XenApplePie

Virtualization, technology, and random rantings with a focus on Citrix and VMware.

Tag: citrix Page 2 of 4

Getting And Comparing AgentVersions on VDAs Against Target Version

By

On July 15, 2022

In Citrix, PowerShell, XenApp

I was looking at a way to compare versions of VDAs installed on various systems to see what systems needed to be updated. I ran into some issues trying to compare the versions as there are different formats and there was not a consistent numbering system going back to 7.15 that I could discern. So with some assistance from https://www.linkedin.com/in/douglas-ruehrwein-56835869/, I was able to get the version check working correctly. This ended up comparing to the target version and returning anything that was less than the target version. I didn’t want to target anything newer than the target as I had reasons for those particular systems to be running a newer VDA. You can combine this with the VDA upgrade script to output the DNSNames of the machines to upgrades machines outside of the target version.

This was first attempt and realized some machines didn’t show HostedMachineName.
This was the second attempt and got it to show the DNSName as well and this helped identify the Linux VDA machines.
Final using [System.Version] to compare the versioning numbers. This was the expected output.
# Script to get VDA versions below target version. This was done in PowerShell ISE 5.1 against 1912LTSRCU5 DDCs.
$adminAddress = "deliverycontroller.fqdn"
$date = Get-Date -Format MMddyyyy
$outputName = "VDAToUpgrade"
$report = @()
[System.Version]$targetVersion = "1912.0.5000.5174"
$getMachines = Get-BrokerMachine -AdminAddress $adminAddress -MaxRecordCount 1000000

foreach($machine in $getMachines){
  $line                   = "" | Select HostedMachineName, DNSName, AgentVersion, WillBeUpgraded
  $testVersion            = $machine.AgentVersion
  
  $line.HostedMachineName = $machine.HostedMachineName
  $line.DNSName           = $machine.DNSName
  $line.AgentVersion      = $machine.AgentVersion
  
  if([System.Version]$testVersion -ge [System.Version]($targetVersion)){

    $line.WillBeUpgraded  = "Current Version Or Newer"
  
  }
  
  if([System.Version]$testVersion -lt [System.Version]($targetVersion)){

    $line.WillBeUpgraded  = "Yes"
  
  }
    
  $report += $line
  
}

$report | Export-Csv -Path c:\scripts\logs\$date-$outputName.csv -Append -NoTypeInformation

# To see only the versions that are not matching the target version
$report | Where-Object WillBeUpgraded -eq "Yes"

Are You The Keymaster!? : Script To Change ListOfDDCs in Registry

By

On July 13, 2022

In Citrix, PowerShell, Windows, XenApp

You have an upcoming change and some new DDCs you brought online. You may be changing out to Citrix Cloud (you better be), and you may need to change the ListofDDCs to you Cloud Connector. Sometimes GPO may take a minute to reflect what you want set. You can use this to change the ListOfDDCs quickly. You can also add the ListofSSIDs if that is something that you use by adding another registry name and value in your script block. I have the Get-ItemProperty used twice to get the result of what was set before the change and to show the reflected change. I just like to doubly confirm something and make sure something hinky was not afoot.

# Script to change DDCs on a group of Citrix servers. You will need access to the remote servers and firewall access with PowerShell.
$listServers = Get-Content c:\scripts\logs\svrlist.txt
$date        = Get-Date -Format MMddyyyy
$report      = @()

foreach($srv in $listServers) {

  $scriptBlock = {
    
    $regName  = "ListOfDDCs"
    $regValue = "DDC1 DDC2 or CC1 CC2"
    Get-ItemProperty -Path HKLM:\Software\Citrix\VirtualDesktopAgent
    Set-ItemProperty -Path HKLM:\Software\Citrix\VirtualDesktopAgent -Name $regName -Value $regValue
    Get-ItemProperty -Path HKLM:\Software\Citrix\VirtualDesktopAgent
       
