Citrix App Layering

So if you haven't had an opportunity to work with Citrix App Layering, then you should totally check it out. This particular product was acquired by Citrix when it purchased Unidesk a few years ago. Since then, the original product has definitely evolved. At the time of this blog, Citrix App Layering is at version 4 and the appliance can be deployed to most of the common backend hypervisors.

Overview

Citrix App Layering allows an organization to separate the typical image into separate parts: Platform, OS, and Applications; which creates management separated from the infrastructure. This allows the management of updates to be separate and once finalized created a whole image. For more information on Citrix App Layering, head over to Citrix Docs. I won't go into details regarding deploying the appliance as that information is within the Citrix Docs.

Working with Citrix App Layering

So as you may already know, I build images onto of XenServer. This is intentional as it is easier to package Citrix on top of Citrix versus the other hypervisors. Basically, I've seen less driver compatibility with XenServer than other hypervisors. However to work with Citrix App Layering, the hypervisor you choose really doesn't matter when you are creating these layers.

In order to begin, you will create an OS Layer. You can create multiple OS Layers based on the Operating Systems used within your organization ie. Windows 2012 R2 and Windows 2016.  So let's login and take a look at App Layering. Important note: Citrix App Layering is not supported inside of Chrome due to Silverlight . As a workaround, I use IE Tab inside of Chrome. Once you navigate to your App Layering appliance, you will see the login screen.

image

Select Layers->OS Layers

image

Create OS Layer. Give it a simple Layer Name and provide a description (avoid periods if using PVS). I would start with version 1 and a version description of something like “Base”.  You can leave the Max Layer Size as 60GB.

image

If this is a new appliance deployment, then you will likely only have a network file share option. If you click New, then you can select your backend platform. For the purposes of this blog, it will be XenServer.

image    image

A new window will open for you to configure your XenServer Connector. Give a Config Name like “XenServer-HostName or PoolName”. You will want to fill in the information from left to right. Please note: You need to have at least one virtual machine template inside the pool/host selected without a virtual disk attached.  You can use a hostname or ip address for the XenServer Address. Enter the credentials for the host/pool. I always choose to ignore the certificate errors and select “Check Credentials”.

image 

Once the credentials are verified, then you can select the template for the OS Layer. For selection of templates (PVS only), make sure that your OS layer and Platform Layers match or at least the OS Layer CPUs are larger than the ones specified via the Platform Layer. After you’ve entered the appropriate information, then select Test. Then Save.

image

The next screen, you must select the OS Disk Virtual Machine. If you click Select Virtual Machine, then it will open a new screen for you to select a VM within the Pool/Host.

image   image

After you select a virtual machine, the screen updates with the OS Machine Name and Disk Size.

image

You can select an existing icon or if you have your own icon you’d like to use then you can select Browse.

image

The last screen gives you a summary of your selections. If everything looks good, then select Create Layer.

image


To be continued….

Upgrading 2008R2 PVS Image to Windows 2016

Disclaimer: Unless you have a really good reason (laziness works), then I wouldn't go down this road.

Use the P2PVS or XenConvert Wizard to copy the disk to a hard drive.

So now that you have a method of being able to boot directly to the PVS image without networking, let's talk about getting the image upgraded to 2016. If only it were as simple as just sticking the CD in and letting it run. Well it is, SORT OF. So the first thing you want to do is uninstall any anti virus software, VDA, PVS Target Device. You want to make sure your tools are up to date as well. After you've made sure everything is uninstalled. MAKE A SNAPSHOT. If the upgrade goes left, then you do not want to have to redo the image copy again.

Insert the Windows 2012R2 CD. Why not 2016? See my previous blog regarding upgrading to 2016. Click Install. You can skip the updates unless you just like wasting time. 😀 Click to Upgrade. Do all the unnecessary EULA stuff and allow the OS to upgrade. This may take up to an hour depending on how much software is on the image. The only thing worth noting during this process is that my Windows 2012 R2 installation kept reset after the "Setup is starting" screen. It would go back to the original click "Install" window. This ended up being an issue with Windows not knowing where to put the temp files. So I ran the following from the command line:

C:\$WINDOWS.~BT\Sources\setup.exe /runlocal /BTFolderPath:C:\$WINDOWS.~BT    /OSImagePath:"D:\Sources"  /uilanguage:en-US /targetlanguage:en-US /tempdrive:c

When you run a Windows Installation CD, it copies contents of the ISO to your local drive. That's the first part of the statement. The OSImagePath needs to be set to the drive that's connected to the ISO. The last part just requires you to let the installation know where to store the temporary information. Hope that helps someone because it can make you scratch your head a little while.
After the installation is complete, I would recommend running all the software that was on the original image. Verify that everything works. If Office was previously installed, then the first run will likely rerun the config wizard just to put back all the pointers and classes within the registry. I wouldn't worry about that part too much unless you are stopping at Windows 2012R2. Once you have verified that Windows 2012R2 is solid, then proceed with running a disk clean up to remove the previous Windows Installation from the OS. Once disk clean up is complete, reboot and you guessed it MAKE ANOTHER SNAPSHOT.

