Virtualization, technology, and random rantings with a focus on Citrix and VMware.

Author: Kris Davis Page 1 of 12

Getting Reliability Monitor Info Remotely

Sometimes you just want to pull a quick check of Reliability Monitor remotely. Easy to do!

Get-WmiObject Win32_ReliabilityRecords -ComputerName machineIP -Property Message | Select-Object -first 10 Message | Format-List *

Citrix Mac VDA Setup

Excellent guide below on setting up the Citrix Mac VDA.

https://community.citrix.com/tech-zone/build/deployment-guides/citrix-mac-vda/

One little caveat I ran into with this. Once you add additional machines to the Machine Catalog and are ready to add to the Delivery Group, you will see this message when you want to add machines:

I found that it did not automatically add the machines to the Delivery Group. I had to go to the Machine Catalog and select “View Machines.” After doing this, you have to right-click the newly added machine and select “Add to Delivery Group.” Once you complete that step and “Change User,” it will show up in the Delivery Group.

In this example, you see the option to remove. This option is after you have added it to the Delivery Group.

In-depth Review: Goliath Performance Monitoring

I have had some time to really check out this software and put it through its paces and bring my findings. Goliath Performance Monitoring software. I have been really surprised with what I was able to accomplish with it. But the proof is in the pudding, so pudding I shall prepare!

First with it. Pretty simple installation. You just need a server to run the software and a database / database server (SQL) to host the information. Some exclusions for AV / security software are rather important as well. Setting up the inventory and such was a breeze as the personnel at Goliath were willing to assist setting it all up. I explained the environment I wanted to test with and the resources I wanted to monitor and they walked through the paces with me. Then I had a working monitoring solution.

The question you have when you have a monitor solution, is how to make it monitor what you want without TONS of alert fatigue. It is easy to get overwhelmed by alerts that may mean nothing and take valuable time away. The default monitor rules it came with already configured were mostly sufficient and I didn’t notice a bunch of unwanted alerts. There were even some alerts I wasn’t expecting to see. One was an instance where Citrix Cloud went offline for a short time. I got an alert saying DaaS down and LHC engaged. I went and checked status.cloud.com to see what was going on. I didn’t see anything for a few minutes and then all of sudden, it displayed there was an issue going on. I was alerted quite a bit before even the status console showed it. That was rather handy to know.

Setting up a custom alert outside of the defaults was easy enough as well. I configured one to monitor FAS in case of issue where it didn’t like to issue certs. Simple setup and added the remediation (which you can configure a myriad of options such as run this script or reboot this server). This allows you to not only alert on the issue, but to do something about it if there is a known fix. This has been a real help with that.

But wait, there’s more! So I’ve just been talking about how to use the basic monitoring alerts. Well, there are also several views that are available for user sessions. One thing I found myself using on the regular, is the “Published Apps and Desktop,” and the “Virtual Desktops” tab. Here is a bunch of user information that can help solve some issues. There is a column you can add of “Connection speed” that quickly has helped identify end user issues at home ISPs. You can also see machine health status and session information over time which is useful to be able to track patterns of issues.

The views contain a lot of useful information on the high level such as ICA RTT and ICA latency. That quick glance can show if there is an issue with user connections or other issues with getting responses back. You can also see the version of the client they are using as well as the method such as client or HTML5 client. You can also modify the view to show a specific user or machine. You can also select a custom time period to see trending information. You can select a session and drill into it for more information. Starting off with the Published Applications and Desktops tab, right off the bat you see a lot of data. You get machine performance and session metrics. The top 5 processes is very useful to see any runaway program or possible scanning issue with things such as A/V.

There are also tabs to select different areas of the session. The Logon tab drills into the GPO processing, which shows which policies were applied and how long it took to process them.

The ICA/HDX tab breaks down things such as ICA performance and connectivity metrics from the client machine. You very quickly can see the available and used bandwidth. This could assist in seeing if their connection is saturated.

The App Server tab shows the metrics on the app hosting server, revealing any bottlenecks in IO, processor, or RAM saturation. An additional tab is there for the Hypervisor Host. This lays out the same metrics but for the underlying host hardware. Getting this tiered information helps you see the whole stack interacting and points out issues with it very efficiently.

You also get the same kind of views related to Virtual Desktops. You see each machine in use and can select the session there as well.

Another aspect of the monitoring is the EUC Scorecard that they helped setup as a daily and a weekly report. This contains a lot of information of the top session issues, connectivity issues, and user experience. Reviewing this on the daily can show if you have some locations that may need upgrades in connectivity or if there is something else going on. This helps you be more proactive in solving an issue. Another good use for trending is reviewing the weekly report and comparing to last week’s report. For example, if you see the same users across weeks, this could point to an issue with a site or possibly a need to upgrade bandwidth at a site. Users don’t always call when something is going on. This lets you get in front of it and users appreciate when they are put first and you contact them and let them know you see there is an issue and that you are going to try and solve it for them BEFORE they call you.

