Virtualization, technology, and random rantings with a focus on Citrix and VMware.

Tag: DaaS Page 1 of 2

When You Add A Cloud Connector, Don’t Forget The Cert Bind!

When you need to add another cloud connector, it’s really easy to forget a step or two since you don’t necessarily do it all the time. But don’t forget to add it to the STA list on the your Citrix Gateway on Netcaler and as a Delivery Controller on your Storefront servers. But…. Rather important if you are using HTTPS (which you should be), to make sure and have a cert on the Cloud Connector (server /client) and bind it using the script below. Since IIS isn’t installed on the Cloud Connectors, this is how you can do it! Article below has screenshots of getting cert and App ID. This is for after you already have gotten App ID and the certificate installed. Also, certificates expire, so you will have to get new certs when they expire and bind them the same way. I added the $beforeCertificateBind and $afterCertificateBind so you have an output of what was there before and after. You can get the App ID by following the link: Enable SSL

$beforeCertificateBind = (& C:\Windows\System32\netsh.exe http Show sslcert)
$beforeCertificateBind

# Confirm AppID.
$appID   = "12345678-1234-1234-1234-1234567890AB"
$getHash = (Get-ChildItem -path cert:\LocalMachine\My | Where-Object Subject -Match "$env:COMPUTERNAME" | Select-Object Thumbprint).Thumbprint

& C:\Windows\System32\netsh.exe http add sslcert ipport=0.0.0.0:443 certhash=$getHash appid=`{$appID`}

$afterCertificateBind = (& C:\Windows\System32\netsh.exe http Show sslcert)
$afterCertificateBind

Copy Training Video And Publish As App

Sometimes you need users to see training videos. You may have to copy it to several servers. You may need to copy several videos to several servers. There might be an instance where it is a new implementation or you have had videos there before. This will copy videos to a group of servers in a Delivery Group and publish the app to the Application Group of your choosing.

$remoteMachines        = (Get-BrokerMachine -MaxRecordCount 100000 | Where-Object DesktopGroupName -Match "DeliveryGroupName" | Select-Object DNSName).DNSName
$sourcePath            = "PathToVideo.fqdn"
$videosToCopy          = Get-ChildItem -Path $sourcePath | Select-Object Name
$destinationPath       = "c$\training-video-folder"
$applicationType       = "HostedOnDesktop"
$commandLineArguments  = "c:\training-video-folder"
$commandLineExecutable = "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe"
$workingDirectory      = "%ProgramFiles(x86)%\Windows Media Player"
$applicationGroup      = "App Group Name"
$iconUid               = "21"

$totalItems            = $remoteMachines.Count
$currentItem           = 0
$percentComplete       = 0

foreach($remote in $remoteMachines){
  
  Write-Host "Checking if folder " $destinationPath " exists on " $remote
  if (!(Test-Path -Path "\\$remote\$destinationPath")) {
        Write-Host "Creating folder " ($destinationPath).Split('\')[1] " on $remote"      
        New-Item -ItemType Directory -Path "\\$remote\c$" -Name ($destinationPath).Split('\')[1]
  }

  foreach($video in $videosToCopy){
    Write-Progress -Activity "Copying $video to $remote" -Status "$percentComplete% Complete:" -PercentComplete $percentComplete
    Copy-Item "\\$sourcePath\$video" -Destination "\\$remote\$destinationPath\" -Force
    
    $currentItem++
    $percentComplete = [int](($currentItem / $totalItems) * 100)
    
  }
}

foreach($vid in $videosToCopy){

$videoName = ($vid.Name)
$shortName = ($vid.Name).Split('.')[0]

New-BrokerApplication -ApplicationType "$applicationType" -Name "$shortName" -BrowserName "$shortName" -CommandLineExecutable "$commandLineExecutable" -CommandLineArguments "$commandLineArguments\$videoName" -Description "$shortName" -WorkingDirectory "$workingDirectory" -ApplicationGroup "$applicationGroup" -IconUid "$iconUid"

}

Quick Function To Find User VDI

Sometimes you need to find a user’s VDI machine to work on it. This function will do that for you. I typically use the last name as the search to limit the scope of the machines found. It will find all machines that contain any part of the string you enter. It also shows the MachineName which includes the domain\machinename to help locate the user machine. You can add other parameters such as AgentVersion if desired. I limited the scope to not include floating pool (Random) assigned machines. For a list of all fields of Get-BrokerMachine that can be selected in the function with Select-Object, please see this link: Get-BrokerMachine Options

# Requires being connected to Citrix Cloud with DaaS SDK. 
Function Get-VDI {
    [cmdletbinding()]
    Param(
        [Parameter(Position = 0, Mandatory, ValueFromPipeline, ValueFromPipelineByPropertyName)]
        [string]$VDIUserName
    )
   
    Process {
       $userToFind = '*' + $VDIUserName + '*'
       $getVDIs = Get-BrokerMachine -MaxRecordCount 100000 | Where-Object SessionSupport -eq "SingleSession" | Where-Object AllocationType -eq "Static" | Where-Object AssociatedUserNames -like "$userToFind" | Select-Object AssociatedUserNames, MachineName, RegistrationState, InMaintenanceMode, SessionCount
    }
    End {
        $getVDIs
    }
}
Example with user that has 4 desktops assigned.