Now insert the Windows 2016 installation CD. Again, you can skip the updates. Skip through the EULA stuff, select to Keep Settings and Files. After this, Windows will "make sure you're ready". They are so nice, right!!! Once this part is complete, then you may receive a screen which lets you know if there's anything that might not convert over. You will have to confirm each item. The last thing will be a warning that this method is not supported. Remember my disclaimer??? You can confirm this as well. You will then get the green light to install. After the upgrade is complete, you will follow the same process as with the 2012R2 Upgrade. Verify all of the software still works. Run disk clean up. MAKE A SNAPSHOT. 

For our environment, some of our VMs have GPUs attached. Typically, you can jump from 2008R2 to 2012R2 with no driver issues. However, moving from 2012R2 to 2016, you will likely need to update the graphics drivers. You will want to make sure to do this before installing the VDA agent.
After the snapshot and updating graphics drivers, proceed with cleaning up the OS of any hidden devices in device manager. I would also run any windows updates. After this is complete, then you can install the PVS Target Device. After the installation, proceed with running the Imaging Wizard. If you used the BCDEDIT method, then you could just copy the disk back to PVS and boot it. However, I like to perform a fresh copy back to PVS.  So allow the machine to reboot and copy the HD back to a vDisk.


Once the vDisk has been copied, shutdown your VM and switch the PVS Device to Boot to vDisk instead of Hard Disk. Power up the the VM again. It should boot to your new 2016 PVS vDisk. If this is successful, then power the machine back off. Remove the snapshots. Remove the HD with 2016. Power the machine back on and ensure there are no ghost devices.
You want to remove any devices which are hidden/inactive devices prior to installing the VDA. For the ghost nics in Xenserver, I would suggest removing them through the registry using something like PSEXEC. It is a lot easier and cleaner. I've seen where removing them using device manager causes you to have to rerun XenTools to get the NIC to not keep assigning APIPA.  If you run regedit as system using PSEXEC (psexec -i -s regedit), then you can remove the extra NICs. I've never seen any issues with using this method and I've used it for years now.  If you take a look at the example, then the first two NICs represent the valid NICs in device manager. But 2 - 9 Keys are not valid as the properties are empty so those keys can be removed. If you remove them and refresh device manager, then you will notice that the ghost NICs disappear.

After all hidden devices are uninstalled, you can proceed to install the VDA. If this is a VDI, then ensure to run the WorkstationSetup with the servervdi switch. In certain instances, you may need to rebuild the WMI Repository since we've upgraded the OS twice. This will give you the infamous 1603 error when you try to install the VDA.  You can follow this Citrix article. Make sure to look at the error log to see which msi failed. Then you can go to %temp% and MSI Log files to figure out what's happening. 

Another GOTCHA is during an in place upgrade, the netlogon service is set to manual. This will cause an issue when you get ready to test the login to the VDA. Make sure to set the NETLOGON service back to Automatic and reboot. Here is the article which explains the behavior. You will likely get the error "an attempt was made to logon but the network logon service was not started". 

After the installation is complete, attach the VM to a Machine Catalog and Delivery Group if not already done. Test logins and verify everything is still working. Seal your image and begin testing with users. 

Hopefully, you guys found this informative. Shoot me a comment about your experiences.


Reverse Imaging a PVS Target Device

By the title alone, most of us cringe at the topic or idea. The reverse imaging process for a PVS target device has greatly evolved over the years. Some of you may remember the brutal days of copying the image to a hard drive, making your changes, then recreating the vDisk using the Imaging Wizard or the P2PVS utility. Using either of these methods is extremely time consuming and at this point a waste unless you simply have no other choices.

However, prior to VHDX feature of PVS, my favorite method was to create a Xen SR pointed to the PVS server and boot directly to the VHD file. This worked flawlessly. But then VHDX feature came along and that was way cooler from an IOPS perspective than my effortless approach to reimaging devices. So I searched around to find a different method which supported VHDX files. And of course, the easiest route came from using BCDEdit to create an additional boot option. This boot option would point to the VHDX file. You could modify the image and then put it right back on the PVS server and done. So if I've peeked your curiosity then keep reading.