Then comes along new features across upgrades. One that was rather nice, was the addition of Chrome OS device monitoring. You can integrate with a Google tenant and monitor Chrome devices. This is fairly easy to configure and they will walk with you to get it done quickly. You see immediately once you add that, all the RAM / CPU use and network health of the device. Being able to see that could very much help with knowing are you overloading the devices and may need larger resource devices. You could also see if there are connectivity issues with them if they are dropping connection and such.

Then a really neat feature came to the software, Ask Kip! AI integration with the monitoring software. I thought how this would assist in my testing. Well, often you get into a set and forget mindset unless there is something off that requires you to add new monitor rules or changing something with alerts. Very rarely did I need to add any new ones, but I did get an alert that was on repeat as it should have been. I went to the console and entered my question on alert suppression into Ask Kip! and it laid out the steps as to what I needed to do in order to suppress the alert. Was straightforward and it had each step of the rule and setting the alert parameters.

I decided I would see what all it could assist with in relation to the software. I asked it how would I remedy a slow user connection (I know the steps, I just wanted to see what it told me). It walked through the same steps that I would have done to solve it. I asked how to add hardware inventory to manage as well as hide inventory I didn’t want to see. Step by step instructions right there to do it.

Another good feature that is available as part of the suite, is the Application Availability. This is particularly useful if you have multiple sites and want to check availability on a regular basis. You can set it up on a machine at each of your sites and have it launch whatever apps are necessary or mission critical to monitor to assure that uptime. It launches the applications you designate on the schedule you define and reports if there are any issues as well as successful launches. This would be invaluable data if you are wanting to assure that all of your remote sites are able to access and to spot down times as soon as they occur to be able to mitigate as fast as possible. It breaks down the instances to Access, Authentication, Resources, Enumeration, and Launch. By having that quick breakdown, you see where the issue is quickly. You will be able at a glance to see where the communication break down occurs and know where to start looking for resolution. That will save valuable time not wasted on checking things that are working correctly and allow you to focus on the specific area that is broken.

Citrix topology is a really neat feature as well. It takes information from the configuration and lays out a visual mapping to quickly understand dependencies and see them on a diagram. You can do this with multiple sites as well. Alerts are shown on the mapping as well as color coding to show quickly if there are issues.

Another feature that has been added, is Cloud Monitoring. This is a handy feature if you are setup in AWS or Azure and want to be able to view your environments there. For hybrid on-prem / cloud based solutions, this is a wonderful addition. Many customers today are moving into hybrid models and Goliath is keeping up with that trend. This being in the same Goliath console, allows for close to a single pane of glass view into your EUC environments.

Was everything perfect, no. No software exists that doesn’t need some tweaking or code fixes or a setting change to get it back on track. I ran into a couple of issues with the software. I contacted their support and got immediate responses. They issued more than one code fix to address issues that were encountered. They were personable and friendly and assistive even with email questions I would have about the software. They are regularly adding features and working to make it an even better solution.

This is a solution that provides Citrix admins a great tool set to make the job easier and get faster times to resolution! This would be a product I would recommend!

When You Add A Cloud Connector, Don’t Forget The Cert Bind!

When you need to add another cloud connector, it’s really easy to forget a step or two since you don’t necessarily do it all the time. But don’t forget to add it to the STA list on the your Citrix Gateway on Netcaler and as a Delivery Controller on your Storefront servers. But…. Rather important if you are using HTTPS (which you should be), to make sure and have a cert on the Cloud Connector (server /client) and bind it using the script below. Since IIS isn’t installed on the Cloud Connectors, this is how you can do it! Article below has screenshots of getting cert and App ID. This is for after you already have gotten App ID and the certificate installed. Also, certificates expire, so you will have to get new certs when they expire and bind them the same way. I added the $beforeCertificateBind and $afterCertificateBind so you have an output of what was there before and after. You can get the App ID by following the link: Enable SSL

$beforeCertificateBind = (& C:\Windows\System32\netsh.exe http Show sslcert)
$beforeCertificateBind

# Confirm AppID.
$appID   = "12345678-1234-1234-1234-1234567890AB"
$getHash = (Get-ChildItem -path cert:\LocalMachine\My | Where-Object Subject -Match "$env:COMPUTERNAME" | Select-Object Thumbprint).Thumbprint

& C:\Windows\System32\netsh.exe http add sslcert ipport=0.0.0.0:443 certhash=$getHash appid=`{$appID`}

$afterCertificateBind = (& C:\Windows\System32\netsh.exe http Show sslcert)
$afterCertificateBind

Copy Training Video And Publish As App

Sometimes you need users to see training videos. You may have to copy it to several servers. You may need to copy several videos to several servers. There might be an instance where it is a new implementation or you have had videos there before. This will copy videos to a group of servers in a Delivery Group and publish the app to the Application Group of your choosing.