Also to make it is easy for the day to day, you can add this to your profile with notepad $profile and copy and paste it there and reload.

Get That Outta Here! : Releasing Citrix Cloud User Licenses Via API In Accordance With Citrix EULA

*Update. Changes made due to API only allowing 100 licenses to be released at one time.*

Building on getting the licenses on the last post, how about a way to release them? Obviously you will need to follow the guidelines laid out by Citrix EULA on when you can release licenses: Citrix License Usage.

You do have the option to use the console in Citrix Cloud, but if you prefer to do things via script, you can do that as well!

Important note to make…. The format of the consumerList is what presented the biggest issue. With a bit of assistance from a teammate, it was possible to get the proper way to format the data.

This is the format to have the data in:

Link to developer API document

You’ll notice the consumerList = @() in there. It is expecting to have an array of consumerList be passed to it. If you do not format this way, you will get invalid character errors.

Example of format that will fail all so miserably and give you that wonderful invalid character error:

This is an example of the output that will work and prevent frustration:

Example with five of users:

Example of result of successful release of 5 users:

# Script to release licenses from Citrix Cloud. Tested with PowerShell ISE. Also requires secure-client.csv with ID, Secret, and CustomerID in CSV to pass to Citrix Cloud.
# This must be used in accordance with Citrix EULA for users not having accessed in 30+ day period. Example below is targeting where users that have not logged in over 60 days.
# This will report on what users are in that group over 60 days. You can do a quick check using $releaseUsers.count before doing the release to see how many licenses will be released.
# ALWAYS check the exported report of users before releasing to make sure you are releasing the licenses you are expecting to.


$date           = (Get-Date).AddDays(-60)
$creds          = Import-Csv "c:\scripts\secure-client.csv"
$CLIENT_ID      = $creds.ID
$CLIENT_SECRET  = $creds.Secret
$CUSTOMER_ID    = $creds.CustomerID
$tokenUrl       = 'https://api-us.cloud.com/cctrustoauth2/root/tokens/clients'
$reportName     = "user-license-toRelease.csv"
$getDate        = Get-Date -Format MMddyyyy
$reportLocation = "C:\scripts\logs"


$response       = Invoke-WebRequest $tokenUrl -Method POST -Body @{
  grant_type    = "client_credentials"
  client_id     = $CLIENT_ID
  client_secret = $CLIENT_SECRET
}

$token = $response.Content | ConvertFrom-Json

$headers              = @{
  Accept              = "application/json"
  Authorization       = "CwsAuth Bearer=$($token.access_token)"
  'Citrix-CustomerId' = $CUSTOMER_ID
 }
 
 
$resourceLocUrl = "https://api-us.cloud.com/catalogservice/$CUSTOMER_ID/sites"
$response       = Invoke-WebRequest $resourceLocUrl -Headers $headers
$content        = $response.Content | ConvertFrom-Json
$siteID         = $content.sites.id

$headers              = @{
  Accept              = "application/json"
  Authorization       = "CwsAuth Bearer=$($token.access_token)"
  'Citrix-CustomerId' = $CUSTOMER_ID
  'Citrix-InstanceId' = $siteID
 }

$consumerList = Invoke-RestMethod "https://api-us.cloud.com/licensing/license/enterprise/cloud/cvad/ud/users" -Method GET -Headers $headers | Select-Object consumerList -ExpandProperty consumerList -ExcludeProperty consumerList
$releaseUsers = $consumerList | Where-Object {[DateTime]$_.latestLogonTime -lt $date} 
$releaseUsers | Export-Csv "$reportLocation\$getDate-$reportName" -Append -NoTypeInformation


if($releaseUsers.count -gt 100){

$smallerCounter = $releaseUsers.Count
$toSkip = 0

Do{

$smallerList = $releaseUsers | Select-Object -Skip $toSkip -first 100

$body = @{
    productEdition = "XAXDFull"
    licenseType    = "user"
    consumerList   = @(
        $smallerList.consumerId
    )
} | ConvertTo-Json


Invoke-RestMethod "https://api-us.cloud.com/licensing/license/enterprise/cloud/cvad/ud/licenserelease" -Method POST -Body $body -Headers $headers -ContentType 'application/json'


$toSkip += 100
$smallerCounter -= 100

} Until ($smallerCounter -lt 100)

$smallerList = $releaseUsers | Select-Object -Skip $toSkip -first $smallerCounter

