. Management Tools:
        1. IIS 6 Management Compatibility: 
          1. IIS 6 Metabase Compatibility
          2. IIS 6 Scripting Tools
          3. IIS 6 WMI Compatibility
        2. IIS Management Scripts and Tools
          1. Management Service
    2. Install the below features:
      1. .Net Framework 4.5 Features: 
        1. WCF Services:
          1. HTTP Activation
          2. TCP Port sharing
      2. Windows Process Activation Service: 
        1. Process Model
        2. Configuration APIs
  3. Install dotnet 4.5.1
  4. From the XenApp / XenDesktop 7.6 installation iso download
    1. Navigate to \x64\Desktop Director\DesktopDirector.msi and install
    2. go to \x64\Citrix Policy\CitrixGroupPolicyManagement_x64.msi and install
  5. Open cmd prompt (runas administrator)
    1. navigate to \inetpub\wwwroot\director\tools\
    2. DirectorConfig.exe /registerdotnet
    3. DirectorConfig.exe /xenapp XAController (this is your XenApp Farm's Controller name).
      1. To add more than 1 name separate with a comma.  XAController1, XAController2
      2. There is no need to enter non-controller XenApp servers here.  So Session host mode XenApp servers that do not run the xml service for instance should not be configured in this setting. 
  6. Ensure that your firewall is configured to allow ports 443, 80, 2513
Setup Session Host XenApp Server: (XA01)
  1. Attach your XenApp 7.6 iso to your server
    1. Alternately you can copy the following files from your download to a central location:
      1.  \x64\Virtual Desktop Components\ConfigRemoteMgmt.exe
      2.  \x64\Virtual Desktop Components\Interop.NetFwTypeLib.dll
      3.  \Support\DirectorWMIProvider\DirectorWMIProvider_x64.msi
  2. Install \Support\DirectorWMIProvider\DirectorWMIProvider_x64.msi
  3. Ensure dotnet 4.0.30319 or higher is installed
  4. Open a cmd prompt (runas administrator)
    1. navigate to \x64\Virtual Desktop Components\ (or where you put the files)
    2. winrm qc
      1.  yes if prompted
    3.   ConfigRemoteMgmt.exe /configwinrmuser "mydomain\securitygroup" /all
  5.  Ensure that port 2513 is open

Remote Assistance: (XA01)
  1. On the XenApp session host server ensure that the feature "Remote Assistance" is installed.
  2. Configure the GPO for remote assistance 
    1. computer config/administrator templates/system/remote assistance
      1. offer remote assistance and helpers.

PrePopulate Domain at Logon: (Director)
  1. Now we can also prepopulate the domain box at the logon screen
  2. This site lays it out very nicely. http://blog.citrix24.com/desktop-director-pre-populate-domain-name-logon-page/
    1. Edit \inetpub\wwwroot\director\LogOn.aspx
    2. Find the section with the following: asp:TextBox ID="Domain" runat="server" CssClass="text-box" 
    3. Add the following:  Text="my.domain.com" readonly="true"
    4. refresh the screen

Force SSL and redirect Default Web Site: (Director)
  1. I like to force SSL for most of my sites.  Also I like to redirect the Default so I don't have to type in the directories.
  2. Redirect Default Website
    1. On Default Web Site open HTTP Redirect
    2. Check the "redirect requests to this destination"
    3. Enter the path https://servername/Director  (instead of servername you could also use a DNS name that you setup that is easier to remember)
    4. Check "redirect all requests to exact destination"
    5. Apply
    6. Restart the website
  3. Force SSL
    1. On the default site open bindings
    2. Add https
    3. select the servername ssl cert
    4. OK
    5. Highlight the http binding
    6. Remove
    7. Restart the website and then test navigation to https://servername
    8. Also test http://servername and it shouldn't work.

In order for Citrix Director to work properly in Internet Explorer 11 I found that you have to add it to your trusted sites security zone.

Wednesday, January 14, 2015

The Delegates settings were not saved correctly. Cannot activate send-on-behalf-of list - Outlook / Exchange 2010

When a user attempted to delegate reviewer access to his calendar he received the error "The Delegates settings were not saved correctly.  Cannot activate send-on-behalf-of list.  You do not have sufficient permissions to perform this operation on this object."

Turns out the user was attempting to assign delegation permissions based on an Exchange Distribution group.  This should work, as others had done it in the past (myself being one of them).

There are a lot of posts on this, but none of them seemed to help my situation.  They still offer some good information though so here they are: blogs.technet.com and kb2593557.