$remoteMachines        = (Get-BrokerMachine -MaxRecordCount 100000 | Where-Object DesktopGroupName -Match "DeliveryGroupName" | Select-Object DNSName).DNSName
$sourcePath            = "PathToVideo.fqdn"
$videosToCopy          = Get-ChildItem -Path $sourcePath | Select-Object Name
$destinationPath       = "c$\training-video-folder"
$applicationType       = "HostedOnDesktop"
$commandLineArguments  = "c:\training-video-folder"
$commandLineExecutable = "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe"
$workingDirectory      = "%ProgramFiles(x86)%\Windows Media Player"
$applicationGroup      = "App Group Name"
$iconUid               = "21"

$totalItems            = $remoteMachines.Count
$currentItem           = 0
$percentComplete       = 0

foreach($remote in $remoteMachines){
  
  Write-Host "Checking if folder " $destinationPath " exists on " $remote
  if (!(Test-Path -Path "\\$remote\$destinationPath")) {
        Write-Host "Creating folder " ($destinationPath).Split('\')[1] " on $remote"      
        New-Item -ItemType Directory -Path "\\$remote\c$" -Name ($destinationPath).Split('\')[1]
  }

  foreach($video in $videosToCopy){
    Write-Progress -Activity "Copying $video to $remote" -Status "$percentComplete% Complete:" -PercentComplete $percentComplete
    Copy-Item "\\$sourcePath\$video" -Destination "\\$remote\$destinationPath\" -Force
    
    $currentItem++
    $percentComplete = [int](($currentItem / $totalItems) * 100)
    
  }
}

foreach($vid in $videosToCopy){

$videoName = ($vid.Name)
$shortName = ($vid.Name).Split('.')[0]

New-BrokerApplication -ApplicationType "$applicationType" -Name "$shortName" -BrowserName "$shortName" -CommandLineExecutable "$commandLineExecutable" -CommandLineArguments "$commandLineArguments\$videoName" -Description "$shortName" -WorkingDirectory "$workingDirectory" -ApplicationGroup "$applicationGroup" -IconUid "$iconUid"

}

Quick Function To Find User VDI

Sometimes you need to find a user’s VDI machine to work on it. This function will do that for you. I typically use the last name as the search to limit the scope of the machines found. It will find all machines that contain any part of the string you enter. It also shows the MachineName which includes the domain\machinename to help locate the user machine. You can add other parameters such as AgentVersion if desired. I limited the scope to not include floating pool (Random) assigned machines. For a list of all fields of Get-BrokerMachine that can be selected in the function with Select-Object, please see this link: Get-BrokerMachine Options

# Requires being connected to Citrix Cloud with DaaS SDK. 
Function Get-VDI {
    [cmdletbinding()]
    Param(
        [Parameter(Position = 0, Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)]
        [string]$VDIUserName
    )
   
    Process {
       $userToFind = '*' + $VDIUserName + '*'
       $getVDIs = Get-BrokerMachine -MaxRecordCount 100000 | Where-Object SessionSupport -eq "SingleSession" | Where-Object AllocationType -eq "Static" | Where-Object AssociatedUserNames -like "$userToFind" | Select-Object AssociatedUserNames, MachineName, RegistrationState, InMaintenanceMode, SessionCount
    }
    End {
        $getVDIs
    }
}
Example with user that has 4 desktops assigned.

Also to make it is easy for the day to day, you can add this to your profile with notepad $profile and copy and paste it there and reload.

Get User Info From Email Address

If you sometimes have to find a user list and get group memberships, it can be a chore. It doesn’t have to be. You too can experience a scripted approach to getting that data. This will search the AD Forest’s sub domains that you have rights to at least read to get user memberships that follow a specific pattern. Very useful when you have one domain for groups and users from many domains. Universal groups are great for that. You just need to populate the referenced “useremail.txt” file with user email addresses and deleting any white space in the file. You can also get additional information in the report by adding in the “line = “” | Select-Object” and adding additional fields and then matching the name designated with the “line.Fields = syntax.”

# Script to search domains in forest for users via user email address. You could also search via UPN by replacing EmailAddress with UserPrincipalName.
# This requires AD module, read rights to forest / domains, and user group pattern. Ran with ISE and tested on desktop / server platforms. This also uses
# the global catalog lookup as seen referenced by Get-ADUser -server domain:3268. Assistance from Notesofascripter.com in making this.
$debug      = $true
$domains    = (Get-ADForest).Domains
$date       = Get-Date -Format MMddyy
$userExists = ""
$reportName = "nameofreport.csv"
$report     = @()

$emailList  = Get-Content -Path "c:\scripts\logs\useremail.txt"

$emailSam   =  foreach($user in $emailList) {
    (Get-ADUser -server domain:3268 -f {EmailAddress -eq $user}).SamAccountName
  }

$users      = $emailSam

foreach ($domain in $domains){
    if ($debug){Write-Host $domain -ForegroundColor Cyan}
    foreach ($user in $users) {
        Try{
            $userExists = Get-ADUser $user -Server $domain -ErrorAction Stop
        }
        Catch {
            if ($debug){Write-Host "$user not found in $domain" -BackgroundColor yellow -ForegroundColor black}
            $userExists = $null
            Continue
        }
        if ($userExists -ne $null){
            if ($debug){ Write-Host "Found $user in $domain domain" -BackgroundColor Cyan -ForegroundColor Black}
            $group = $userExists | Get-ADPrincipalGroupMembership | Where-Object Name -like "GroupNamePattern*" -ErrorAction Stop
            $line          = "" | Select-Object Name, Domain, RealName, Group
            $line.Name     = $user
            $line.Domain   = $domain
            $line.RealName = $userExists.name
            $line.Group    = $group.name -join "; "
            if ($debug){ $line }
            $report       += $line
            $users         = $users -ne $user
            