$body = @{
    productEdition = "XAXDFull"
    licenseType    = "user"
    consumerList   = @(
        $smallerList.consumerId
    )
} | ConvertTo-Json


Invoke-RestMethod "https://api-us.cloud.com/licensing/license/enterprise/cloud/cvad/ud/licenserelease" -Method POST -Body $body -Headers $headers -ContentType 'application/json'

}

Updated VDA Install / Upgrade / RDS Install / Desktop / Server / App Install Script

I have been working on updating the VDA install / upgrade script and combining the app install script and getting it all in one script. This will now check for .NET version (for prerequisite of 2203LTSR), upgrade if necessary, and then install / upgrade VDA. This will also check if RDS role is installed on server for a new build, and if not, it will install it and kick off application installs. Install switches past 2203CU2 are different, so please refer to CTX article on proper install switches for newer versions. Just make the changes to the install batch files with the appropriate switches. This will also check against OS types and copy the appropriate VDA / install scripts based on if it is server OS or desktop OS detected. Link below for the older version and for configuring Citrix Cloud connection profile.

# Script to check for .NET 4.8 and install if not installed as well as checking for OS Type to determine which version to install for VDA Upgrade / Install. This will also check if RDS is installed on server OS and install role if not installed.
# This will also run a baseinstall script that will install applications outlined in the batch file. This requires PowerShell, the DaaS SDK, connection to vCenter, and a profile defined as "default" for the Citrix Cloud connection.
# This will also snapshot the server / desktop if running vCenter. This also requires admin access to the target machines as well as firewall access / remote PowerShell enabled. You will need to run ISE as admin.

asnp Citrix*

$VDIList            = Get-Content "C:\scripts\logs\vdaupgrade.txt"
$source             = "fileshare.fqdn\vdaupgrade"
$dest               = "c$\software\vdaupgrade"
$serverInstallFile  = "install_server.bat"
$serverRemoveFile   = "remove_server.bat"
$desktopInstallFile = "install_desktop.bat"
$desktopRemoveFile  = "remove_desktop.bat"
$VDAFileServer      = "VDAServerSetup_2203_2000.exe"
$VDAFileDesktop     = "VDAWorkstationSetup_2203_2000.exe"
$vcenter            = "vCenter.fqdn"
$dotNetSource       = "fileshare.fqdn\DotNET-48"
$dotNetInstall      = "ndp48-x86-x64-allos-enu.exe"
$date               = Get-Date -Format MMddyyyy
$totalItems         = $VDIList.Count
$currentItem        = 0
$percentComplete    = 0
$report             = @()

if($global:defaultviserver -eq $null){

  Connect-VIServer $vcenter

}

if($GLOBAL:XDSDKProxy -eq $null){

  Get-XDAuthentication -ProfileName "default"

}


  foreach ($VDI in $VDIList) {
    Write-Progress -Activity "Starting on $VDI" -Status "$percentComplete% Complete:" -PercentComplete $percentComplete
    $line                       = "" | Select-Object Name, PreviousVersion, SnapShot
      
    $VDI1                       = ($VDI.Split('.')[0])
    $line.Name                  = "$VDI"
    $line.PreviousVersion       = (Get-BrokerMachine -HostedMachineName $VDI1 | Select-Object AgentVersion).AgentVersion
    $snapshot                   = (Get-VM $VDI1 | New-Snapshot -name $date-$VDI1-preupgrade)
    $line.SnapShot              = (Get-VM $VDI1 | Get-Snapshot).Name
    
    $dotnetTest                 = Invoke-Command -ComputerName $VDI -ScriptBlock {Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client' | Get-ItemProperty -name Version}
    $dotnetVersion              = $dotnetTest.Version
    [System.Version]$testResult = $dotnetVersion
    
    if($testResult.Major -eq 4 -and $testResult.Minor -lt 8){

  
      Write-Host "Copying and installing .NET 4.8 on $VDI"
      if (!(Test-Path -Path "\\$VDI\c$\software\vdaupgrade")) {
        New-Item -ItemType Directory -Path "\\$VDI\c$\software" -Name "vdaupgrade"
        Copy-Item "\\$dotNetSource\$dotNetInstall" -Destination "\\$VDI\$dest" -Force
        
      }
      else {
        Copy-Item "\\$dotNetSource\$dotNetInstall" -Destination "\\$VDI\$dest" -Force
       
       }

      $session       = New-PsSession -ComputerName $VDI
      $remoteSession = Invoke-Command -ScriptBlock {Start-Process -FilePath "c:\software\vdaupgrade\ndp48-x86-x64-allos-enu.exe" -ArgumentList @("/q")  -wait -Verb RunAs} -Session $session
  
