Application virtualization, IoT and Cloud Computing, Blog of Sacha Thomet


How to bring your network back online in minutes with Ubiquiti UniFi gear

Less than a month ago I decided to buy a new WiFi Access Point to increase the quality and possibilities of my Home Wifi. Until now I just had a “Fritzbox” which is already very nice for home use. Fritz does anything, Fast WiFi, Modem, Router, Voip, Call answer machine, DECT Gateway and it’s stable and easy to configure. Of course I wished to have a more enterprise like network setup, especially because also my lab environment is in my home network and a lot of IoT stuff. But honestly the components I had known that allows enterprise features was not in my budget.

So first plan was to just increase WiFi. I just bought ans Ubiquiti UniFi AP-AC-Pro without any ulterior motive. But to be honest, the new AP was like a starter drug. I saw what all is possible and for a price which is also payable for home use and with no extra license costs. I don’t want to write a review here about my new awesome Ubiquiti gear, if you wish to know more about that stuff see here the blog post from my fellow CTP Jason Samuel: Building a secure high visibility WiFi network using Ubiquiti Networks UniFi gear

Just to say, now, some weeks later I have a Router (UniFi Security Gateway 3P), a managed Switch (UniFi Switch 16 POE-150W) and two WiFi AccessPoints (UniFi AP-AC-Pro and UniFi AP-AC-LR) in my Network from Ubiquiti. Finally I’m able to segment my home network in virtual networks (VLANs) and to make all more transparent, hopefully more secure and of course easier to manage for me. Currently I have 3 different WiFi SSIDs and 4 VLANs. Software defined network is great and let me do things i just dreamed before. When I think about all the “use cases” I’m now really sure that a lot of Security considerations should be made for improvements in the network segment should be done … but that’s another topic …

The USG 3P, UniFi Security Gateway comes with 3 Ports, WAN, LAN and Voip. The Software of this devices will be always further developed and new features comes with every new version. Some features are also implemented as beta features, e.g also to make out of the Voip a WAN2 port:

With this feature it’s possible to have a Second WAN link and to use it as Failover or as Weighted LB. Of course for home use a second WAN link is not common. But definitely interesting for some small companies or maybe branch offices which need a reliable connection to the internet.

I have currently only one connection to the Internet, a cable connection with 250M down and 25M up from “Quickline”. Until now when I had an outage I was still able to use my 4G WiFi Hotspot from Huawei to access the Internet with my Laptop.

Last Saturday my Cable Internet connection was interrupted exact in that moment where I was doing some lab works with my network components. So I decided to have a closer look at this WAN 2 Feature. I connected a Zyxel travel router (NBG2105) with the Cat5 cable to the USG and with WLAN to my 4G WiFi router, I configured the Voip Port for WAN2. Wow after 30 minutes I was back online with my whole network.

On WAN2 there can just be anything what is providing an Internet link and give an IP address via DHCP in my case. Of course first I connected the Zyxel NBG2105 with the cable to my laptop and connected with it to my WiFi router. The most important thing here with the NBG2105 is that the Switch is set to Client:

Of course the Speed of 4G is not near my cable connection but it’s still better than be offline:

And now I have not just the solution to “How to get back online” but rather also to “Stay always online”.

Win10 to Win10 with a Citrix VDA

Intro – my relationship with Windows 10

The company I’m working for, Die Mobiliar, started early with Windows 10, we rolled out in spring 2016 Windows 10 to all our physical devices and also to our virtual Desktops. We have two different kind of VDIs, pooled Win10 Desktops provided by Citrix PVS and also classical installed dedicated VDIs. Both with Citrix XenDesktop 7.x.

To be in the role as early-adopter with such a new operating systems is interesting but also nerve-racking on some days… Especially when you add Citrix XenDesktop on top to Windows 10 and then also special requirements like physical and virtual Smart Cards.
I talked about this adventure on E2EVC in Rome: The stony road of a VDI migration from Win7 to Win10

Next chapter

Now our story goes into the next round, we installed Windows 10 last year with the 1511 Release and we want to go now to the anniversary update (1607). For our pooled desktops it’s no question, fresh install on the new build. But an fresh install of the dedicated desktops where users have installed their own stuff will get me into big troubles … it’s really not an option!