        }
    }
}

$report | Export-Csv "c:\scripts\logs\$date-$reportName" -Append -NoTypeInformation

When Trouble Comes Along, You Must Skip It! : Using -Skip With Select-Object And Do Loop

While working on the script to release licenses, I ran into a dilemma I had encountered before. I needed to move through a set of records in an array, but not the whole array at one time. Since I was limited to 100 licenses released per Invoke-RestMethod, I needed a way to do that without having to call it multiple times. I had also encountered this at other times and usually resorted to just doing the call multiple times and limiting my results to the number I wanted to iterate through. I didn’t think that was efficient and wanted to find a better way. So in looking around, I found this site: ResultSize. Using that wonderful -Skip, I just added that to a Do .. Until loop to get where I wanted to go.

So applying what I wanted to do was 100 records at a time, I set my $toSkip counter to 0 to start and the $smallerCount set to the value of the $someArray.count size inside the If check just before the Do loop. After each loop, I would increment the $toSkip and decrement the $smallerCounter by the same amount and set the Until condition to be less that the increment / decrement amount. Then I copied the same code for after the Until condition is met to run one more time with the amount of objects remaining in the array. For example, if it had 435 items in it, it would run 4 times with 100 items each time and one last time with 35 items in it.

$someArray = "lots", "of", "stuff", "here"

if($someArray.count -gt 100){

$smallerCounter = $someArray.Count
$toSkip = 0

Do{

$smallerList = $someArray | Select-Object -Skip $toSkip -first 100

foreach($small in $smallerList){

Do Stuff

}

$toSkip += 100
$smallerCounter -= 100

} Until ($smallerCounter -lt 100)

$smallerList = $someArray | Select-Object -Skip $toSkip -first $smallerCounter

foreach($small in $smallerList){

Do Stuff

}

}

Get That Outta Here! : Releasing Citrix Cloud User Licenses Via API In Accordance With Citrix EULA

*Update. Changes made due to API only allowing 100 licenses to be released at one time.*

Building on getting the licenses on the last post, how about a way to release them? Obviously you will need to follow the guidelines laid out by Citrix EULA on when you can release licenses: Citrix License Usage.

You do have the option to use the console in Citrix Cloud, but if you prefer to do things via script, you can do that as well!

Important note to make…. The format of the consumerList is what presented the biggest issue. With a bit of assistance from a teammate, it was possible to get the proper way to format the data.

This is the format to have the data in:

Link to developer API document

You’ll notice the consumerList = @() in there. It is expecting to have an array of consumerList be passed to it. If you do not format this way, you will get invalid character errors.

Example of format that will fail all so miserably and give you that wonderful invalid character error:

This is an example of the output that will work and prevent frustration:

Example with five of users:

Example of result of successful release of 5 users:

# Script to release licenses from Citrix Cloud. Tested with PowerShell ISE. Also requires secure-client.csv with ID, Secret, and CustomerID in CSV to pass to Citrix Cloud.
# This must be used in accordance with Citrix EULA for users not having accessed in 30+ day period. Example below is targeting where users that have not logged in over 60 days.
# This will report on what users are in that group over 60 days. You can do a quick check using $releaseUsers.count before doing the release to see how many licenses will be released.
# ALWAYS check the exported report of users before releasing to make sure you are releasing the licenses you are expecting to.


$date           = (Get-Date).AddDays(-60)
$creds          = Import-Csv "c:\scripts\secure-client.csv"
$CLIENT_ID      = $creds.ID
$CLIENT_SECRET  = $creds.Secret
$CUSTOMER_ID    = $creds.CustomerID
$tokenUrl       = 'https://api-us.cloud.com/cctrustoauth2/root/tokens/clients'
$reportName     = "user-license-toRelease.csv"
$getDate        = Get-Date -Format MMddyyyy
$reportLocation = "C:\scripts\logs"


$response       = Invoke-WebRequest $tokenUrl -Method POST -Body @{
  grant_type    = "client_credentials"
  client_id     = $CLIENT_ID
  client_secret = $CLIENT_SECRET
}

$token = $response.Content | ConvertFrom-Json

$headers              = @{
  Accept              = "application/json"
  Authorization       = "CwsAuth Bearer=$($token.access_token)"
  'Citrix-CustomerId' = $CUSTOMER_ID
 }
 
 
$resourceLocUrl = "https://api-us.cloud.com/catalogservice/$CUSTOMER_ID/sites"
$response       = Invoke-WebRequest $resourceLocUrl -Headers $headers
$content        = $response.Content | ConvertFrom-Json
$siteID         = $content.sites.id

$headers              = @{
  Accept              = "application/json"
  Authorization       = "CwsAuth Bearer=$($token.access_token)"
  'Citrix-CustomerId' = $CUSTOMER_ID
  'Citrix-InstanceId' = $siteID
 }