      Remove-PSSession -Id $session.id
    
      Start-Sleep -s 30
      Do {Start-Sleep -s 15}
      Until ((Test-NetConnection -ComputerName $VDI -Port 445).TcpTestSucceeded -eq $true)
      Do {Start-Sleep -s 5}
      Until ((Get-Service -ComputerName $VDI -Name 'TermService').Status -eq "Running")
      Write-Host "$VDI back up"  
    }
  
    
    $wmiOSTypeCheck  = Get-WmiObject -ComputerName $VDI -Class Win32_OperatingSystem | Where {$_.Primary -eq $true}
    
      if($wmiOSTypeCheck.ProductType -eq 3){
        $installFile = "$serverInstallFile"
        $removeFile  = "$serverRemoveFile"
        $VDAFile     = "$VDAFileServer"
        
        $rdsCheck = (Invoke-Command -ComputerName $VDIList -ScriptBlock {Get-WindowsFeature | Where-Object Name -like "rds-rd-server" | Select-Object InstallState })
        
        if($rdsCheck.InstallState.value -eq "Available") {
          Write-Host "RDS not installed. Installing RDS role on $VDI"
          Copy-Item "\\$source\baseinstall.bat" -Destination "\\$VDI\$dest" -Force
          
          if (!(Test-Path -Path "\\$VDI\c$\software\vdaupgrade")) {
            New-Item -ItemType Directory -Path "\\$VDI\c$\software" -Name "vdaupgrade"
            Copy-Item "\\$source\$installFile" -Destination "\\$VDI\$dest" -Force
            Copy-Item "\\$source\$removeFile" -Destination "\\$VDI\$dest" -Force
            Copy-Item "\\$source\$VDAFile" -Destination "\\$VDI\$dest" -Force
            
          }
          else {
            Copy-Item "\\$source\$installFile" -Destination "\\$VDI\$dest" -Force
            Copy-Item "\\$source\$removeFile" -Destination "\\$VDI\$dest" -Force
            Copy-Item "\\$source\$VDAFile" -Destination "\\$VDI\$dest" -Force
            
          }
          Invoke-Command -ComputerName $VDI -Scriptblock {
            $action = New-ScheduledTaskAction -Execute 'c:\software\vdaupgrade\install_server.bat'
            $trigger = New-ScheduledTaskTrigger -AtStartup 
            $principal = New-ScheduledTaskPrincipal  -RunLevel Highest -UserID "NT AUTHORITY\SYSTEM" -LogonType S4U
            $taskName = "VDAInstall"
            $taskDescription = "Citrix VDA Install"

            Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName $taskName -Description $taskDescription
          }
        
          Invoke-Command -ComputerName $VDI -Scriptblock {
            $time = (Get-Date).AddMinutes(7)
            $action = New-ScheduledTaskAction -Execute 'c:\software\vdaupgrade\baseinstall.bat'
            $trigger = New-ScheduledTaskTrigger -Once -At $time
            $principal = New-ScheduledTaskPrincipal  -RunLevel Highest -UserID "NT AUTHORITY\SYSTEM" -LogonType S4U
            $taskName = "BaseInstall"
            $taskDescription = "Base Software Install"

            Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName $taskName -Description $taskDescription 
          }
          
          Invoke-Command -ComputerName $VDI -ScriptBlock {
            Add-WindowsFeature rds-rd-server
            Restart-computer
          }
        }
        Write-Host "Copying VDA files and installing on server $VDI"
        if (!(Test-Path -Path "\\$VDI\c$\software\vdaupgrade")) {
          New-Item -ItemType Directory -Path "\\$VDI\c$\software" -Name "vdaupgrade"
          Copy-Item "\\$source\$installFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$removeFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$VDAFile" -Destination "\\$VDI\$dest" -Force
          
        }
        else {
          Copy-Item "\\$source\$installFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$removeFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$VDAFile" -Destination "\\$VDI\$dest" -Force
        }
        
        Invoke-Command -ComputerName $VDI -Scriptblock {
          $time      = (Get-Date).AddMinutes(3)
          $action    = New-ScheduledTaskAction -Execute 'c:\software\vdaupgrade\remove_server.bat'
          $trigger   = New-ScheduledTaskTrigger -Once -At $time
          $principal = New-ScheduledTaskPrincipal  -RunLevel Highest -UserID "NT AUTHORITY\SYSTEM" -LogonType S4U

          Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName "VDAUninstall" -Description "Citrix VDA Uninstall" 
        }

        Invoke-Command -ComputerName $VDI -Scriptblock {
          $action    = New-ScheduledTaskAction -Execute 'c:\software\vdaupgrade\install_server.bat'
          $trigger   = New-ScheduledTaskTrigger -AtStartup 
          $principal = New-ScheduledTaskPrincipal  -RunLevel Highest -UserID "NT AUTHORITY\SYSTEM" -LogonType S4U

          Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName "VDAInstall" -Description "Citrix VDA Install" 

