Preview of what is coming this weekend…..
How about a way to convert basic authentication on Citrix Gateway on-prem to advanced authentication with nFactor.
Tag: citrix Page 3 of 4
Wouldn’t you know it!? A vCenter certificate got changed out and now your hypervisor connector is showing it no worky. Come to find out you missed the email memo that the certificate was getting changed. Or you might’ve been busy and didn’t think too much of it. Well, now you have to get it fixed! What if there was a way to get that information quickly and easily so that you just had to do some copy / paste magic to resolve it? Well…. There is! This handy dandy little script will get those pesky thumbprints and kick them out as a csv so you can use them to update your connector in the XenDesktop database.
# A script to check SSL thumbprints on your Citrix hypervisor connections. This will get all of the thumbprints of your connectors and will get the SSL thumbprints of your vCenters if you happen to have more than one.
# This is for running on in-premise Citrix farm (7.x) on a Delivery Controller with 10.1.0 VMware.PowerCLI module and the Citrix SDK installed with VMware ESXi 7.0U1 or later. This also is ran in ISE. Get-SSLThumbprint function is from https://gist.github.com/lamw/988e4599c0f88d9fc25c9f2af8b72c92
# with the return $SSL_THUMBPRINT -replace '(..(?!$))','$1' changed from ending in '$1:' The instructions for changing the SSL thumbprint can be found at https://support.citrix.com/article/CTX224551.
asnp Citrix*
Function Get-SSLThumbprint {
param(
[Parameter(
Position=0,
Mandatory=$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true)
]
[Alias('FullName')]
[String]$URL
)
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class IDontCarePolicy : ICertificatePolicy {
public IDontCarePolicy() {}
public bool CheckValidationResult(
ServicePoint sPoint, X509Certificate cert,
WebRequest wRequest, int certProb) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = new-object IDontCarePolicy
# Need to connect using simple GET operation for this to work
Invoke-RestMethod -Uri $URL -Method Get | Out-Null
$ENDPOINT_REQUEST = [System.Net.Webrequest]::Create("$URL")
$SSL_THUMBPRINT = $ENDPOINT_REQUEST.ServicePoint.Certificate.GetCertHashString()
return $SSL_THUMBPRINT -replace '(..(?!$))','$1'
}
$xdConnections = Get-ChildItem XDHyp:\Connections | Select HypervisorConnectionName, HypervisorAddress, SslThumbprints
$xdThumbprints = @()
foreach($xdc in $xdConnections)
{
$line = ""| Select HypervisorConnectionName, HypervisorAddress, SslThumbprints, vCenterThumbprints, SameThumbprint
$line.HypervisorConnectionName = ($xdc).HypervisorConnectionName
$line.HypervisorAddress = ($xdc).HypervisorAddress | Out-String
$line.SslThumbprints = ($xdc).SslThumbprints | Out-String
$line.vCenterThumbprints = Get-SSLThumbprint (($xdc).HypervisorAddress | Out-String)
$line.SameThumbprint = ($line.SslThumbprints -match $line.vCenterThumbprints)
$xdThumbprints += $line
}
$xdThumbprints | Export-Csv c:\scripts\logs\sslthumbprints.csv
Absolutely thrilled and amazed that I have the opportunity to join some of the best professionals out there in the Citrix world by being accepted into the ranks of Citrix Technology Advocates! Excited for what is to come with this! Make sure to welcome and congratulate all the new members and the returning members! Here is the link to check them all out!
Citrix Technology Advocate Awardees – Citrix
~~ Kris Davis
Went and got me some class! Wonderful instructor Matthew Jones over at Layer8!
So ran into an interesting thing restoring a Citrix Netscaler Gateway ADC. I went through and was doing a re-deploy of an ADC VPX. So a couple things that I noticed that were rather odd…..
First thing that I noticed was this:
So what I noticed was when you select “Import” radio button, the button to accept it once you select the file, is the “Backup” button still. I would think this would be a fantastic change to make a button with the name “Import.” This is something minor, but it was something that stood out to me.
Next thing of interest when restoring your backup file…..
Once you have “Backup / Imported” your file to the ADC, you can go back to the list of backup files available to you. Something of importance here. If you have the “Basic” backup, that is a very minimal backup including configuration files only. If you use the “Full” option, this includes the /nsconfig/, /var/, certificates, and License files. Rather important to make sure you are using the correct backup option here. And example here is re-deploying the VPX and wanting to replace the one you had.