I was curious who is in the same boat, so I created this poll:

36% are doing fresh install of dedicated desktops? Wow … BOFH? 🙂

I tell you now 2 secrets:

  • It’s not possible to update Windows 10 from one version to the other when a Citrix Virtual Desktop Agent (VDA) is installed!
  • Uninstall of Citrix VDA fails most of the times!

    Good News:
    Citrix knows that uninstall of the VDA is a problem, for that reason there exists the
    VDACleanupUtility.exe (
    Bad News: VDACleanupUtility.exe (VCU) should run as a User, need a reboot and login with the same user, what means it’s not in a easy way to automate that.

With some hints of the CTP colleague Stephane Thirion and my collegues at “Die Mobiliar” I was able to create this guide to automate the Windows 10 Update with an automated removal of the VDA.

Task Sequence for SCCM

We are doing this with Microsoft System Center but with the following infos it’s also possible to fulfil this challenge with other ESDs.

Upgrade Steps – Overview 
The Citrix VDI specific things highlighted in yellow, in this guide I’ll focus on that. We are using one task sequence to update all our Windows 10 installation, thats the reason we need to made a decision if the installation is a VDI or not.

After the OS upgrade we just install the VDA again with our existing software package.

Because the Windows upgrade kills the Citrix receiver we also re-install the receiver at the end.

The really hard part is the proper automated removal from the VDA, and thats where I go a bit into the deep in this article.

VDI or not – thats the question
Because we will use one TaskSequence for Win10 with and whiteout Citrix VDA we just check if the VDA is installed, we are doing that by query the Key which has been written by the Software package for VDA
A reboot to start is always smart

Sometimes the VDACleanupUtility ask for a reboot, it’s good to start with a reboot before any other steps are done.

first step of the VDA removal

The VDACleanupUtility should be started in silent mode and with a suppressed reboot:

cmd /c VDACleanupUtility.exe /silent /noreboot

The VDACleanupUtility.exe is the only thing in the Package you see on the screenshot.

Remove an action which would be done after the suppressed reboot in order of the VCU 

cmd.exe /c REG DELETE HKLM\Software\Microsoft
\RunOnce /v CitrixVdaCleanup /f

 Now you can reboot 

Start the VCU again

this time with the switch silent and reboot – reboot doesn’t mean that it will do a reboot, it’s just the info for VCU that it’s now in phase after the reboot 

cmd /c VDACleanupUtility.exe /silent /reboot

 Now do all the Windows Upgrade steps you want to do,
here you also need to think about drivers or in virtualized environments XenTools, VMwareTools, etc. 
As a next Step install the VDA again
Re-install the Citrix Receiver

Update of Win10 will destroy your Citrix Receiver installation, for this reason install it again at the end

I want to thank here to Stephane Thirion  ( for the hints about automate the uninstall of the VDA. Also thanks to my colleagues Stefan Moser and Thomas Hahnel at Die Mobiliar with more Knowhow about SCCM Task Sequences and patience on testing.

IoT – ideology of technology | new MyStrom Smart Devices

Those who know me in person are aware that my life is not only controlled by Citrix technology, I’m also fascinated by Smart Home stuff and Internet of Things, IoT. Since years I use Philips Hue, Netatmo and other gadgets to make my life easier – or to solve problems which I won’t have without this Smart Home devices… Some of my neighbours believe that I have a girlfriend called “Alexa” and I’m very rude to her.

Anyway, I already wrote about the MyStrom Smart plugs in the article Control MyStrom smart plug by a trigger or Another LaMetric IoT script – power control .

The special thing about the MyStrom WiFi Switch is that they are only for Switzerland, we have here not the same wall sockets like they are common in Europe. For this reason in my point of view MyStrom is a niche product, even when it’s a very very good product.

Today I received a package from MyStrom with two very cool new products inside, the MyStrom Bulb and the MyStrom WiFi button. I have already similar products, for the Smart Bulb from Philips Hue and SengLed Boost. For the button I have currently an Amazon IoT button, which I have connected to IFTTT that I can trigger some things.

In this post I want to compare this new MyStrom devices to other existing devices on the market.