        } 
      
      }
      if($wmiOSTypeCheck.ProductType -eq 1){
        $installFile = "$desktopInstallFile"
        $removeFile  = "$desktopRemoveFile"
        $VDAFile     = "$VDAFileDesktop"

        Write-Host "Copying VDA files and installing on desktop $VDI"
        if (!(Test-Path -Path "\\$VDI\c$\software\vdaupgrade")) {
          New-Item -ItemType Directory -Path "\\$VDI\c$\software" -Name "vdaupgrade"
          Copy-Item "\\$source\$installFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$removeFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$VDAFile" -Destination "\\$VDI\$dest" -Force
          
        }
        else {
          Copy-Item "\\$source\$installFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$removeFile" -Destination "\\$VDI\$dest" -Force
          Copy-Item "\\$source\$VDAFile" -Destination "\\$VDI\$dest" -Force
          
        }
        Invoke-Command -ComputerName $VDI -Scriptblock {
          $time      = (Get-Date).AddMinutes(3)
          $action    = New-ScheduledTaskAction -Execute 'c:\software\vdaupgrade\remove_desktop.bat'
          $trigger   = New-ScheduledTaskTrigger -Once -At $time
          $principal = New-ScheduledTaskPrincipal  -RunLevel Highest -UserID "NT AUTHORITY\SYSTEM" -LogonType S4U

          Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName "VDAUninstall" -Description "Citrix VDA Uninstall" 
        }

        Invoke-Command -ComputerName $VDI -Scriptblock {
          $action    = New-ScheduledTaskAction -Execute 'c:\software\vdaupgrade\install_desktop.bat'
          $trigger   = New-ScheduledTaskTrigger -AtStartup 
          $principal = New-ScheduledTaskPrincipal  -RunLevel Highest -UserID "NT AUTHORITY\SYSTEM" -LogonType S4U

          Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -TaskName "VDAInstall" -Description "Citrix VDA Install" 

        } 
      }
    
    $currentItem++
    $percentComplete = [int](($currentItem / $totalItems) * 100)
    
    $report += $line
    Start-Sleep -Milliseconds 2500
  }
      
  $report | Export-Csv c:\scripts\logs\$date-vda-upgrades.csv -Append -NoTypeInformation




VDAUpgrade.txt

machine1.fqdn
machine2.fqdn
machine3.fqdn

BaseInstall.bat

baseinstall.bat
  
@ECHO ON
change user /install
REM pause
timeout 5
 
net localgroup "Remote Desktop Users" /add "domain1\domain users" "domain2\domain users"
REM pause
timeout 5
 
REG IMPORT C:\software\mode.reg
REM pause
timeout 5
 
C:\software\AcrobatRdrDC\setup.exe /sAll /ini Setup.ini
REM pause
timeout 10
 
cd C:\software\MS-Edge
powershell -File ".\Install-Edge.ps1" -MSIName "MicrosoftEdgeEnterpriseX64.msi" -ChannelID "{56eb18f8-b008-4cbd-b6d2-8c97fe7e9062}" -DoAutoUpdate "True"
REM pause
timeout 5
 
msiexec.exe /i "C:\software\Google-Chrome\64B\GoogleChromeStandaloneEnterprise64.msi" /qn
REM pause
timeout 5
 
C:\software\Office\setup.exe /config .\ProPlus.WW\config.xml /adminfile CITRIX.MSP
REM pause
timeout 10
 
change user /execute
REM pause
timeout 5
 
C:\Windows\system32\schtasks.exe /delete /tn BaseInstall /f
C:\Windows\System32\timeout.exe /t 5
C:\Windows\System32\shutdown.exe /r /t 20 /f
del c:\software\vdaupgrade\baseinstall.bat /F

Install-Edge.ps1

Install-Edge.ps1
param
(
    [parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [ValidatePattern('^[a-zA-Z0-9]+.[m|M][s|S][i|I]$')]
    [string]$MSIName,
         
    [parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [ValidatePattern('^{[0-9A-Fa-f]{8}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{4}[-][0-9A-Fa-f]{12}}$')]
    [string]$ChannelID,
 
    [parameter(Mandatory=$true)]
    [ValidateNotNullOrEmpty()]
    [string]$DoAutoUpdate
)
 
# See if autoupdate is false
if($DoAutoUpdate -eq $false)
{   
    # Registry value name is in the format "Update<{ChannelID}> where ChannelID is the GUID
    Set-Variable -Name "AutoUpdateValueName" -Value "Update$ChannelID" -Option Constant
    Set-Variable -Name "RegistryPath" -Value "HKLM:\SOFTWARE\Policies\Microsoft\EdgeUpdate" -Option Constant
 
