Pages

Wednesday, December 23, 2015

VMware Horizon View Virtual Desktops Stuck in Customizing Status

Problem

You've created a new pool of virtual desktops in your VMware Horizon View environment but noticed that while the virtual machines get created, they never get past the customizing status:






After waiting 10 minutes or more, the customizing status switches to error with the following message:

View Composer agent initialization state error (16): Failed to activate license (waited 1235 seconds)

Pairing state:
Configured by:
Attempted theft by:











Solution

The error above indicates that the newly deployed VDIs are unable to contact or is able to contact but unable to activate with the KMS server in the environment. One of the troubleshooting steps you can take to verify this is to configure the master image of the virtual desktop to skip the KMS activation by completing the following:

Open the Registry Editor and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmware-viewcomposer-ga

Edit the SkipLicenseActivation REG_DWORD key and change the value from 0 which is off to 1 which is on:






















Performing this change will allow the VMware Horizon View Manager to skip the Windows KMS activation and complete the pool deployment.  If this change corrects the issue then further troubleshooting will be required to determine why KMS activation is not completing.

Tuesday, December 22, 2015

Event ID 1310 warning constantly logged on Exchange 2013 server

I recently ran into an issue that took quite a bit of time for me to find a resolution for after going through numerous troubleshooting steps so I thought I'd write this blog post in hopes that I'd be able to save others the hours I spent.

Your environment consists of the following:
  1. A single Exchange 2013 server with both the Mailbox and Client Access roles installed
  2. The version is 15.0 (Build 1156.6) - CU11
  3. The operating system is Windows Server 2012 R2 with the latest patches installed as of December 18, 2015
You notice the following warnings consistently logged in the application logs:

Log Name: Application
Source: ASP.NET 4.0.30319.0
Event ID: 1310
Level: Warning
User N/A









Event code: 3008 

Event message: A configuration error has occurred. 
Event time: 12/18/2015 6:36:46 PM 
Event time (UTC): 12/18/2015 10:36:46 PM 
Event ID: 10a3589bc8624ee292c0117bcd54bb1c 
Event sequence: 1 
Event occurrence: 1 
Event detail code: 0 
Application information: 
    Application domain: /LM/W3SVC/1/ROOT/OAB-1233-130949518065162062 
    Trust level: Full 
    Application Virtual Path: /OAB 
    Application Path: D:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\OAB\ 
    Machine name: SVR-MAIL-03 
Process information: 
    Process ID: 2232 
    Process name: w3wp.exe 
    Account name: NT AUTHORITY\SYSTEM 
Exception information: 
    Exception type: ConfigurationErrorsException 
    Exception message: Could not load type 'Microsoft.Exchange.Security.OAuth.OAuthHttpModule'.
   at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)
   at System.Web.Configuration.Common.ModulesEntry.SecureGetType(String typeName, String propertyName, ConfigurationElement configElement)
   at System.Web.Configuration.Common.ModulesEntry..ctor(String name, String typeName, String propertyName, ConfigurationElement configElement)
   at System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList)
   at System.Web.HttpApplication.GetModuleCollection(IntPtr appContext)
   at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
   at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
   at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
   at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)

Could not load type 'Microsoft.Exchange.Security.OAuth.OAuthHttpModule'.
   at System.Web.Compilation.BuildManager.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase)
   at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)



Request information: 
    Request URL: https://localhost:443/OAB/ 
    Request path: /OAB/ 
    User host address: 127.0.0.1 
    User:  
    Is authenticated: False 
    Authentication Type:  
    Thread account name: NT AUTHORITY\SYSTEM 
Thread information: 
    Thread ID: 21 
    Thread account name: NT AUTHORITY\SYSTEM 
    Is impersonating: False 
    Stack trace:    at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase)
   at System.Web.Configuration.Common.ModulesEntry.SecureGetType(String typeName, String propertyName, ConfigurationElement configElement)
   at System.Web.Configuration.Common.ModulesEntry..ctor(String name, String typeName, String propertyName, ConfigurationElement configElement)
   at System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList)
   at System.Web.HttpApplication.GetModuleCollection(IntPtr appContext)
   at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
   at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
   at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
   at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)