First, you need a VM with at least Windows 8/2012. You need a drive that's at least twice the size of VHDX disk (ex: in PVS, vDisk is allocated to 80GB, you need a 160GB data drive).

  • Boot the VM
  • On the Data Drive, copy the VHDX file to the drive
  • Open up command prompt
    • bcdedit /export c:\bcdbackup
    • bcdedit /copy {default} /d "PVS Image"
    • bcdedit /set {guid} device vhd=[drive letter:]\SomeFile.vhdx
    • bcdedit /set {guid} osdevice vhd=[drive letter:]\SomeFile.vhdx
  • Restart the Machine
  • Select PVS Image
  • Perform your updates
  • Update Xen/VM Tools
  • Perform Driver Installs
  • Update an old version of PVS Target Device (pre 7.6 Update 1)
  • Upgrade to 2012R2, 2016, 2019
  • Restart the Machine
  • Select Regular VM
  • Copy VHDX file back to PVS

Yep, you are done!!!

Upgrading from Windows Server 2008R2 to ?????

So like many professionals, I am sure there are plenty of old servers inside of your environment. In my current environment, we have a really large amount of 2008R2 servers. We are also in the middle of transitioning our core infrastructure from Xen to VMware. You can check out my other blogs on that topic here.

The biggest caveat to upgrading any server is which version do you upgrade to. With 2008R2 reaching EOL at the beginning of 2020, there will likely be at least 4 versions to upgrade to by then. Currently as of this writing, there are already 3 versions (2012R2, 2016, 2019). I'm not including 2012 for obvious reasons because that would be like installing just 2008 instead of R2. So what's the easiest in my opinion? My answer: 2012R2.  I'm sure some are going to be like WHATTTTTTT?!?!?!
Don't worry, I'll explain.

So 2012 R2 will reach it's EOL in 2023 and that's almost 5 years away. Let's all be honest with ourselves, we transition servers and environments so frequently that there's a whole lot that could happen in 5 years. So that being the case, the easiest transition and supported upgrade path would be 2008R2 > 2012R2.  Using this upgrade path, allows you to keep all software in tact. You don't have to worry about reinstalling most software packages and most roles and features will also transfer. You cannot upgrade from 2008R2 > 2016 or 2019 and keep the software packages. It will give you a fresh install.

I have upgraded file servers, license servers, and print servers from 2008R2 to 2012R2 with no issues other than few minor updates that were needed. There's a bug that appears to only happen on a few servers, but if you upgrade from 2008R2 to 2012R2 then Server Manager may crash repeatedly. This is due to an issue with .NET. If you install at the writing of this blog .NET 4.7, then it will stop crashing. This particular issue has only happened on a few handful of servers so it shouldn't be expected each time.

So what about upgrading 2012R2 to 2016 after the 2008R2 upgrade? This is a totally doable upgrade path as well. In fact, I totally recommend it. 2016 EOL is 2027. So how do you know which is the best path to reach for? That's really not a simple question. You should base it on your environment and what you have installed. If it is a raw server with nothing installed except for roles and features and data, then I would totally go from 2008R2 > 2012 R2 > 2016. If we are talking about a worker server such as a Citrix VDA server, then I would totally do 2008R2 > 2012R2 > 2016.  However, I would test 2012 R2 and verify that all the software installed still works. I would then upgrade again to 2016. Reinstall any Citrix Components (PVS Target, VDA, etc) and boom now you have an upgraded 2016 environment.

If you are on a virtualized platform, then I totally suggest the BCDEdit method of upgrading a Citrix PVS Image. It is literally the easiest method since booting directly to the PVS image by using NFS or CIFS as an SR. If you want more information on the BCDEdit process, then I'll be posting one soon on the subject.

So is there an easier way even better than this? Yep. If you have a server that has nothing installed except roles and features and data is on a different drive, then I would build a 2016 server. Install the same roles and features, then move the data drive to that server. Now you are done and you didn't have to install anything on top of your existing server.  There are many different methods to this madness. You just have to find the one that works best for you. In these situations, the biggest thing to remember is TEST. Also, it is much easier to do this a virtualized environment. For those of you, that still have a lot of physical servers, you need to really jump on virtualizing your environment. You can either build out a virtualized on-prem environment or move everything to the cloud. I might write a blog about on-prem vs cloud based virtualization and how I feel about them later.  

Well that's all I have for now, until later!!!!

Citrix Workspace Single Sign On Woes

 In today's world, your security team is probably constantly pushing for settings to secure the environment. This may come from any vend...