Fatal error during installation (1603) on StoreFront upgrade to 3.12
Today I’ve upgraded Citrix StoreFront Server from 3.9 to 3.12
as every time first I shut down all of the following services:
net stop W3SVC
net stop CitrixConfigurationReplication
net stop CitrixCredentialWallet
net stop CitrixDefaultDomainService
net stop “Citrix Subscriptions Store”
net stop “Citrix Peer Resolution Service”
net stop CitrixServiceMonitor
net stop CitrixTelemetryService
then I run CitrixStoreFront-x64.msi, reboot the server and after that I do that on the second node. Most time this goes pretty flawless.
But this time, my upgrade failed with an error:
CitrixStoreFront-x64.msi’ failed with error code 1603. Fatal error during installation”
I remember I had this already one time before, but what the hell was the solution … a short search with Google showed me:
https://discussions.citrix.com/topic/371535-storefront-upgrade-to-301-from-300-fails
Well I’m on StoreFront 3.9 and when I have a look into “C:\Program Files\Citrix\Receiver StoreFront\Services\ProtocolTransitionService\Citrix.DeliveryServices.ProtocolTransition.ServiceHost.exe.config” I see in some lines “Version=3.8.0.0” – but I have 3.9, so I replace all “Version=3.8.0.0” to “Version=3.9.0.0”
Result: StoreFront upgrade to 3.12 is successful – All’s well that ends well.
No more able to start SOAP on PVS
After the last monthly Microsoft Security Updates one of my PVS Servers was no more able to start the SOAP service. I received an Event 7000 with the message:
The Citrix PVS Soap Server service failed to start due to the following error: The service did not respond the the start or control request in a timely fashion.
I live in Bern, and we are known as slow-paced people here in Bern, probably because of our slow sounding accent. So my idea is if the service need more time to start, I’ll give him more time.
I’ve created a new DWORD called ServicesPipeTimeout with the value 120000 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control which means the service has 2 minutes time to start. After a reboot my SOAP was again up and running.
By the way and additional tip according this service… SOAP is sometimes bitchy … it’s a good idea to set the service to auto restart after a crash.
XenApp & XenDesktop Avoid CEIP
Already in February when I updated my Citrix environment to 7.13 I’ve seen that it’s difficult to avoid call home on the license server from now
, I made a short message on twitter:
Now when I updated to 7.14 I had the issue again, because my license server and my delivery controller cannot communicate outside there is also a ugly message in Studio:
It’s pretty easy to complete turn off Customer Experience Improvement Program (CEIP):
Just add this line to the Citrix.opt file on the license server:
#CITRIX CEIP NONE
How to bring your network back online in minutes with Ubiquiti UniFi gear
Less than a month ago I decided to buy a new WiFi Access Point to increase the quality and possibilities of my Home Wifi. Until now I just had a “Fritzbox” which is already very nice for home use. Fritz does anything, Fast WiFi, Modem, Router, VoIP, Call answer machine, DECT Gateway and it’s stable and easy to configure. Of course, I wished to have a more enterprise-like network setup, especially because also my lab environment is in my home network and a lot of IoT stuff. But honestly the components I had known that allows enterprise features were not in my budget.
So the first plan was to just increase WiFi. I just bought a Ubiquiti UniFi AP-AC-Pro without any ulterior motive. But to be honest, the new AP was like a starter drug. I saw what all is possible and for a price which is also payable for home use and with no extra license costs. I don’t want to write a review here about my new awesome Ubiquiti gear if you wish to know more about that stuff see here the blog post from my fellow CTP Jason Samuel: Building a secure high visibility WiFi network using Ubiquiti Networks UniFi gear
Just to say, now, some weeks later I have a Router (UniFi Security Gateway 3P), a managed Switch (UniFi Switch 16 POE-150W) and two WiFi AccessPoints (UniFi AP-AC-Pro and UniFi AP-AC-LR) in my Network from Ubiquiti. Finally, I’m able to segment my home network in virtual networks (VLANs) and to make all more transparent, hopefully, more secure and of course easier to manage for me. Currently, I have 3 different WiFi SSIDs and 4 VLANs. The software-defined network is great and let me do things I just dreamed of before. When I think about all the “use cases” I’m now really sure that a lot of Security considerations should be made for improvements in the network segment should be done … but that’s another topic …
The USG 3P, UniFi Security Gateway comes with 3 Ports, WAN, LAN, and VoIP. The Software of these devices will be always further developed and new features come with every new version. Some features are also implemented as beta features, e.g also to make out of the VoIP a WAN2 port:
With this feature, it’s possible to have a Second WAN link and to use it as Failover or as Weighted LB. Of course for home use, a second WAN link is not common. But definitely interesting for some small companies or maybe branch offices which need a reliable connection to the internet.