Comparison Smart Bulb:

myStrom WiFi Bulb

  • 39.- CHF (Color)
  • Color
  • E27

+ Has a HTTP Rest API
+ Show power consumption
+ great colors!
–  only 600 lm
– Bulb becomes pretty hot, 52,9°C after 30min test.

Philips Hue

  • 69.- CHF (Color)
  • 20.- CHF (White)
  • E27 and GU10 availible

+ Use the ZigBee protocol
+ Up to 806 lm
– An additional device, called “Bridge” is required
– Colors not so saturated
– Range is limited, I was not able to have a Hue Bulb in my garage, why I added a SengLed Boost.
– Bulb becomes pretty hot, 62,5°C after 30min test.

SengLed Boost

  • 59.- CHF
  • E27

+ Works as an Wireless Wifi Repeater
–  only 470 lm

Conclusion: It really depends on your needs which Smart Bulb is the best for you, if you have already a Philips Hue ecosystems it makes no sense to Switch to MyStrom. But if you start on green field, you really have to consider to go for MyStrom. With MyStrom you have Bulbs, Plugs and Buttons from one brand. The MyStrom Bulbs are cheaper than Hue and for me very important every MyStrom device has his Webserver which allows you to toggle the power state. If you want o extend you Wifi Range, have a look to SengLED Boost Bulb, but wit this it’s not easy to toggle the light with something other than the existing app.

Comparison Smart Button:

MyStorm WiFi Button

  • 25.- CHF

+ Availible in Switzerland – for everyone (soon …)
+ Battery rechargeable
+ Native IFTTT compatible
+ 3 Push Patterns
+ Fast reaction time (< 2sec to toggle a Switch) Amazon IoT Button

  • 19.90$

– Only for Amazon Prime customers
– Battery not replaceable
– Reaction time pretty long
+ IFTTT with an “special setup” possible
+ 3 Push patterns

Hue Tap

  • 69.-

– need the Brigde
+ No need for battery
+ 3 buttons

Hue Dimmer Switch

  • 29.-

– need the Brigde (?)

Conclusion: For most “Home-automater” the MyStrom Wifi button will be the best choice, the way to configure an AWS IoT button is an “advanced expierience”. I don’t like that the Amazon IoT Button has a non replaceable/rechargeable battery inside. If you have already a large huge Philips Hue ecosystem maybe the Hue Tap / Dimmer Switch is the best for you.

StoreFront – Allow relogin without browser close

Citrix StoreFront is able to handle Logins with SmartCards, and after a successful SmartCard Login you cannot Logoff and Login again before you close the Browser, you will see this message:

You have logged off successfully. Please close your browser to protect your account. Sie haben sich erfolgreich abgemeldet. Schliessen Sie den Browser, um Ihr Konto zu schützen.

You have logged off successfully. Please close your browser to protect your account.

According the message, this is a feature and not a bug … Not in every case a Re-Login is a security problem as for example if SmartCards are mandatory in general you need to logon also on the VDI or the application with your SmartCard.
Especially as an Admin working with multiple accounts it can be very annoying.

In scope of the CTP program I’ve asked Citrix to improve that and give Citrix admins the possibility to configure this security feature in future versions. Now when StoreFront 3.8 was released I complained that this is still not implemented.

Feng Huang then gave me the hint that this is actually configurable but not yet implemented into the GUI.

All what must be done is to add the line CTXS.allowReloginWithoutBrowserClose = true in the file C:\inetpub\wwwroot\Citrix\YOURSTORE\custom\script.js

THANKS Citrix for Listening to special requests!

PowerManagement for dedicated Citrix desktops? Yes with Tags!

Are you using Tags in your XenApp & XenDesktop environment? Maybe you should. Tags to resources, in my case desktops can be very powerful especially in combination with PoSh scripts. You can do actions for machines depending on the tag. Of course you also can use tags to filter Citrix policies on it, also useful.

I had the Problem that I have a delivery group with dedicated Win10 desktops so for dedicated desktops there is no power management. Usually it’s also not needed because if a user launch a Citrix Session over Storefront the machine get’s powered on. The problem in my case, sometimes users connects on an other ways than Citrix to his desktop, so this built-it construct doesn’t work. So if they shutdown their virtual Desktop they can newer ever access it until an admin power it on over director or studio.