For my issue I found that converting the distribution group (or rather it's a security group) to a universal group from global.  After making change and then attempting to add again it worked.  This appears to be something that changed potentially with our migration from Exchange 2007 to 2010 several years ago and no one had attempted it since then.

Friday, January 9, 2015

XenApp 6.5 Replicate Print Drivers

If you where to ask me if I had posted about this before then I would swear that I had.  But alas the other day I needed to replicate a new print driver and couldn't find my "reminder post".  So, for next time I can't remember now I KNOW I posted it.

To Replicate print drivers on XenApp 6.5
  • Add-PSSnapIn Citrix.*
  • Get-XAPrinterDriver -Servername XAName
  • Start-XAPrinterDriverReplication
  • Add driver(s) names exactly as Get-XAPrinterDriver displayed them
  • Add servers to replicate to
  • Wait
  • Update-XAPrinterDriver -Servername XAName
  • Get-XAPrinterDriver -Servername XAName

Wednesday, January 7, 2015

Windows Server 2012 sluggish mouse movement

When I first started deploying Windows Server 2012 and Windows Server 2012 R2 I noticed that when I worked from home mouse movement was terrible!  I worked on tasks that involved those servers either from the office or through a remote access form other than RDP (ie remote registry, remote eventvwr, etc).  That was when I had 2 - 3 servers running 2012.  Now that it's the standard OS I deploy (12 and rising rapidly) it was rapidly becoming an issue I could no longer avoid.

My remote access is through XenApp (ICA) and then opening up a RDP session to the server from within the XenApp session. 

I saw a lot of solutions to DisableTaskOffload set to 1, turn off FIPS (seems more related to logon slowness), disable "fairshare" (cpu, disk, network).

This post nailed it: Disable "show shadows under mouse pointer"

I had done this on past servers running 2008 R2 / 2008 when running XenApp, but never much worried about it when it wasn't a XenApp server.  Sure enough this fixed my slug moving mouse in 2012 / R2.  (I actually prefer to just hit the setting "Adjust for best performance" so it disables all the pertty settings.

  1. cmd prompt
  2. sysdm.cpl
  3. Advanced tab
  4. Performance "settings"
  5. Click "adjust for best performance" or alternately just uncheck the "show shadows under mouse pointer"
  6. Apply

Monday, January 5, 2015

Powershell - Send-MailMessage carriage returns in Body

With my learning Powershell one of the tasks I worked on I wanted the output emailed and carriage returns between each output.  Turns out I didn't need to do the carriage returns (Select-String post), but I realized this after figuring out how HA!

I know I'll need this for a later project, so I'm posting it for when my memory needs jogged.

The following takes some form of data (in this case ADUser names) and then adds a carriage return between each object so that your email looks nice and pretty (and readable).

Note: testing was done with Powershell v4.0
$emailTo = "myemail@mydomain.com"
$emailFrom = "alarmalarm@mydomain.com"
$smtpServer = "address"
$smtpSubject = "Error detected in logs"
$smtpBody = ""

#smtp function
Function smtpSend {
    Send-MailMessage -From $emailFrom -To $emailTo -Subject $smtpSubject -Body $smtpBody -SmtpServer $smtpServer

#populate array with list of users
$users = Get-ADUser -filter "SamAccountName -like 'j*'"

#add carriage return between each object in array
foreach ($user in $users) {$smtpBody = $smtpBody + $user.name + "`r`n"}

#call smtpSend Function

Powershell - search log for content / Select-String

Lately I've been playing with Powershell.  I'm still pretty weak, but practice makes perfect :)

One of my projects was to write a simple script that searches specific database logs for an error and email us to alert us when one is found.

Comments on better ways always welcomed!  I'm learning.
Note: testing done with Powershell v4.0

$emailTo = "myemail@mydomain.com"
$emailFrom = "alarmalarm@mydomain.com"
$smtpServer = "address"
$smtpSubject = "Error detected in logs"
$smtpBody = ""
$path = "c:\pathtologs"

#smtp function
Function smtpSend {
    Send-MailMessage -From $emailFrom -To $emailTo -Subject $smtpSubject -Body $smtpBody -SmtpServer $smtpServer

#search log files and match string.  Convert array from object to string.
$smtpBody = Select-String -Path $path"\*.log", $path"\*.txt" -SimpleMatch "E. 20" -CaseSensitive |Out-String

#call smtpSend function if match found in logs
if ($smtpBody -ne "") {smtpSend}