    # Test if the registry key exists. If it doesn't, create it
    $EdgeUpdateRegKeyExists = Test-Path -Path $RegistryPath
 
    if (!$EdgeUpdateRegKeyExists)
    {
        New-Item -Path $RegistryPath
    }
 
    # See if the autoupdate value exists
    if (!(Get-ItemProperty -Path $RegistryPath -Name $AutoUpdateValueName -ErrorAction SilentlyContinue))
    {
        New-ItemProperty -Path $RegistryPath -Name $AutoUpdateValueName -Value 0 -PropertyType DWord
    }
 
   $AutoupdateValue = (Get-ItemProperty -Path $RegistryPath -Name $AutoUpdateValueName).$AutoUpdateValueName
 
   # If the value is not set to 0, auto update is not turned off, this is a failure
    if ($AutoupdateValue -ne 0)
    {
        Write-Host "Autoupdate value set incorrectly"
        return -1
    }
}
# Install the Edge MSI
return (Start-Process msiexec.exe -Wait -PassThru -ArgumentList "/i $MSIName /q").ExitCode

Install_Server.bat

REM change port number in below command.
REM Use citrix vda command line helper tool from citrix. https://support.citrix.com/article/CTX234824 if needed
REM Install new VDA agent, delete files and scheduled tasks. Finally reboot.

C:\software\vdaupgrade\VDAServerSetup_2203_2000.exe /components VDA /controllers "CloudConnector1 CloudConnector2" /noreboot /quiet /disableexperiencemetrics /enable_remote_assistance /enable_real_time_transport /enable_hdx_ports /enable_hdx_udp_ports /remove_pvd_ack /virtualmachine /masterpvsimage /includeadditional "Citrix Personalization for App-V - VDA","Citrix Profile Management","Citrix Profile Management WMI Plug-in","Citrix Telemetry Service","Citrix Supportability Tools" /exclude "Citrix Backup and Restore","Citrix MCS IODriver","Citrix Rendezvous V2","Citrix VDA Upgrade Agent","Machine Identity Service","User personalization layer","AppDisks VDA Plug-in","Citrix Files for Outlook","Citrix Files for Windows","Personal vDisk"
C:\Windows\system32\schtasks.exe /delete /tn VDAInstall /f
C:\Windows\system32\schtasks.exe /delete /tn VDAUninstall /f
del c:\software\vdaupgrade\remove.bat /F
del c:\software\vdaupgrade\VDAServerSetup_2203_2000.exe /F
C:\Windows\System32\timeout.exe /t 5
C:\Windows\System32\shutdown.exe /r /t 20 /f
del c:\software\vdaupgrade\install.bat /F

Install_Workstation.bat

REM change port number in below command.
REM Use citrix vda command line helper tool from citrix. https://support.citrix.com/article/CTX234824 if needed
REM Install new VDA agent, delete files and scheduled tasks. Finally reboot.

C:\software\vdaupgrade\VDAWorkstationSetup_2203_2000.exe /components VDA /controllers "CloudConnector1 CloudConnector2" /noreboot /quiet /disableexperiencemetrics /enable_remote_assistance /enable_real_time_transport /enable_hdx_ports /enable_hdx_udp_ports /remove_pvd_ack /virtualmachine /masterpvsimage /includeadditional "Citrix Personalization for App-V - VDA","Citrix Profile Management","Citrix Profile Management WMI Plug-in","Citrix Telemetry Service","Citrix Supportability Tools" /exclude "Citrix Backup and Restore","Citrix MCS IODriver","Citrix Rendezvous V2","Citrix VDA Upgrade Agent","Machine Identity Service","User personalization layer","AppDisks VDA Plug-in","Citrix Files for Outlook","Citrix Files for Windows","Personal vDisk"
C:\Windows\system32\schtasks.exe /delete /tn VDAInstall /f
C:\Windows\system32\schtasks.exe /delete /tn VDAUninstall /f
del c:\software\vdaupgrade\remove.bat /F
del c:\software\vdaupgrade\VDAWorkstationSetup_2203_2000.exe /F
C:\Windows\System32\timeout.exe /t 5
C:\Windows\System32\shutdown.exe /r /t 20 /f
del c:\software\vdaupgrade\install.bat /F

Remove_Server.bat

"C:\Program Files\Citrix\XenDesktopVdaSetup\XenDesktopVdaSetup.exe" /REMOVEALL /QUIET /NOREBOOT
C:\Windows\System32\shutdown.exe /r /t 5 /f

Remove_Workstation.bat

"C:\Program Files\Citrix\XenDesktopVdaSetup\XenDesktopVdaSetup.exe" /REMOVEALL /QUIET /NOREBOOT
C:\Windows\System32\shutdown.exe /r /t 5 /f

Mode.reg

mode.reg
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core]
"LicensingMode"=dword:00000004

Link to previous VDA / App Install article: VDA And App Install

Link to setup authentication profile for Citrix Cloud: Profile Setup

License Please! : Get Licensed Users From Citrix Cloud

So you want to find out what licenses are in use? Maybe you want to know licenses that are checked out that might be over 30 days since that user logged in. Maybe you want to know for longer periods of time. You can get this from the Citrix Cloud console. You can also get it another way. And you can filter down to based on if it has been a period of time since the user accessed. This example gets all users then filters down to the latestLogonTime of older than 30 days.