I have currently only one connection to the Internet, a cable connection with 250M down and 25M up from “Quickline”. Until now when I had an outage I was still able to use my 4G WiFi Hotspot from Huawei to access the Internet with my Laptop.
Last Saturday my Cable Internet connection was interrupted exactly at that moment where I was doing some lab works with my network components. So I decided to have a closer look at this WAN 2 Feature. I connected a Zyxel travel router (NBG2105) with the Cat5 cable to the USG and with WLAN to my 4G WiFi router, I configured the VoIP Port for WAN2. Wow after 30 minutes I was back online with my whole network.
On WAN2 there can just be anything that is providing an Internet link and give an IP address via DHCP in my case. Of course, first I connected the Zyxel NBG2105 with the cable to my laptop and connected with it to my WiFi router. The most important thing here with the NBG2105 is that the Switch is set to Client:
Of course the Speed of 4G is not near my cable connection but it’s still better than be offline:
And now I have not just the solution to “How to get back online” but rather also to “Stay always online”.
Sacha’s blog now also in German
I started my blog in 2013 in English with the idea to reach more readers worldwide. Now I decided to provide my information also in German because I know I have some readers from Germany, Austria and of course my home country Switzerland.
Win10 to Win10 with a Citrix VDA
Intro – my relationship with Windows 10
The company I’m working for, Die Mobiliar, started early with Windows 10, we rolled out in spring 2016 Windows 10 to all our physical devices and also to our virtual Desktops. We have two different kind of VDIs, pooled Win10 Desktops provided by Citrix PVS and also classical installed dedicated VDIs. Both with Citrix XenDesktop 7.x.
To be in the role as early-adopter with such a new operating systems is interesting but also nerve-racking on some days… Especially when you add Citrix XenDesktop on top to Windows 10 and then also special requirements like physical and virtual Smart Cards.
I talked about this adventure on E2EVC in Rome: The stony road of a VDI migration from Win7 to Win10
Next chapter
Now our story goes into the next round, we installed Windows 10 last year with the 1511 Release and we want to go now to the anniversary update (1607). For our pooled desktops it’s no question, fresh install on the new build. But an fresh install of the dedicated desktops where users have installed their own stuff will get me into big troubles … it’s really not an option!
I was curious who is in the same boat, so I created this poll:
36% are doing fresh install of dedicated desktops? Wow … BOFH? 🙂
I tell you now 2 secrets:
- It’s not possible to update Windows 10 from one version to the other when a Citrix Virtual Desktop Agent (VDA) is installed!
- Uninstall of Citrix VDA fails most of the times!
Good News: Citrix knows that uninstall of the VDA is a problem, for that reason there exists the
VDACleanupUtility.exe (https://support.citrix.com/article/CTX209255)
Bad News: VDACleanupUtility.exe (VCU) should run as a User, need a reboot and login with the same user, what means it’s not in a easy way to automate that.
With some hints of the CTP colleague Stephane Thirion and my collegues at “Die Mobiliar” I was able to create this guide to automate the Windows 10 Update with an automated removal of the VDA.
Task Sequence for SCCM
We are doing this with Microsoft System Center but with the following infos it’s also possible to fulfil this challenge with other ESDs.
I want to thank here to Stephane Thirion (https://www.archy.net) for the hints about automate the uninstall of the VDA. Also thanks to my colleagues Stefan Moser and Thomas Hahnel at Die Mobiliar with more Knowhow about SCCM Task Sequences and patience on testing.
Update Fall 2017:
The Version of the Cleanup tool in September 2017 is able to run in unattend mode, see https://support.citrix.com/article/CTX209255 .
Also I’ve found out that the Update from 1607 to 1703 or 1709 works even when a VDA is installed.
