Category: Tutorial

Renew your Citrix fundamentals 6 licence

So you’ve managed to install citrix fundamentals 6 and keep running with it for a year, now you get those lovely emails saying that you have to renew your licences for it.

Once you have logged into your mycitrix account and reallocated your new licence and downloaded the .lic file what do you do next.

 

1/ Log into your citrix fundamentals server and open the Citrix quick start applet.

2/ Click on the licencing menu item on the left hand side then hit the blue hyperlink that says “Add Citrix licences”.

3/ Point the dialogue box at your downloaded licence file and allow xenapp to install the file.

4/ At this point you will notice that the licences are cumulative *i.e. if you have 30 licences last year and have just installed the renewal licence for another 30 then 60 licences will be reported within the console with the approaching renewal date displayed rather than the renewal date (next years date).

5/ At this point you will need to open the services.msc console (start\administrative tools\services) and stop the “Citrix Licencing” service.

6/ Once stopped (assuming you are using server 2008 R2) Navigate to c:\program files (x86)\citrix\licencing\my files\ and MOVE the old licence file out of the directory. Its important that you leave all the other files within the directory such as the citrix.opt and the citrix_startup.lic. If you are unsure of which licence file to move you can look at the licence file with notepad and within the top line is the expiry date of the licence file (in US format).

7/ Once the old licence file has been moved out of the licence directory, you can start the “Citrix Licencing” service within windows and check to make sure it displays the correct number of licences and days remaining. If you still had the citrix quick start applet open you will need to close and reopen it as more than likely the licence page won’t work until you do so.

Creating a bootable USB installation media for windows 7

You can install windows 7 in many ways, one of them being creating a bootable USB key instead of using a DVD (cause lets face it installing from optical media is so last century and slow) . In order to do this you need the windows 7 install files (normally on your Windows 7 DVD or downloaded ISO file) and a windows vista/7 system to create the bootable USB key. a 4GB Usb key will do the job nicely here.

In order to create the key you will need to do the following:

Open an elevated dos prompt and type in “diskpart”
You will need to find the usb key by typing in “list disk” which will present all the disks available on your system (the usb key will have a smaller disk size so will be easy to spot.
Then type “select disk” and then the number that list disk gave representing the usb key. For example “select disk 1”
If the USB key is brand new you will need to create a partion on the key by typing “create partition primary” and then when it has created the partition type “format quick” which formats the partition as a fat32 drive using the quick method (perfectly adequate for what we want.
Once the format has completed type “active” which will mark the primary partition on the usb key as active and then type “exit” to get out of the disk partition tool.
All you need to do now is copy the entire contents of the windows 7 dvd to the USB key and insert the key into the target computer and configure the bios to boot from USB key.

 

 

Migrating Outlook autocorrect to a new profile

When you’ve done all that you can to diagnose a problem and you are left with the last bastian of hope that is migrating the user to a new profile (I do this by renaming the current one to something.old) along with PST’s and desktop, document and favourite folders you can also migrate Outlooks autocomplete data.

The file extention for the autocomplete data is *.NK2 which is normally located (in Outlook 2007) in %userprofile%\application data\microsoft\Outlook . Copy the NK2 file into the newly created profile and ensure that the NK2 file is renamed to match whatever you have chosen to call the Outlook profile in the users new profile. Et voila, years’ worth of autocorrect data back.

Learning Java the easy and fun way

I was flicking through the usual linux mags I buy the other and came across a link to a java learning tool called Robocode. Its basically a java game where you can pit your tank against others (either the default’s or the ones that other people have written). There are a good number of tanks to choose from to start with and then you edit the code to improve your tanks abilities.

Check it out!

Xenapp 5 Data Collectors

Configuring the Data Collector Service

The data collector service is the hub of a citrix farm, the data collector responsibilities include but are not limited to:-

Information on published applications
Connected Users
Sessions
Licencing
Server Load
Distribution of the above Information to other data collectors in the farm.

Data collectors operate within “ZONES” inside a farm. Zones are groups of servers that are usually grouped by geographical boundaries. Zones are created to minimise WAN traffic. If for example we had offices in Iceland and one in australia, each would have a seperate zone so that users in iceland connect and lanuch published applications from the iceland zone. This would stop them connecting to the australia zone and incuring WAN costs.

In the above configuration you would still get WAN traffic however it would be minimal as only the datacollectors would be relaying information on their status to each other.

Another interesting thing about data collectors is the “election” process. This is the automated process where a data collector is elected as the primary collector and others as backups. This process is completely automated and can be explained in the following.

You have 2 zones (Iceland and Australia) each has 5 servers within their own zone (so the farm has 10 servers in total) . If all servers allowed their data collectors to chat across the WAN it would increase the amount of WAN traffic and potentially cause confusion. So within each zone the election process takes place. This allows one server to communicate the zones status/info etc to the other zome. However also elected are backup data collectors. This will then become the primary data collector should anything happen to the original primary data collector.

Although this is completely automated there are configuration settings you can change to assist the choice of the primary data collector.

MOST PREFFERED
The first choice for the data collector only assign this to ONE server in each zone. For information this is normally automatically assigned to the first xenapp server installed in a zone.

PREFERRED
The second choice for a data collector, more than one PREFFERED data collector can exist.