Custom event details: 















Through the searches I've done on the internet, one of the forum recommendations I found here: https://social.technet.microsoft.com/forums/exchange/en-US/00893e96-9fa3-4ceb-a547-93d37a4b25a0/oab-not-working was to review the OAB IIS settings as per the following TechNet article: 

Default settings for Exchange virtual directories

The above article indicates that the SSL Settings is recommended to be Not Required but what I've found was that the other 2 single Exchange 2013 server environments I had access to that were working actually had the setting enabled:














I did try to disable the Require SSL option and then Reset the directory:








... but this did not fix the issue and the Require SSL option would be re-enabled after a reset.

One of the differences I found between this environment with the problem and the other two was that the Application Pools setting for the MSExchangeOABAppPool had a .NET CLR version of .NET CLR Version v4.0.30319:









... while the other 2 environments I had access to were listed as .NET Framework version of .NET Framework v4.0.30319:









However, after having no success with trying to figure out whether this could be changed because the drop down menu did not have such an option, I logged onto another environment with Exchange 2013 and noticed that it had the same .NET Framework v4.0.30319 for the application pool so I gave up on this.

Next, I used the Get-OabVirtualDirectory | FL cmdlet to copy the exact settings of a server without this error:











Configure the problematic server with the same settings above with the Set-OabVirtualDirectory cmdlet did not correct the issue.

Next, I began comparing the folder C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\oab where the virtual directory is mapped to and noticed that the problematic server had the following single web.config file:






The file size was 1KB and the content had only a few lines:


   
       
           
       
   





Meanwhile the 2 other servers that did not have this issue had a much larger web.config file with more content and it also had 2 other files;

  1. global.asax
  2. web.config.bak

Note that both of them had different file sizes and amount of lines in the web.config file.






After trying a few other solutions without results, I came across the following TechNet article that described how to recreate the OAB folder:

Remove, Re-Create, and Reconnect an Offline Address Book Virtual Directory

I proceeded to use the Get-OABVirtualDirectory cmdlet to save the configuration, the Remove-OABVirtualDirectory to delete the directory, the New-OABVirtualDirectory to recreate the folder, then used the Set-OABVirtualDirectory cmdlet to configure the newly created OAB folder with the same settings as documented earlier.

Following the above steps recreated the web.config file with more content (larger than 1KB) as well as the two additional global.asax and web.config.bak files in the same folder.  Restarting the server a few times and reviewing the event logs show that the warning was no longer logged.

Monday, December 21, 2015

Using PowerShell cmdlets to remove accounts in Azure Active Directory

I've been recently asked to perform cleanup in an Azure directory that had orphaned accounts that were left over from a previous DirSync.  What the client noticed was that the accounts that used to be associated with their on-prem domain were converted to Microsoft Azure Active Directory when the synchronization was removed.  













Most of the accounts that they wanted removed had the User Name format as:

@domain.onmicrosoft.com

The directory also had accounts with the format:

@domain.com

... which they did not want removed.

This particular directory did not have many accounts which meant manually remove them via the GUI was possible but I thought this would be a good opportunity to demonstrate how to use PowerShell cmdlets to filter and remove the accounts in bulk.

Begin by the launching WAAD (Windows Azure Active Directory) console execute Connect-MsolService and log in with the global or subscription admin account for the Azure Directory.

Once logged in, the cmdlet we'll be using to retrieve the set of users to be deleted is:

Get-MsolUser

https://msdn.microsoft.com/en-us/library/azure/dn194133.aspx

Note that every environment will be different so the following example will need to be tweaked accordingly.