Now when you select the “Restore” option, you get this screen:
You then get an option to “Reboot.”
Once I did the “Warm reboot,” I was presented with a wait 60 seconds screen. When I logged back in, I noticed that there was basically nothing there. I worked on it for a few minutes and decided to shut it down and power it back up after looking for another backup file. Once it had powered down and powered back on, low and behold it happened to have everything! Success was had! Something to note that will be rather important, should you decide to re-deploy a VPX on ESXi, make sure to note the MAC address of the VM BEFORE you re-deploy. The license file is married to the MAC and that is EXTREMELY important. You can open the license file with Notepad or Notepad++ and read the MAC there and then manually set it on the VM options. Just something that I ran into and thought would be useful information to have!
Note: I had already applied the license file and found that I had to change the MAC address, so all of that was done before attempting to restore the configuration from backup.
I’m sure many of you out there like ArcGIS and all that it can do for you! Well, maybe you have it in Citrix. Maybe you have custom SearchOptions.cfg’s. Maybe you have style sheets. Maybe you even like to have viewer and professional license versions available to all your users. Well….. In the long long ago, batch was the thing to power all things like this. What if. Just what if I told you, that powershell works too!? How awesome would that be?! You can upgrade your script from batch and stroll down PoSH street! How about see below and you too, for the low low price of free, can enjoy this method too!
**Fixed an issue with the ESRI_SOFTWARE_CLASS not respecting the Viewer / Professional option. This was tested and the issue is corrected. Change has been made below.** **Made an edit to reduce the number of changes you have to make and make it easier to switch between ArcGIS Desktop versions.**
# This is to launch ESRI ArcGIS in Citrix. This is using PowerShell version 5.1.17763.1971, on Server 2019 hosts, with Citrix UPM, and with ArcGIS 10.8.1 and with Seach Options. You can comment out
# the Search Options if you are not using them.
# Date: 08182021
# This sets the $username variable which will be used to map drives.
$UserName = [Environment]::UserName
# Sets profile server name for Citrix UPM. Enter profile server FQDN.
$profsrv = "profileservername.fqdn"
# Sets ArcGIS Version to be used in the script. There are several references to the version in the script. Enter version in format below.
$arcver = "Desktop10.8"
# Sets license server location. Enter license server FQDN.
$licsrv = "licenserver.fqdn"
# This section is to set the locations for _master if hosting on profile server (You can use whereever the _master location is as long as permissions are set and it is accessible
# from the network the Citrix hosting VDA's are located.You can use other drive letters, just make the change to the variables below and the section on removing drives and remapping.# This is location of "SearchOptions.cfg" files.
# This is location of "SearchOptions.cfg" files.
$Master= "\\$profsrv\GIS\_master"
# Location of ArcCatalog.gx, GxDBFactCache.dat, and GxObjFactCache.dat files.
$Desk= "\\$profsrv\GIS\_desk"
# Location of ArcMap Toolbox and styles.
$Desk1= "\\$profsrv\GIS\_desk1"
# Location of drives for GISDATA.
$QDest = "\\$licsrv\GISDATADRIVE"
$SDest = "\\$licsrv\GISDATADRIVE"
$NDest = "\\nas.fqdn\dfs\sharename"
# This tests to see if the location for the Search Options have previously been created for the user, and creating them if it is not present.
If (!(Test-Path "\\$profsrv\CITRIXUPM\$UserName\UPM_Profile\AppData\Local\ESRI\$arcver\ArcCatalog\SearchIndex\Configs\searchoptions.cfg")) {
Write-Host "Please wait while your Search Options are created..."
robocopy $Master "C:\Users\$UserName\AppData\Local\ESRI\$arcver\ArcCatalog\SearchIndex\Configs" /e /S
}
# This tests to see if the ArcCatalog options have previously been created, and create them if not.
If (!(Test-Path "\\$profsrv\CITRIXUPM\$UserName\UPM_Profile\AppData\Local\ESRI\$arcver\")){
Write-Host "Please wait while your ArcCatalog Options are created..."
robocopy $Desk "C:\Users\$UserName\AppData\Roaming\ESRI\$arcver\ArcCatalog\" /e /S /Y
}
# This tests to see if the ArcCatalog options have previously been created, and create them if not.
If (!(Test-Path "\\$profsrv\CITRIXUPM\$UserName\UPM_Profile\AppData\Local\ESRI\$arcver\")){
Write-Host "Please wait while your ArcCatalog Options are created..."