# Script to get license use from Citrix Cloud. Tested with Powershell ISE. Also requires secure-client.csv with ID, Secret, and CustomerID in CSV to pass to Citrix Cloud.
# This creates a csv with the consumerID, deviceCount, consumerDisplayName, latestLogonTime, and firstLogonTime.
<# All fields available:
consumerId          : user@company.com
consumerDisplayName : user
deviceCount         : 0
userId              : user@company.com
upn                 : user@company.com
userName            : user
domain              : domain
latestLogonTime     : UTC Time
firstLogonTime      : UTC Time

#>
$date           = Get-Date
$olderThan      = $date.AddDays(-30)
$creds          = Import-Csv "c:\scripts\secure-client.csv"
$CLIENT_ID      = $creds.ID
$CLIENT_SECRET  = $creds.Secret
$CUSTOMER_ID    = $creds.CustomerID
$tokenUrl       = 'https://api-us.cloud.com/cctrustoauth2/root/tokens/clients'
$reportName     = "user-license-use.csv"
$getDate        = Get-Date -Format MMddyyyy
$reportLocation = "C:\scripts\logs"
$output         = @()
$searchOutput   = @()


$response       = Invoke-WebRequest $tokenUrl -Method POST -Body @{
  grant_type    = "client_credentials"
  client_id     = $CLIENT_ID
  client_secret = $CLIENT_SECRET
}

$token = $response.Content | ConvertFrom-Json

$headers              = @{
  Accept              = "application/json"
  Authorization       = "CwsAuth Bearer=$($token.access_token)"
  'Citrix-CustomerId' = $CUSTOMER_ID
 }
 
 
$resourceLocUrl = "https://api-us.cloud.com/catalogservice/$CUSTOMER_ID/sites"
$response       = Invoke-WebRequest $resourceLocUrl -Headers $headers
$content        = $response.Content | ConvertFrom-Json
$siteID         = $content.sites.id

$headers              = @{
  Accept              = "application/json"
  Authorization       = "CwsAuth Bearer=$($token.access_token)"
  'Citrix-CustomerId' = $CUSTOMER_ID
  'Citrix-InstanceId' = $siteID
 }


$response = Invoke-RestMethod "https://api-us.cloud.com/licensing/license/enterprise/cloud/cvad/ud/users" -Method 'GET' -Headers $headers

$output = $response.consumerList

foreach($out in $output){
    $line                     = "" | Select-Object consumerId, deviceCount, consumerDisplayName, latestLogonTime, firstLogonTime
        
    $line.consumerId          = $out.consumerId
    $line.deviceCount         = $out.deviceCount
    $line.consumerDisplayName = $out.consumerDisplayName
    $line.latestLogonTime     = ([DateTime]$out.latestLogonTime)
    $line.firstLogonTime      = ([DateTime]$out.firstLogonTime)

    $searchOutput += $line
}


$searchOutput | Where-Object latestLogonTime -lt $olderThan| Export-Csv "$reportLocation\$getDate-$reportName" -Append -NoTypeInformation

Well That Is Neat: Change Noticed On Citrix Cloud Director Activity Manager

Looks like there have been some updates to the Activity Manager on the Citrix Cloud Director. Buttons have been moved. Layout appears different. The contact card in the upper-left appears now on the Activity Manager and Details page. The overall feel of this is really nice and feels sleeker.

The Details pane appears to have remained the same.

Getting Network Names Of VDI Machines

Sometimes it is just good to have all the network names of your VDI and IP. This will get the VM name, network adapter, network name defined in vSphere, and IP.

# Script to get network names for VDI machines. This was tested with VMware 7.x, Citrix Cloud connection configured with the "default" profile, and VDI with single NIC.

asnp Citrix*
Get-XDAuthentication -ProfileName "default"

$date            = Get-Date -Format MMddyyyy
$report          = @()
$CurrentItem     = 0
$PercentComplete = 0
$ctxVDI          = (Get-BrokerMachine -MaxRecordCount 100000 | Where-Object SessionSupport -eq "SingleSession" | Where-Object HostedMachineName -ne $null | Select-Object HostedMachineName).HostedMachineName
$totalItems      = ($ctxVDI).count

foreach($ctx in $ctxVDI){
  
  Write-Progress -Activity "Getting network name for $ctx" -Status "$PercentComplete% Complete:" -PercentComplete $PercentComplete
  $line             = "" | Select-Object VM, Name, NetworkName, IPAddress
  $networkInfo      = (Get-VM $ctx | Get-NetworkAdapter)
  $ipAddress        = (Get-VM $ctx | Select-Object @{N="IPAddress";E={@($_.guest.IPAddress[0])}})
  
  if($networkInfo -ne $null){
  
    $line.VM          = $ctx
    $line.Name        = $networkInfo.Name
    $line.NetworkName = $networkInfo.NetworkName
    $line.IPAddress   = ($ipAddress).IPAddress
  }
  