The accounts I wanted to delete in this particular Azure directory all had the @domain.onmicrosoft.com format but within these accounts, there was 1 administrative account that I did not want to delete.  This account was:

o365admin@domain.onmicrosoft.com

With the above 2 requirements in mind, the 2 filters I needed for the Get-MsolUser cmdlet would be:

where-object {$_.UserPrincipalName -like "*domain.onmicrosoft.com"} 
where-object {$_.UserPrincipalName -notlike "o365admin*"}

Combining the two filters together will create the following cmdlet:

Get-MsolUser | where-object {$_.UserPrincipalName -like "*domain.onmicrosoft.com"} | where-object {$_.UserPrincipalName -notlike "o365admin*"}

As mentioned earlier, every directory is unique and even if your environment matched this example, it is important to execute this cmdlet and review the returned accounts to verify no mistakes were made:















One of the annoyances I come across when working with PowerShell is that outputs such as the above tend to get truncated because of the length of the records so if you experience this, simply include the following at the end of the cmdlet:

| Format-Table -Wrap -AutoSize

The cmdlet would look as such:

Get-MsolUser | where-object {$_.UserPrincipalName -like "*domain.onmicrosoft.com"} | where-object {$_.UserPrincipalName -notlike "o365admin*"} | Format-Table -Wrap -AutoSize

The output would look as such:















Note that if the output above fills the screen buffer, you can pipe it to a txt file to review with:

> C:\userAccounts.txt 

Once you have verified that the accounts retrieved are the ones that can be safely deleted, proceed with appending the following cmdlet to the end:

Remove-MsolUser


https://msdn.microsoft.com/en-us/library/dn194132.aspx

Get-MsolUser | where-object {$_.UserPrincipalName -like "*domain.onmicrosoft.com"} | where-object {$_.UserPrincipalName -notlike "o365admin*"} | Remove-MsolUser -Force





You should now see the accounts removed in the Azure GUI once the cmdlet successfully completes:




Friday, December 18, 2015

Hiding Citrix XenDesktop 7.x applications from PNAgent published Apps and Desktops

Problem

You’ve successfully configured a zero client to connect to your XenDesktop 7.x infrastructure via the URL:

https://yourStoreFrontFQDN.com/Citrix/StoreName/PNAgent/config.xml


… but would like to hide all of the published applications because the zero client will only be used for desktop access.










Solution

One of the ways to hide Applications or Desktops is to use the PowerShell cmdlet Set-DSResourceFilterType on the StoreFront server.

Begin by setting the execution policy to remote signed then importing the necessary Citrix PowerShell modules with the following cmdlets:

Set-ExecutionPolicy RemoteSigned
$dsInstallProp = Get-ItemProperty -Path HKLM:\SOFTWARE\Citrix\DeliveryServicesManagement -Name InstallDir
$dsInstallDir = $dsInstallProp.InstallDir
& $dsInstallDir\..\Scripts\ImportModules.ps1











Next, determine the Site ID of the IIS site hosting the StoreFront website:
















With the Site ID determined, execute the following cmdlet to list what is being displayed for the store:

Get-DSResourceFilterType -SiteId 1 -VirtualPath "/Citrix/"

For example:

Get-DSResourceFilterType -SiteId 1 -VirtualPath "/Citrix/Desktop"






Notice the output above shows that Applications, Desktops and Documents are displayed meaning nothing is filtered out.

Next, execute the following cmdlet to filter out Applications and Documents thereby leaving only Desktops displayed:

Set-DSResourceFilterType -SiteId 1 -VirtualPath "/Citrix/Desktop" -IncludeTypes @("Desktops")






Executing the:

Get-DSResourceFilterType -SiteId 1 -VirtualPath "/Citrix/Desktop"

… will now show that only Desktops are included.