$consumerList = Invoke-RestMethod "https://api-us.cloud.com/licensing/license/enterprise/cloud/cvad/ud/users" -Method GET -Headers $headers | Select-Object consumerList -ExpandProperty consumerList -ExcludeProperty consumerList
$releaseUsers = $consumerList | Where-Object {[DateTime]$_.latestLogonTime -lt $date} 
$releaseUsers | Export-Csv "$reportLocation\$getDate-$reportName" -Append -NoTypeInformation


if($releaseUsers.count -gt 100){

$smallerCounter = $releaseUsers.Count
$toSkip = 0

Do{

$smallerList = $releaseUsers | Select-Object -Skip $toSkip -first 100

$body = @{
    productEdition = "XAXDFull"
    licenseType    = "user"
    consumerList   = @(
        $smallerList.consumerId
    )
} | ConvertTo-Json


Invoke-RestMethod "https://api-us.cloud.com/licensing/license/enterprise/cloud/cvad/ud/licenserelease" -Method POST -Body $body -Headers $headers -ContentType 'application/json'


$toSkip += 100
$smallerCounter -= 100

} Until ($smallerCounter -lt 100)

$smallerList = $releaseUsers | Select-Object -Skip $toSkip -first $smallerCounter

$body = @{
    productEdition = "XAXDFull"
    licenseType    = "user"
    consumerList   = @(
        $smallerList.consumerId
    )
} | ConvertTo-Json


Invoke-RestMethod "https://api-us.cloud.com/licensing/license/enterprise/cloud/cvad/ud/licenserelease" -Method POST -Body $body -Headers $headers -ContentType 'application/json'

}

Updated VDA Install / Upgrade / RDS Install / Desktop / Server / App Install Script

I have been working on updating the VDA install / upgrade script and combining the app install script and getting it all in one script. This will now check for .NET version (for prerequisite of 2203LTSR), upgrade if necessary, and then install / upgrade VDA. This will also check if RDS role is installed on server for a new build, and if not, it will install it and kick off application installs. Install switches past 2203CU2 are different, so please refer to CTX article on proper install switches for newer versions. Just make the changes to the install batch files with the appropriate switches. This will also check against OS types and copy the appropriate VDA / install scripts based on if it is server OS or desktop OS detected. Link below for the older version and for configuring Citrix Cloud connection profile.

# Script to check for .NET 4.8 and install if not installed as well as checking for OS Type to determine which version to install for VDA Upgrade / Install. This will also check if RDS is installed on server OS and install role if not installed.
# This will also run a baseinstall script that will install applications outlined in the batch file. This requires PowerShell, the DaaS SDK, connection to vCenter, and a profile defined as "default" for the Citrix Cloud connection.
# This will also snapshot the server / desktop if running vCenter. This also requires admin access to the target machines as well as firewall access / remote PowerShell enabled. You will need to run ISE as admin.

asnp Citrix*

$VDIList            = Get-Content "C:\scripts\logs\vdaupgrade.txt"
$source             = "fileshare.fqdn\vdaupgrade"
$dest               = "c$\software\vdaupgrade"
$serverInstallFile  = "install_server.bat"
$serverRemoveFile   = "remove_server.bat"
$desktopInstallFile = "install_desktop.bat"
$desktopRemoveFile  = "remove_desktop.bat"
$VDAFileServer      = "VDAServerSetup_2203_2000.exe"
$VDAFileDesktop     = "VDAWorkstationSetup_2203_2000.exe"
$vcenter            = "vCenter.fqdn"
$dotNetSource       = "fileshare.fqdn\DotNET-48"
$dotNetInstall      = "ndp48-x86-x64-allos-enu.exe"
$date               = Get-Date -Format MMddyyyy
$totalItems         = $VDIList.Count
$currentItem        = 0
$percentComplete    = 0
$report             = @()

if($global:defaultviserver -eq $null){

  Connect-VIServer $vcenter

}

if($GLOBAL:XDSDKProxy -eq $null){

  Get-XDAuthentication -ProfileName "default"

}


  foreach ($VDI in $VDIList) {
    Write-Progress -Activity "Starting on $VDI" -Status "$percentComplete% Complete:" -PercentComplete $percentComplete
    $line                       = "" | Select-Object Name, PreviousVersion, SnapShot
      
    $VDI1                       = ($VDI.Split('.')[0])
    $line.Name                  = "$VDI"
    $line.PreviousVersion       = (Get-BrokerMachine -HostedMachineName $VDI1 | Select-Object AgentVersion).AgentVersion
    $snapshot                   = (Get-VM $VDI1 | New-Snapshot -name $date-$VDI1-preupgrade)
    $line.SnapShot              = (Get-VM $VDI1 | Get-Snapshot).Name
    