  $report += $line
  $CurrentItem++
  $PercentComplete = [int](($CurrentItem / $TotalItems) * 100)
}

$report | export-csv c:\scripts\logs\$date-vdinetworks.csv -NoTypeInformation -Append

Sample Output

Dazed And ConFAS’d : Cipher Suites For FAS And EndGame Exceptions For VDI

Ran into some fun with setting up FAS for MFA. I was testing a shorter list of ciphers on a test SSL profile on ADC on the test vServer. Come to find out, when accessing a machine that was using MFA from outside the network, I was getting an SSL error 4 on Windows machines and SSL error 47 on Stratodesk machines. I hadn’t seen that error since Receiver 4.x. It appears there are some additional ciphers needed in regards to the Citrix Workspace App. It appeared to work fine with the other cipher set using the HTML5 Workspace App. This article has the updated cipher set you need to have or it may cause you some issues (Changes To FAS Ciphers). These would be applied to your SSL profile assigned to the vServer on the ADC.

Ciphers needed in the SSL profile that are in link above

I also ran into an issue with EndGame.

When trying to connect from to VDI Windows 10 machines, you would encounter an incorrect user name or password error if EndGame was enabled, instead of it SSO logging you in.

Checking the event log on the machine, you encounter a Smart Card Logon Event 5.

There are 2 DLLs you have to add to a global exclusion, scardhook.dll and scardhook64.dll. These are located under C:\Program Files\Citrix\ICAService. Just excluding those DLLs got rid of the Event 5 Smart Card Logon error and allowed the Provider DLL to initialize.

After getting these exclusions applied, SSO works normally for accessing the VDI machines.

Changing HypervisorConnectionUid for VDI machines

So you have a new / different vCenter you want to move your VDI machines to. For the power management part, you will need to have the other hypervisor connection configured. You can run the script below to change the hypervisor connection on your VDI machines. You will want to make sure you have the VMs powered down before beginning. The first steps are just information gathering. This is part of migrating machines to new hardware. I will be adding the other pieces at a later date.

First you will need to get your hypervisor names and Uids with this command: Get-BrokerHypervisorConnection | Select-Object Name, HypHypervisorType, Uid.

Then you can get a list of machines with the hypervisor connection you want to change from. This was just getting the first machine that had the hypervisor I wanted to change from. Machine was already moved to a new Uid but it would be 2 in this case. Get-BrokerMachine -MaxRecordCount 100000 | Where-Object SessionSupport -eq “SingleSession” | Where-Object HypervisorConnectionUid -eq “3” | Select-Object -first 1 | Select-Object HostedMachineName, HypervisorConnectionName, HypervisorConnectionUid

<#  Script to change Hypervisor connection and power systems back up. This was done with PowerShell ISE 5.1, default profile configured on CitrixCloud SDK, and ESXi 7.0 with connection
    to vCenter. This was built from Ben McGirt and slightly modified to get the machine names with a specific configured HypervisorConnection via Get-BrokerMachine command.
    As it is best to change these settings and power the VM on, you will need to have the VMs powered down before beginning. The Uid in the example is "2" to get the machines using a different
    HypvisorConnectionUid that you wish to change from and setting in this example to HypervisorConnectionUid "3."
#>

Get-XDAuthentication -ProfileName "default"

$getVDIMachines = Get-BrokerMachine -MaxRecordCount 100000 | Where-Object SessionSupport -eq "SingleSession" | Where-Object HypervisorConnectionUid -eq "2" | Select-Object HostedMachineName, HypervisorConnectionName, HypervisorConnectionUid

$citrixVMs = $getVDIMachines.HostedMachineName
 
Function PowerOnVM ([string] $Name) #, [string] $Hostname)
#From https://thecloudxpert.net/2016/04/25/howto-power-on-a-vmware-virtual-machine-with-powercli-powercli-101/
{
    $VM = Get-VM -Name $Name
    Switch ($VM.PowerState)
    {
        PoweredOn { Write-Host "$VM already Powered On.";break}
        PoweredOff { Write-Host "Powering on $VM"; Start-VM -VM $VM;break}
        Suspended { Write-Host "$VM suspended.";break}
        Default {break}
    }
}
 

ForEach ($VM in $CitrixVMs){

    Set-BrokerMachine -MachineName ("*\" + $VM) -HypervisorConnectionUid 3
    Start-Sleep -Seconds 2
    PowerOnVM $VM
    
    }
 

Page 1 of 2

Powered by WordPress & Theme by Anders Norén