Logging into the zero client will now hide the applications that were displayed in the earlier screenshot:



Thursday, December 17, 2015

Attempting to connect to Citrix XenDesktop 7 from an HP t410 Smart Zero Client throws the error: “This client could not connect to a Citrix server at the address ‘https://yourStoreFrontFQDN.com/Citrix/StoreNameWeb”

Problem

You’ve configured a new HP t410 Smart Zero Client to connect to your Citrix XenDesktop 7.x StoreFront site but receive the following error message when you attempt to log in:

No Citrix Server


This client could not connect to a Citrix server at the address ‘https://yourStoreFrontFQDN.com/Citrix/StoreNameWeb









Solution

The reason why this error is thrown is because you have configured the connection’s Server URL with the Receiver for Web URL.  To correct the issue, simply change the URL to:

https://yourStoreFrontFQDN.com/Citrix/StoreName/PNAgent/config.xml











You should be able to log in after the URL is changed:


Wednesday, December 16, 2015

Attempting to connect to a Citrix XenDesktop 7 store secured with internal CA throws the error: “CA certificate required to connect to this server is not installed or found…”

Problem

You’re in the process of configuring a new HP t410 Smart Zero Client with a XenDesktop 7.x infrastructure.  You proceed to configure the zero client to connect to StoreFront 3.0.1 but quickly notice the following error message:

Certificate error

CA certificate required to connect to this server is not installed or found. Please use Certificate Manager to add the CA certificate or contact your system administrator.










Solution

The reason why this error is thrown is because the certificate presented by the StoreFront to secure the traffic between itself and the zero client is issued by an internal Microsoft CA which the zero client does not trust.  To correct this issue, simply export the root certificate as Base-64 encoded X.509 (.CER) format:
















Then navigate into the Certificate Manager of the zero client and import it into the Local Root Certification Authorities:










You should now be able to log into the site without receiving the certificate error message.

Windows 10 installation on a Dell Latitude E5550 loops back to the start of the installation screen

I was recently asked by a colleague to look at why their attempt to install Windows 10 on a Dell Latitude E5550 laptop continuously loops back to the beginning of the installation as shown in the following screenshots:


















The reason why the installation loops back to the beginning is because legacy boot is turned on.  To continue to the install, either manually select the UEFI Boot: Windows Boot Manager option:











… or as you’ll need to do after the install, change the Boot List Option from Legacy to UEFI:



Wednesday, December 9, 2015

Disabling tabs displayed in Citrix StoreFront 3.x

I’ve recently been asked a few times by clients and colleagues about the ability to hide the new X1 StoreFront interface’s Favorites, Apps and Desktop tabs and as I don’t have a blog post demonstrating it, I thought I’d write this quick post so I could direct these questions to it.

Hiding the Favorites Tab

To hide the Favorites tab as shown in the screenshot below:

image

… simply launch the Citrix StoreFront console, navigate to Stores, select the store you would like to hide the tab and the click on the Disable User Subscriptions option on the right:

image

You will be briefly presented with the following prompt:

image

Click on Yes to complete the configuration.

Hiding the Apps or Desktops Tab

To hide the Apps or Desktops tab as shown in the screenshot below:

image

… simply navigate to the C:\inetpub\wwwroot\Citrix\<StoreName>Web directory, open the web.config file with Notepad:

image

Then search for either showAppsView or showDesktopsView which will bring you to the following section:

<userInterface autoLaunchDesktop="true" multiClickTimeout="3"

enableAppsFolderView="true">

<workspaceControl enabled="true" autoReconnectAtLogon="true"

logoffAction="disconnect" showReconnectButton="false" showDisconnectButton="false" />

<receiverConfiguration enabled="true" downloadURL="ServiceRecord/GetDocument/receiverconfig.cr" />

<uiViews showDesktopsView="true" showAppsView="true" defaultView="auto" />

<appShortcuts enabled="false" allowSessionReconnect="false" />

</userInterface>

Modify the true option for the respective tabs by changing them to false if you would like to hide them.

The following is an example of a StoreFront store with the Favorites and Apps tab hidden:

image