DEFAULT PREFERENCE
Default settings for servers, if no settings have been manually chosen for the servers then they go into this level of preference. Also in the event of a MP server failure and no manual preference settings have been configured then elections will occur at this level (simply because the PREFERRED option for a server must be manually chosen.

NOT PREFFERED
This is the runt setting for the servers. Servers in this level will only become data collectors if no others are available.

If you leave all the preference settings alone and let the farm get on with it by itself then when we installed the servers in the iceland zone the first server to come online will automatically be designated the MOST PREFFERED server, the other 4 will get the DEFAULT PREFERENCE.

Publishing an Application in Citrix Xenapp 5

Publishing an application in Citrix is the act of making an application/desktop available either through the web interface or through the programme neighborhood.

There are quite a few settings to think about when publishing an application that affects not only security but performance of an application.

Applications are published to the access management console and rather than walking through the wizard clicks I will explain the various options you could choose on the way.

So once you have opened the access management console and chosen new/publish application in the application folder you will get to choose the following:-

Name
The first tab where you need to enter information is the name tab, all this requires is a friendly name and description of the app you are publishing.

Type
This tab allows you to specify what you are publishing. You can publish an application (i.e. adobe reader) , a complete desktop (good for using with thin clients) or content (i.e. web page or document).

Location
This is the file path to the applications exe or document.

Server
This allows you to select the server(s) that the application is installed on and you want users to have access too. For example a Citrix Farm consisting of 5 servers may all have adobe reader installed but for whatever reason you may only want users accessing adobe reader on 3 of the 5 servers.

Users
This is where you can specify users/groups that will have access to the published application. You can also specify to allow anonymous access which means all users will have access to the application. In real world Citrix deployments access is controlled by groups as administering individual users access to every application you publish will quickly become a nightmare.

Aging and Scavenging

Hi all,

I’ve just written up a quick tutorial on aging and scavenging, its only really a scrappy quick one but as usual please feel free to download it, and tell me what you think.

LINK

Secure Dynamic DNS updates

So reading a bit more about DNS I’d thought I’d write a little about the secure DNS update feature.

When the Zone properties of an Active Directory Integrated zone is modified to allow secure updates Kerberos is used.
Things to keep in mind is that legacy clients cannot perform dynamic updates (think pre windows 2000 systems) in which case the dhcp server can be configured to update the dns records for the legacy client.

Good things about secure updates.

Because it uses the Kerberos protocol you can be sure that the client has authenticated to the domain and has a valid computer account (have a look at my Kerberos tutorial for more info).

So that’s the good stuff, now consider that because Kerberos is used to authenticate the client. Consider a win98 box. This cannot perform dynamic updates of any kind so a DHCP server can register the DNS records for it (if configured to do so). Because Kerberos is used to authenticate the originating client the DHCP server then becomes the owner of that record. Now a slight issue arises from a good idea. Owners of a record are the only clients that can update the resource record in DNS (from an automagical system point of view).

Now consider that the Windows 98 box is upgraded to windows XP (unlikely I know because of the probable age of the hardware but still worth knowing for the exam). Now the upgraded Windows XP box can perform its own dynamic updates. So XP boots and attempts to update its DNS record and….. its fails. Because the “OWNER” of the DNS record is the DHCP server that used to handle updates for it when it was a windows 98 OS. In that instance someone would have to manually delete the record and either recreate it correctly or reboot/renew etc the client pc so it attempts to update DNS again.

This can be resolved by adding systems to a group called DNSUpdateProxy, which stops the owner information being sent when the client/dhcp server attempts to perform a DNS update.

Also worth a thought is what happens if you have a network with one DHCP server/200 win XP boxes and 50 win 98 boxes. Friday evening (it always happens on a Friday) your dhcp server explodes magnificently, and you receive a phone call just after you’ve popped the lid on your favourite beer.
So you drag yourself back to work commission another server as a dhcp server reconfigure the scopes and then go home for whats left of your weekend.

Eventually you will notice that all of the win 98 boxes are not getting their records updated because all those records were owned by the DHCP server which is now being used as your deskside cupholder. So you will have to manually delete all those DNS records and get the DHCP server to attempt to re-register the DNS records for the clients. This can be avoided if you use the DNSUpdateProxy group. Because DNS will not know who the owner of the record was only that it was authenticated by Kerberos.

DNS basics

Hi all, This post is just a quickie about the locations that you can use to store your DNS zone data, both standard and active directory integrated.

Standard Zones

 

Standard zones have all their information stored in text files on a DNS server. With standard zones you can only one primary copy of the database. Standard zones are also prone to failure as if the server hosting the primary zone fails then no updates/additions can be made to the zones which in a large domain/network with ddns enabled can quickly become a problem. The text files are generally named after the zone with .dns at the end for example a secondary zone for scrivnet.local would have its data saved on \system32\dns\scrivnet.local.dns . You can obviously use a normal text editor to view the contents of the files.

 

Active Directory Integrated Zones

Active Directory integrated zones do exactly what it says on the tin except with the added advantage that in this configuration you can have multiple servers with primary copies of the same zone data. The main thing to remember with this is that all the dns servers need to be domain controllers as well otherwise you cannot use integrated zones. Also secondary zones can never be integrated into active directory and can only be standard zones as above. Stub zones however can be integrated if you wish.