My solution to this was, I tagged this special user machines with a tag “AlwaysOnline” in Studio and I wrote this small script which runs every 15 minutes:

param([string]$tags=$(throw "Tag parameter is required"), [string]$poweroperation=$(throw "Power operaton parameter is required"))
# Created on: 09.2016 Version: 0.2
# Created by: Sacha Thomet
# File name: PowerOperation-DependingMachineTags.ps1
# Description:  This is a Powershell to change the PowerState of VDI's or XenApp Servers in
#               a PowerManaged XenDesktop 7.x environment accodring to Tags.
# Prerequisite: None, a XenDesktop Controller with according privileges necessary
# Call by : Manual  or Scheduled Task
# Load only the snap-ins, which are used
if ((Get-PSSnapin "Citrix.Broker.Admin.*" -EA silentlycontinue) -eq $null) {
try { Add-PSSnapin Citrix.Broker.Admin.* -ErrorAction Stop }
catch { write-error "Error Get-PSSnapin Citrix.Broker.Admin.* Powershell snapin"; Return }
# Change the below variables to suit your environment

$maxmachines = "1000" # as default only 250 records, this increase it to 1000
#$tags = "AlwaysOnline" # if you comment out the param line you can have the tag here
#$poweroperation = "TurnOn"  # if you comment out the param line you can have the poweroperation here

$machines = Get-BrokerMachine -MaxRecordCount $maxmachines | Where-Object {$_.tags -eq $tags }

foreach($machine in $machines)
$machinename = $machine | %{ $_.MachineName }
Write-Host "Action $poweroperation will be performed for $machinename  "
New-BrokerHostingPowerAction  -Action $poweroperation -MachineName $machinename

I know I know, this is not a common use case, but the script construct show what is possible with tags … there are almost unlimited possibility to cover special cases with tags.

My example Script on GitHub: PowerOperation-DependingMachineTags.ps1

Welcome to the Jungle … of the Citrix Display Modes

When I started to work with Remote Desktop stuff back in 2001 there was one thing definitely not possible, watch a video over a remote connection – not even with Citrix … in the last years a lot of things changed and Citrix improved their protocols and Video codecs from version to version. Today you can do awesome things over a remote connection with Citrix. There are many blogs and articles which shows what’s possible, also for GPU mapping 3D stuff and so on … this blog doesn’t describe how you can get the awesome 3D things out from your VDI. It’s more what if you don’t have special requirements for 3D, you don’t have time to test all possibilities, no time to tune, but you want have the best result according to the Pareto principle.

What do you configure? Nothing? Just default, because default is the setting which will fit for most Users?


Are you aware that default setting on XenApp/XenDesktop until VDA  7.9 was Thinwire with H.264 and since VDA 7.9 it’s Thinwire Plus (Compatibility Encoder)?
You need to consider this fact before you upgrade from 7.x to 7.9! Why they changed that? Is Thinwire Plus better? No! Is Thinwire H.264 better? No!
It’s just different! What are the differences? What I need to choose? It depends! But on what?

This blog post is mainly a comparison between Thinwire Plus and Thinwire H264 !

I’ve done a survey what is preferred for the codec on twitter, funny result 50% vs 50%:


I’ve started some tests, also with the Pareto principle, so no deep scientific background! I tested an internal video in our Intranet of 53 seconds and 1 minute of a YouTube video, Big Buck Bunny, with 25 fps,  set to 720p in YouTube. I had an eye on the user experience, means fragments, fluent movie, lip-sync and on the other side on the resource consumption like CPU and bandwidth.

(Advice if you like to do your own tests, Big Buck Bunny is nice to impress people but if you want test for lip-sync take an other movie … the Bunny doesn’t talk much …. )



For this tests I used the best, or the only one tool on the market to analyze remote display stuff, the Remote Desktop Analyzer from
Bram Wolfs and Barry Schiffer. In version 1.4 you can do some very helpful statistic reports:


I have tested with:

Virtual Desktop:

  • Windows 10, VDA 7.9, 2 vCPU, 4 GB Memory, virtualized on VMWare ESX.