  }

  $ddcUpdate  = Invoke-Command -ComputerName $srv -ScriptBlock $scriptBlock
  
  $report += $ddcUpdate
  
}

$report | Out-File c:\scripts\logs\$date-ddcchange-list.txt

Good Ole Proxy Top, Forward Style

By

On April 25, 2022

In Citrix, Gateway formerly known as Netscaler, Netscaler

So you want to get that sweet, sweet forward proxy all up there for some kiosks? Well… Have I got a deal for you! If you happen to have the licensing (Premium license requirement), you too can be the proud owner of this actually wonderful product. I have been using this for years now and it works extremely well if you don’t have to constantly add sites to the allowed list. Now… First things first. This is for defining your OWN allow list that YOU have to maintain. Getting Gmail to work will take some effort as there are a LOT of sites you have to add for images. This is not using the URL Threat Intelligence which is a line item purchase. This was completed with the help of Kevin Lofy from Citrix. https://www.linkedin.com/in/jkevinlofy/. This also is the GUI way of configuring this. Hope that this is of help. It REALLY solved a couple issues and allowed a good bit of control with using AppLocker on the VDA hosting server that was publishing the Firefox browser that linked to the proxy address.

Logon to Citrix ADC.

You will need to select “System” > “Settings” > “Configure Basic Features.”

If “Integrated Caching” is not enabled, you will need to enable the feature. This WILL require a reboot.

Select “Settings” > “Configure Advanced Features.”

You will need to select “SSL Interception” and “Forward Proxy.”

Navigate to “Traffic Management” > “DNS” > “Name Servers” and select “Add.”

Select “IP Address.”

Enter “IP Address.”

Select “UDP” from “Protocol.”

Click “Create.”

Navigate to “Security” > “SSL Forward Proxy.”

Select “Certificate Bundles.”

Select “SSL Forward Proxy Wizard.”

Click “Get Started.”

Click “Continue.”

Enter “Name” for Proxy.

Select “Explicit” from “Capture Mode.”

Click “Continue.”

Click “Continue.”

Select “SSL Sessions Interception.”

Select “Add.”

Select “Bind.”

Select “Add.”

I used an Ubuntu machine and hosted the text file there and reference it as http://ip/something.txt

This will set it to go to next line.

Click “OK.”

HTTP.REQ.HOSTNAME.APPEND(HTTP.REQ.URL).URLSET_MATCHES_ANY(“urlsetname”) || HTTP.REQ.URLSET_MATCHES_ANY(“urlsetname”)

Click “Close.”

Click “OK.”

You will need to set a policy to set the IP and Port defined for the proxy (typically 8080) and apply to the machine that will be using the proxy. Using AppLocker with it will make it harder to pivot out of for machine security.

I’ll gather up a blog post of AppLocker and a way to use it with SSL Forward Proxy.

Windows Terminal On Citrix VDI Keyboard No Worky

By

On April 20, 2022

In Citrix, XenApp

So ran into this fun on Citrix VDI with Windows Terminal. You get it installed. You start it up. It’s all shiny. You press a button….. And…… NOTHING! So we saw this issue on Windows Terminal on Windows 10 20H2 running CVAD 1912 CU5 VDA. A little bit of searching and this article pointed to part of what was up. https://github.com/microsoft/terminal/issues/4448

The fix that had to be done to resolve it in our case was to set the “Touch Keyboard and Handwriting Panel Service” to “Manual” in Services. Then rebooting. After that, it fired right up and worked!

That One Time, You Got SMAPP’d!

By

On April 8, 2022

In Citrix, PowerShell, Uncategorized, XenApp

So you run SiteManager. And somebody done decided they want to make a new server that will host the security.dat file. And… You already did the work to create custom .ini file locations for the users. NOW you have to change all those smapp.ini files with the updated location of the security.dat file. How dare they?! Well. That could be some fun if you have a lot of users. Wait…. Powershell for the rescue! If you happen to use a profile server to host the user files, you can easily replace it with the new location of the security.dat file.

Update: Not sure what happened, but the code paste didn’t take evidently. I blame gremlins. It has been corrected.

# Replace a line / value in .ini file stored in Citrix UPM folder location when a change to the application is made.
# An example is for SiteManager, if you change the location of the .dat file for security.dat file and you are using a custom .ini
# created and stored with the user profile.

$filePath = "e:\locationofupmfolders"

$Files = Get-ChildItem -Path $filePath -Recurse -File -force -Include "smapp.ini"

foreach($file in $files)
    {
        $find = "value-you-want-to-change"
        
        $replace = "value-you-want-to-change-to"
        
        $content = Get-Content $($file.FullName) -Raw
        
        #write replaced content back to the file
        $content -replace $find,$replace | Out-File $($file.FullName) | write-output
        
        
    }

Easy peasy. Now they have the new location of the security.dat file!

EDT / DTLS Insight!?