Update November 2017:
Now exists and article by Citrix: “How to Run the VDA Cleanup Utility with SCCM Task Sequences”: https://support.citrix.com/article/CTX229801
IoT – ideology of technology | new MyStrom Smart Devices
Those who know me in person are aware that my life is not only controlled by Citrix technology, I’m also fascinated by Smart Home stuff and Internet of Things, IoT. Since years I use Philips Hue, Netatmo and other gadgets to make my life easier – or to solve problems which I won’t have without this Smart Home devices… Some of my neighbours believe that I have a girlfriend called “Alexa” and I’m very rude to her.
Anyway, I already wrote about the MyStrom Smart plugs in the article Control MyStrom smart plug by a trigger or Another LaMetric IoT script – power control .
The special thing about the MyStrom WiFi Switch is that they are only for Switzerland, we have here not the same wall sockets like they are common in Europe. For this reason in my point of view MyStrom is a niche product, even when it’s a very very good product.
Today I received a package from MyStrom with two very cool new products inside, the MyStrom Bulb and the MyStrom WiFi button. I have already similar products, for the Smart Bulb from Philips Hue and SengLed Boost. For the button I have currently an Amazon IoT button, which I have connected to IFTTT that I can trigger some things.
In this post I want to compare this new MyStrom devices to other existing devices on the market.
Comparison Smart Bulb:
myStrom WiFi Bulb
- 39.- CHF (Color)
- Color
- E27
+ Has a HTTP Rest API
+ Show power consumption
+ great colors!
– only 600 lm
– Bulb becomes pretty hot, 52,9°C after 30min test.
Philips Hue
- 69.- CHF (Color)
- 20.- CHF (White)
- E27 and GU10 available (Update: Now also E14)
+ Use the ZigBee protocol
+ Up to 806 lm
– An additional device, called “Bridge” is required
– Colors not so saturated
– Range is limited, I was not able to have a Hue Bulb in my garage, why I added a SengLed Boost.
– Bulb becomes pretty hot, 62,5°C after 30min test.
SengLed Boost
- 59.- CHF
- E27
+ Works as an Wireless Wifi Repeater
– only 470 lm
IKEA TRÅDFRI
LED-Bulb E27 1000 lm White
- 14.95 CHF (White)
- Color also available but not with 1000lm
- Uses 12,4 Watt
- Is compatible with Hue-Bridge after latest firmware and perhaps 3rd party Software
+ brightest and cheapest Bulb
– Bulb becomes pretty hot, on some parts 84,9°C after 30min test!
Conclusion: It really depends on your needs which Smart Bulb is the best for you, if you have already a Philips Hue ecosystems it makes no sense to Switch to MyStrom. But if you start on green field, you really have to consider to go for MyStrom. With MyStrom you have Bulbs, Plugs and Buttons from one brand. The MyStrom Bulbs are cheaper than Hue and for me very important every MyStrom device has his Webserver which allows you to toggle the power state. If you want o extend you Wifi Range, have a look to SengLED Boost Bulb, but wit this it’s not easy to toggle the light with something other than the existing app.
Comparison Smart Button:
MyStorm WiFi Button
- 25.- CHF
+ Availible in Switzerland – for everyone (soon …)
+ Battery rechargeable
+ Native IFTTT compatible
+ 3 Push Patterns
+ Fast reaction time (< 2sec to toggle a Switch)
Amazon IoT Button
- 19.90$
– Only for Amazon Prime customers
– Battery not replaceable
– Reaction time pretty long
+ IFTTT with an “special setup” possible
+ 3 Push patterns
Hue Tap
- 69.-
NOT TESTET!
– need the Brigde
+ No need for battery
+ 3 buttons
Hue Dimmer Switch
- 29.-
NOT TESTET!
– need the Brigde (?)
Conclusion: For most “Home-automater” the MyStrom Wifi button will be the best choice, the way to configure an AWS IoT button is an “advanced expierience”. I don’t like that the Amazon IoT Button has a non replaceable/rechargeable battery inside. If you have already a large huge Philips Hue ecosystem maybe the Hue Tap / Dimmer Switch is the best for you.
StoreFront – Allow relogin without browser close
Citrix StoreFront is able to handle Logins with SmartCards, and after a successful SmartCard Login you cannot Logoff and Login again before you close the Browser, you will see this message:
You have logged off successfully. Please close your browser to protect your account.