robocopy $Desk1 "C:\Users\$UserName\AppData\Roaming\ESRI\$arcver\" /e /S /Y
}
# This removes any mapped drives that might previously have been mapped.
Remove-PSDrive Q,S,N –Force -Verbose
# This maps the drives to the locations for ArcGIS data and files.
New-PSDrive -Name Q -PSProvider FileSystem –Root "$QDest"
New-PSDrive -Name S -PSProvider FileSystem –Root "$SDest"
New-PSDrive -Name N -PSProvider FileSystem –Root "$NDest"
# Sets the Class version to "Professional" license use. Comment out the Professional and uncomment the Viewer to change version.
set ESRI_SOFTWARE_CLASS="Professional"
#set ESRI_SOFTWARE_CLASS="Viewer"
# This sets the location of the executable for the ArcGIS files and starts the process.
$dir = "C:\Program Files (x86)\ArcGis\$arcver\bin"
Start-Process $dir\ArcMap.exe
Now this above will get the script for you. But… You have to publish it as well! So, how about them settings!? This is the screenshot of the settings to use to publish it. You will need to go back and change the icon if you want to have it show the ArcGIS icon instead of the powershell icon. For the copy / pasters out there:
Publishing Citrix app settings:
Path to the executable file: C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe
Command line arguments: -ExecutionPolicy Bypass c:\appscripts\ArcMapAdv-PS.ps1
Working directory: C:\WINDOWS\system32\WindowsPowerShell\v1.0\
So there you have it! A way to launch ArcGIS in Citrix with powershell instead of batch!
Citrix has announced they entering into an agreement to acquire Wrike! Check below for the news article of das news!
https://www.citrix.com/news/announcements/jan-2021/citrix-announcement.html?fbclid=IwAR32DO5ad9-oba8_Sb9mq7CDnMVcoNaQGojqvwoxi8Z_5xxzgbyI_SR8zj0
Looks like some fun for the new 20H2 of das Windows 10.
Yep…. The Chromium based Edge browser, of which I have actually came to enjoy using, is going to replace the OLD Edge browser in the new 20H2. But…… There’s a catch! Wanna guess!? That’s right… Survey says…… You can’t uninstall it. It is now a part of the collective. AND…. It is the default browser! Whodathunkit!? So something to think about when you be rolling out nice, new and shiny 20H2 on your CVAD VDI. Ok. Now nothing to see here. Move along.
We need more power from the warp core! Captain, I’m givin her all she’s got! Ran across something interesting. Something that I should have thought of before but for some reason, I did not. Windows default power management usually is set for balance even on servers. Didn’t think about it being something similar on Linux distros. It appears that is the case! So…… What I found in an issue with some lag and latency, is that Ubuntu and some other distros use ondemand as a CPU scaling governor as the default power scheme. There are a lot of write-ups on the various scaling governor settings available, so I won’t go into all of those. I will show how to set it to performance. I found that CentOS has this as well, but I am working on how to get it set to performance and will add that here as soon as I get the howto on that. This becomes applicable for your Linux VDI that you could be supporting in your Citrix VDI environment and could run into audio issues or are experience lag with multi-core systems.
So here is the way to set the scaling governor to performance on Ubuntu systems. There are two ways depending on if you are running older than 18.04 or newer than 18.04.
For 18.04 Ubuntu and newer:
Open console and type “cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor” to see what it is set to. If it is set to “ondeman,” it is governing the procs. To change to “performance,” type “echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor.” To confirm the change, type “cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor” to make sure it is showing performance.
For earlier than 18.04 Ubuntu: (from https://itectec.com/ubuntu/ubuntu-how-to-set-performance-instead-of-powersave-as-default/)
Open nano or vi and edit /etc/rc.local and insert these lines before the last line containing exit 0:
sleep 120 # Give CPU startup routines time to settle.
cpupower frequency-set --governor performance
Happy computing with thy VDI! I’ll post the change for CentOS / RedHat when I have the settings available!
Something interested that we found in our environment. We were having to do some reporting and ran into an issue where a username wasn’t being found in the reporting from Director. We had to do some looking and checking profile stores to check the user we thought it might have been and had to compare SIDs to confirm the user was the same. But wait, there is hope! And a fix!
https://support.citrix.com/article/CTX279446
We found that there is a known issue with the Monitor Database not updating in the MonitorDate.User table. It appears to be in 1909 and newer (ref- CVADHELP-14700). Shout out to the person that found this! It saved use some searching and diggin! Reach out to your Citrix contact and request that private fix if you need it!