    $dotnetTest                 = Invoke-Command -ComputerName $VDI -ScriptBlock {Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client' | Get-ItemProperty -name Version}
    $dotnetVersion              = $dotnetTest.Version
    [System.Version]$testResult = $dotnetVersion
    
    if($testResult.Major -eq 4 -and $testResult.Minor -lt 8){

  
      Write-Host "Copying and installing .NET 4.8 on $VDI"
      if (!(Test-Path -Path "\\$VDI\c$\software\vdaupgrade")) {
        New-Item -ItemType Directory -Path "\\$VDI\c$\software" -Name "vdaupgrade"
        Copy-Item "\\$dotNetSource\$dotNetInstall" -Destination "\\$VDI\$dest" -Force
        
      }
      else {
        Copy-Item "\\$dotNetSource\$dotNetInstall" -Destination "\\$VDI\$dest" -Force
       
       }

      $session       = New-PsSession -ComputerName $VDI
      $remoteSession = Invoke-Command -ScriptBlock {Start-Process -FilePath "c:\software\vdaupgrade\ndp48-x86-x64-allos-enu.exe" -ArgumentList @("/q")  -wait -Verb RunAs} -Session $session
  
      Remove-PSSession -Id $session.id
    
      Start-Sleep -s 30
      Do {Start-Sleep -s 15}
      Until ((Test-NetConnection -ComputerName $VDI -Port 445).TcpTestSucceeded -eq $true)
      Do {Start-Sleep -s 5}
      Until ((Get-Service -ComputerName $VDI -Name 'TermService').Status -eq "Running")
      Write-Host "$VDI back up"  
    }
  
    
    $wmiOSTypeCheck  = Get-WmiObject -ComputerName $VDI -Class Win32_OperatingSystem | Where {$_.Primary -eq $true}
    
      if($wmiOSTypeCheck.ProductType -eq 3){
        $installFile = "$serverInstallFile"
        $removeFile  = "$serverRemoveFile"
        $VDAFile     = "$VDAFileServer"
        
        $rdsCheck = (Invoke-Command -ComputerName $VDIList -ScriptBlock {Get-WindowsFeature | Where-Object Name -like "rds-rd-server" | Select-Object InstallState })
        
        if($rdsCheck.InstallState.value -eq "Available") {
          Write-Host "RDS not installed. Installing RDS role on $VDI"
          Copy-Item "\\$source\baseinstall.bat" -Destination "\\$VDI\$dest" -Force
          
          if (!(Test-Path -Path "\\$VDI\c$\software\vdaupgrade")) {
            New-Item -ItemType Directory -Path "\\$VDI\c$\software" -Name "vdaupgrade"
            Copy-Item "\\$source\$installFile" -Destination "\\$VDI\$dest" -Force
            Copy-Item "\\$source\$removeFile" -Destination "\\$VDI\$dest" -Force
            Copy-Item "\\$source\$VDAFile" -Destination "\\$VDI\$dest" -Force
            
          }
          else {
            Copy-Item "\\$source\$installFile" -Destination "\\$VDI\$dest" -Force
            Copy-Item "\\$source\$removeFile" -Destination "\\$VDI\$dest" -Force
            Copy-Item "\\$source\$VDAFile" -Destination "\\$VDI\$dest" -Force
            
          }
          Invoke-Command -ComputerName $VDI -Scriptblock {
            $action = New-ScheduledTaskAction -Execute 'c:\software\vdaupgrade\install_server.bat'
            $trigger = New-ScheduledTaskTrigger -AtStartup 
            $principal = New-ScheduledTaskPrincipal  -RunLevel Highest -UserID "NT AUTHORITY\SYSTEM" -LogonType S4U
            $taskName = "VDAInstall"
            $taskDescription = "Citrix VDA Install"

            Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName $taskName -Description $taskDescription
          }
        
          Invoke-Command -ComputerName $VDI -Scriptblock {
            $time = (Get-Date).AddMinutes(7)
            $action = New-ScheduledTaskAction -Execute 'c:\software\vdaupgrade\baseinstall.bat'
            $trigger = New-ScheduledTaskTrigger -Once -At $time
            $principal = New-ScheduledTaskPrincipal  -RunLevel Highest -UserID "NT AUTHORITY\SYSTEM" -LogonType S4U
            $taskName = "BaseInstall"
            $taskDescription = "Base Software Install"

            Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName $taskName -Description $taskDescription 
          }
          
          Invoke-Command -ComputerName $VDI -ScriptBlock {
            Add-WindowsFeature rds-rd-server
            Restart-computer
          }
        }
        Write-Host "Copying VDA files and installing on server $VDI"
        if (!(Test-Path -Path "\\$VDI\c$\software\vdaupgrade")) {
          New-Item -ItemType Directory -Path "\\$VDI\c$\software" -Name "vdaupgrade"
          Copy-Item "\\$source\$installFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$removeFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$VDAFile" -Destination "\\$VDI\$dest" -Force
          
        }
        else {
          Copy-Item "\\$source\$installFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$removeFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$VDAFile" -Destination "\\$VDI\$dest" -Force
        }
        
        Invoke-Command -ComputerName $VDI -Scriptblock {
          $time      = (Get-Date).AddMinutes(3)
          $action    = New-ScheduledTaskAction -Execute 'c:\software\vdaupgrade\remove_server.bat'
          $trigger   = New-ScheduledTaskTrigger -Once -At $time
          $principal = New-ScheduledTaskPrincipal  -RunLevel Highest -UserID "NT AUTHORITY\SYSTEM" -LogonType S4U

          Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName "VDAUninstall" -Description "Citrix VDA Uninstall" 
        }

        Invoke-Command -ComputerName $VDI -Scriptblock {
          $action    = New-ScheduledTaskAction -Execute 'c:\software\vdaupgrade\install_server.bat'
          $trigger   = New-ScheduledTaskTrigger -AtStartup 
          $principal = New-ScheduledTaskPrincipal  -RunLevel Highest -UserID "NT AUTHORITY\SYSTEM" -LogonType S4U

          Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName "VDAInstall" -Description "Citrix VDA Install" 

        } 
      
      }
      if($wmiOSTypeCheck.ProductType -eq 1){
        $installFile = "$desktopInstallFile"
        $removeFile  = "$desktopRemoveFile"
        $VDAFile     = "$VDAFileDesktop"

        Write-Host "Copying VDA files and installing on desktop $VDI"
        if (!(Test-Path -Path "\\$VDI\c$\software\vdaupgrade")) {
          New-Item -ItemType Directory -Path "\\$VDI\c$\software" -Name "vdaupgrade"
          Copy-Item "\\$source\$installFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$removeFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$VDAFile" -Destination "\\$VDI\$dest" -Force
          
        }
        else {
          Copy-Item "\\$source\$installFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$removeFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$VDAFile" -Destination "\\$VDI\$dest" -Force
          
        }
        Invoke-Command -ComputerName $VDI -Scriptblock {
          $time      = (Get-Date).AddMinutes(3)
          $action    = New-ScheduledTaskAction -Execute 'c:\software\vdaupgrade\remove_desktop.bat'
          $trigger   = New-ScheduledTaskTrigger -Once -At $time
          $principal = New-ScheduledTaskPrincipal  -RunLevel Highest -UserID "NT AUTHORITY\SYSTEM" -LogonType S4U

          Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName "VDAUninstall" -Description "Citrix VDA Uninstall" 
        }

        Invoke-Command -ComputerName $VDI -Scriptblock {
          $action    = New-ScheduledTaskAction -Execute 'c:\software\vdaupgrade\install_desktop.bat'
          $trigger   = New-ScheduledTaskTrigger -AtStartup 
          $principal = New-ScheduledTaskPrincipal  -RunLevel Highest -UserID "NT AUTHORITY\SYSTEM" -LogonType S4U

          Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName "VDAInstall" -Description "Citrix VDA Install" 

        } 
      }
    
    $currentItem++
    $percentComplete = [int](($currentItem / $totalItems) * 100)
    
    $report += $line
    Start-Sleep -Milliseconds 2500
  }
      
  $report | Export-Csv c:\scripts\logs\$date-vda-upgrades.csv -Append -NoTypeInformation




VDAUpgrade.txt

machine1.fqdn
machine2.fqdn
machine3.fqdn

BaseInstall.bat

baseinstall.bat
  
@ECHO ON
change user /install
REM pause
timeout 5
 
net localgroup "Remote Desktop Users" /add "domain1\domain users" "domain2\domain users"
REM pause
timeout 5
 
REG IMPORT C:\software\mode.reg
REM pause
timeout 5
 
C:\software\AcrobatRdrDC\setup.exe /sAll /ini Setup.ini
REM pause
timeout 10
 
cd C:\software\MS-Edge
powershell -File ".\Install-Edge.ps1" -MSIName "MicrosoftEdgeEnterpriseX64.msi" -ChannelID "{56eb18f8-b008-4cbd-b6d2-8c97fe7e9062}" -DoAutoUpdate "True"
REM pause
timeout 5
 
msiexec.exe /i "C:\software\Google-Chrome\64B\GoogleChromeStandaloneEnterprise64.msi" /qn
REM pause
timeout 5
 
C:\software\Office\setup.exe /config .\ProPlus.WW\config.xml /adminfile CITRIX.MSP
REM pause
timeout 10
 
change user /execute
REM pause
timeout 5
 
C:\Windows\system32\schtasks.exe /delete /tn BaseInstall /f
C:\Windows\System32\timeout.exe /t 5
C:\Windows\System32\shutdown.exe /r /t 20 /f
del c:\software\vdaupgrade\baseinstall.bat /F

Install-Edge.ps1

Install-Edge.ps1
param
(
    [parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [ValidatePattern('^[a-zA-Z0-9]+.[m|M][s|S][i|I]$')]
    [string]$MSIName,
         
    [parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [ValidatePattern('^{[0-9A-Fa-f]{8}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{12}}$')]
    [string]$ChannelID,
 
    [parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [string]$DoAutoUpdate
)
 
# See if autoupdate is false
if($DoAutoUpdate -eq $false)
{   
    # Registry value name is in the format "Update<{ChannelID}> where ChannelID is the GUID
    Set-Variable -Name "AutoUpdateValueName" -Value "Update$ChannelID" -Option Constant
    Set-Variable -Name "RegistryPath" -Value "HKLM:\SOFTWARE\Policies\Microsoft\EdgeUpdate" -Option Constant
 