Video Codecs:

  • Thinwire +
  • Thinwire with H264


  • Mac OSX
  • Windows 10
  • HDX Raspberry Pi

and thank you to René Bigler (Twitter @dready73 ) to test with those clients:

  • ChromeBook
  • Linux ThinClient (IGEL)


And this are our Results:





h264-twplus-IGEL_IE h264-twplus-IE-ChromeOS


My personal conclusion:

If you have clients like ChromeBook or Windows who can manage H.264 this is your way to go. With limited H264 on the end device you run better with Tw+.

I work in a company which has internal only Windows 10 client devices but from external we have users with BYOD, and MacBooks are not a minority. For this reason I set a Citrix Policy which set all connection not coming over  Netscaler to Tw with H.264. So we have internal the best result and external still a good result over the average. What would be the best, is when it’s possible to set a Citrix Policy according to the Client OS which connects.


Recommended Links:

HDX Graphics Modes – Which Policies Apply to DCR/Thinwire/H.264 – An Overview for XenDesktop/XenApp 7.6 FP3:

Citrix Display modes: How to configure, what to configure, when to configure:

H.264 compression JUL 19 2013 A graphical deep dive into XenDesktop 7

Update 23.9.2016:

An excelent blog post here: Citrix HDX Just Got Smarter…Again…again?source=6 a post about selective H264 with XenApp / XenDesktop 7.11

Use Octoblu with Amazon Echo as trigger to start A/C on Tesla Model S

It need’s a bit courage as a non native english speaker and with my hard swiss accent it’s maybe awkward … but I’ve done it … my first webcast … you cannot win without a risk 🙂

Goal: Use Amazon echo to start the Air Condition of the Tesla Model S.

21.6.2016, Update to this post:

It’s not so difficult to use Alexa without IFTTT in Octoblu, I just created a flow to ask Alexa what’s the battery level and she tell me the remaining battery in percent:

Details about how to integrate Alexa in octoblu look at this:  Use Alexa to kick off automations with Octoblu

By the way: If you don’t have a Tesla but you like to buy one,use my referral Link and safe 1000.- !

sachathomet goes GitHub

Last 11 days I was in Las Vegas on the CTP meetings, Citrix Synergy and at the E2EVC. I get known a few new people and a bunch of ideas, some about Citrix but also how to continue with my Scripts and the community. (Other blog post will follow, maybe here or on the myCUGC site)

It’s not easy to manage all my Scripts, versions, bugs and feature request so I followed the hint of some people at Synergy and decided to push my larger Scripts to GitHub.
You can see now all my Scripts in GitHub repositories under – feel free to contribute!

Currently I have started with my two most popular Scripts:

Please be gentle to me if you are more experienced with GitHub than me, what is for sure if you work already more than 5 days with GitHub…. I’m really not the Software developer so I’m making baby steps with this repository thing. Hint’s are always appreciated.

Please use from now for feature-requests and bug reports the GitHub (issues) and no more the comment function in the blog.

victim of a good reputation – Low free pooled XenDesktops

The Citrix Director is not so bad, and with Version 7.7 it is still better because now it’s possible to send email alerts. But one problem I still have … our provided pooled XenDesktop which are used for remote access with private computers are victim of a good reputation … this means a good word-of-mouth advertising in our company more and more people are tempted to use it … and we need to know when the number of free pooled desktop is low. And no I won’t go the read the numbers every day in director or Citrix Studio.

So I created a small script which send me an email as soon a defined threshold of free desktops is reached:


The code is on GitHub:

Avoid blanks and dots in StoreFront 3.5 farm names!

Last day’s I upgraded my existing Storefront 3.01 to StoreFront 3.5 and in some farms I had a very bad issue after the upgrade, it seemed that all is ok but users are no more able to start any application or desktop.

On the StoreFront server I saw an Warning Event 28 from Citrix Store Service “ Failed to launch the resource “Farm Name.ApplicationName” as it was not found.


The issue was that a blank and a dot (.) was in my Farmname, seems this is a bug in SF3.5 that you can configure that but It won’t work!


after I changed the display name to something like xa65farm without blank and point all works well.