By

On March 28, 2022

In Citrix, Gateway formerly known as Netscaler, Netscaler

So ran into something fun with the 13.0-84.11 firmware for the ADC. After moving to this version, we noticed the packet engine crashed and failed over. Then it did it again a few days later. After a call with Citrix, looks like there is a known bug in there that is to be remediated in the next month with a new firmware release. The recommendation to do the fix is to run this command on each node of an HA pair: nsapimgr -ys enable_ica_edtinsight=0. There was a CTX article that was referenced (https://support.citrix.com/article/CTX341028), but I was unable to view it. There is a caveat if you happen to be using EDT that it won’t show in ADM after you make this change, so you would need to disable HDX Adaptive Transport if you want to see session information in ADM.

What’s New In 2203!? Check It Out!

By

On March 23, 2022

In Citrix, XenApp

https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/whats-new.html

CVAD 2203!!! It Is Here!!

By

On March 23, 2022

In Citrix, XenApp

https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/product-software/citrix-virtual-apps-and-desktops-2203.html

Get on over and get it downloaded!

Keep It On The Level, The MinimumFunctionalLevel

By

On March 19, 2022

In Citrix, PowerShell, XenApp

Sometimes, over time, you upgrade and upgrade. But maybe you forgot to upgrade your functional levels for your Machine Catalogs and Delivery Groups. If you don’t have the right functional level, you may be missing out on features. (Link to functional levels: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/install-configure/machine-catalogs-create.html#vda-versions-and-functional-levels)

So here is a quick way to upgrade the functional level. This is done for “L7_20” level. As newer levels come out, you can change the value.

# This will upgrade functional levels on Delivery Groups and Machine Catalogs. This will need to be ran on either a Delivery Controller or somewhere you have the Citrix Powershell SDK installed.
asnp Citrix*
$adminAddress = "deliverycontroller-FQDN:80"
$brokerCatalog = Get-BrokerCatalog -AdminAddress $adminAddress |Where MinimumFunctionalLevel -lt "L7_20"|Select Name, MinimumFunctionalLevel
$brokerDesktopGroup = Get-BrokerDesktopGroup -AdminAddress $adminAddress |Where MinimumFunctionalLevel -lt "L7_20"| Select Name, MinimumFunctionalLevel
foreach($brokerCat in $brokerCatalog) {
    Get-BrokerCatalog -AdminAddress $adminAddress -name $brokerCat.name | Set-BrokerCatalog -MinimumFunctionalLevel L7_20
    }
foreach($brokerDesk in $brokerDesktopGroup) {
    Get-BrokerDesktopGroup -AdminAddress $adminAddress -name $brokerDesk.name | Set-BrokerDesktopGroup -MinimumFunctionalLevel L7_20
    }
# Check Machine Catalogs after upgrading functional levels
Get-BrokerCatalog -AdminAddress $adminAddress |Where MinimumFunctionalLevel -lt "L7_20"| Select Name, MinimumFunctionalLevel
# Check Delivery Groups after upgrading functional levels
Get-BrokerDesktopGroup -AdminAddress $adminAddress |Where MinimumFunctionalLevel -lt "L7_20" | Select Name, MinimumFunctionalLevel

Firmware Upgrade Complete! Responder, Where’d You Go?!

By

On March 18, 2022

In Citrix, Gateway formerly known as Netscaler, Netscaler, XenApp

Recently we had upgraded firmware on a Citrix ADC from 13.0-83.27 to 13.0-85.15. This was to try and correct an issue with the HTML interface not updating the custom settings on the Login Schemas for nFactor configuration. It would create the custom XML file for use, but it wouldn’t reflect any changes to it. I checked the permissions on the XML file and they would show root had read / write. You could still copy the XML file down via tools like WinSCP, make the edit, and copy back to the ADC.

Below you can see what happened. You would navigate to AppExpert > Responder and you would see the proper number of policies showing.

After you click on the the # Responder Policies, you see below.

It shows that there are no policies there. You can click on “Statistics” and you see this below.

It appears that it reset the counters as well. You can putty into the ADC and do a “show run” and you see that they are still there.

You can see that the policies are there. They do appear to work, but they just don’t show on the HTML GUI.

So a downgrade of version will be in order to see if that resolves the issue and Citrix is still looking at the issue to find a resolution.

UPDATE: Looks like a firmware revision reversion took care of the display issue with the showing of Responder policies.

Page 2 of 4

Previous

Next

Powered by WordPress & Theme by Anders Norén