    # Test if the registry key exists. If it doesn't, create it
    $EdgeUpdateRegKeyExists = Test-Path -Path $RegistryPath
 
    if (!$EdgeUpdateRegKeyExists)
    {
        New-Item -Path $RegistryPath
    }
 
    # See if the autoupdate value exists
    if (!(Get-ItemProperty -Path $RegistryPath -Name $AutoUpdateValueName -ErrorAction SilentlyContinue))
    {
        New-ItemProperty -Path $RegistryPath -Name $AutoUpdateValueName -Value 0 -PropertyType DWord
    }
 
   $AutoupdateValue = (Get-ItemProperty -Path $RegistryPath -Name $AutoUpdateValueName).$AutoUpdateValueName
 
   # If the value is not set to 0, auto update is not turned off, this is a failure
    if ($AutoupdateValue -ne 0)
    {
        Write-Host "Autoupdate value set incorrectly"
        return -1
    }
}
# Install the Edge MSI
return (Start-Process msiexec.exe -Wait -PassThru -ArgumentList "/i $MSIName /q").ExitCode

Install_Server.bat

REM change port number in below command.
REM Use citrix vda command line helper tool from citrix. https://support.citrix.com/article/CTX234824 if needed
REM Install new VDA agent, delete files and scheduled tasks. Finally reboot.

C:\software\vdaupgrade\VDAServerSetup_2203_2000.exe /components VDA /controllers "CloudConnector1 CloudConnector2" /noreboot /quiet /disableexperiencemetrics /enable_remote_assistance /enable_real_time_transport /enable_hdx_ports /enable_hdx_udp_ports /remove_pvd_ack /virtualmachine /masterpvsimage /includeadditional "Citrix Personalization for App-V - VDA","Citrix Profile Management","Citrix Profile Management WMI Plug-in","Citrix Telemetry Service","Citrix Supportability Tools" /exclude "Citrix Backup and Restore","Citrix MCS IODriver","Citrix Rendezvous V2","Citrix VDA Upgrade Agent","Machine Identity Service","User personalization layer","AppDisks VDA Plug-in","Citrix Files for Outlook","Citrix Files for Windows","Personal vDisk"
C:\Windows\system32\schtasks.exe /delete /tn VDAInstall /f
C:\Windows\system32\schtasks.exe /delete /tn VDAUninstall /f
del c:\software\vdaupgrade\remove.bat /F
del c:\software\vdaupgrade\VDAServerSetup_2203_2000.exe /F
C:\Windows\System32\timeout.exe /t 5
C:\Windows\System32\shutdown.exe /r /t 20 /f
del c:\software\vdaupgrade\install.bat /F

Install_Workstation.bat

REM change port number in below command.
REM Use citrix vda command line helper tool from citrix. https://support.citrix.com/article/CTX234824 if needed
REM Install new VDA agent, delete files and scheduled tasks. Finally reboot.

C:\software\vdaupgrade\VDAWorkstationSetup_2203_2000.exe /components VDA /controllers "CloudConnector1 CloudConnector2" /noreboot /quiet /disableexperiencemetrics /enable_remote_assistance /enable_real_time_transport /enable_hdx_ports /enable_hdx_udp_ports /remove_pvd_ack /virtualmachine /masterpvsimage /includeadditional "Citrix Personalization for App-V - VDA","Citrix Profile Management","Citrix Profile Management WMI Plug-in","Citrix Telemetry Service","Citrix Supportability Tools" /exclude "Citrix Backup and Restore","Citrix MCS IODriver","Citrix Rendezvous V2","Citrix VDA Upgrade Agent","Machine Identity Service","User personalization layer","AppDisks VDA Plug-in","Citrix Files for Outlook","Citrix Files for Windows","Personal vDisk"
C:\Windows\system32\schtasks.exe /delete /tn VDAInstall /f
C:\Windows\system32\schtasks.exe /delete /tn VDAUninstall /f
del c:\software\vdaupgrade\remove.bat /F
del c:\software\vdaupgrade\VDAWorkstationSetup_2203_2000.exe /F
C:\Windows\System32\timeout.exe /t 5
C:\Windows\System32\shutdown.exe /r /t 20 /f
del c:\software\vdaupgrade\install.bat /F

Remove_Server.bat

"C:\Program Files\Citrix\XenDesktopVdaSetup\XenDesktopVdaSetup.exe" /REMOVEALL /QUIET /NOREBOOT
C:\Windows\System32\shutdown.exe /r /t 5 /f

Remove_Workstation.bat

"C:\Program Files\Citrix\XenDesktopVdaSetup\XenDesktopVdaSetup.exe" /REMOVEALL /QUIET /NOREBOOT
C:\Windows\System32\shutdown.exe /r /t 5 /f

Mode.reg

mode.reg
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core]
"LicensingMode"=dword:00000004

Link to previous VDA / App Install article: VDA And App Install

Link to setup authentication profile for Citrix Cloud: Profile Setup

Page 1 of 12

Powered by WordPress & Theme by Anders Norén