According the message, this is a feature and not a bug … Not in every case a Re-Login is a security problem as for example if SmartCards are mandatory in general you need to logon also on the VDI or the application with your SmartCard.
Especially as an Admin working with multiple accounts it can be very annoying.
In scope of the CTP program I’ve asked Citrix to improve that and give Citrix admins the possibility to configure this security feature in future versions. Now when StoreFront 3.8 was released I complained that this is still not implemented.
Feng Huang then gave me the hint that this is actually configurable but not yet implemented into the GUI.
All what must be done is to add the line CTXS.allowReloginWithoutBrowserClose = true in the file C:\inetpub\wwwroot\Citrix\YOURSTORE\custom\script.js
THANKS Citrix for Listening to special requests!
PowerManagement for dedicated Citrix desktops? Yes with Tags!
Are you using Tags in your XenApp & XenDesktop environment? Maybe you should. Tags to resources, in my case desktops can be very powerful especially in combination with PoSh scripts. You can do actions for machines depending on the tag. Of course you also can use tags to filter Citrix policies on it, also useful.
I had the Problem that I have a delivery group with dedicated Win10 desktops so for dedicated desktops there is no power management. Usually it’s also not needed because if a user launch a Citrix Session over Storefront the machine get’s powered on. The problem in my case, sometimes users connects on an other ways than Citrix to his desktop, so this built-it construct doesn’t work. So if they shutdown their virtual Desktop they can newer ever access it until an admin power it on over director or studio.
My solution to this was, I tagged this special user machines with a tag “AlwaysOnline” in Studio and I wrote this small script which runs every 15 minutes:
param([string]$tags=$(throw "Tag parameter is required"), [string]$poweroperation=$(throw "Power operaton parameter is required")) #============================================================================================== # Created on: 09.2016 Version: 0.2 # Created by: Sacha Thomet # File name: PowerOperation-DependingMachineTags.ps1 # # Description: This is a Powershell to change the PowerState of VDI's or XenApp Servers in # a PowerManaged XenDesktop 7.x environment accodring to Tags. # # Prerequisite: None, a XenDesktop Controller with according privileges necessary # # Call by : Manual or Scheduled Task #============================================================================================== # Load only the snap-ins, which are used if ((Get-PSSnapin "Citrix.Broker.Admin.*" -EA silentlycontinue) -eq $null) { try { Add-PSSnapin Citrix.Broker.Admin.* -ErrorAction Stop } catch { write-error "Error Get-PSSnapin Citrix.Broker.Admin.* Powershell snapin"; Return } } # Change the below variables to suit your environment #============================================================================================== $maxmachines = "1000" # as default only 250 records, this increase it to 1000 #$tags = "AlwaysOnline" # if you comment out the param line you can have the tag here #$poweroperation = "TurnOn" # if you comment out the param line you can have the poweroperation here $machines = Get-BrokerMachine -MaxRecordCount $maxmachines | Where-Object {$_.tags -eq $tags } foreach($machine in $machines) { $machinename = $machine | %{ $_.MachineName } Write-Host "Action $poweroperation will be performed for $machinename " New-BrokerHostingPowerAction -Action $poweroperation -MachineName $machinename }
I know I know, this is not a common use case, but the script construct show what is possible with tags … there are almost unlimited possibility to cover special cases with tags.
My example Script on GitHub: PowerOperation-DependingMachineTags.ps1
Finally 1.0 – but never finalized!
In November 2014 I created the blog post about the adaption of the PVS Script for XenApp/XenDesktop 7.x :
XenDesktop & XenApp FMA (7.x) HealthCheck – Oops!… I Did It Again
Now after almost two years of continuous development on this Script, the XenApp & XenDesktop 7.x Health Check has now Version 1.0.
I started this script in a very basic version and in the meanwhile, a lot of tester and contributors helped to bring this script in this version. Just this year I started with GitHub and it’s surprising, the community who helped is awesome!
Now after a number of 0.x versions, just at the point we introduce the XML configuration file, I can say the version now has deserved the number 1.00.
The big benefit of the configuration in the XML file is in case you have multiple environments with the script you don’t need to edit the header section of the script which has earlier contained the config. On a new version of the script, you just replace the script in your environments and keep the XML file.
The XML file and the script need to be in the same directory and the Name of the XML file needs to be same like the script, e.g:
XA-and-XD-HealthCheck.ps1 XA-and-XD-HealthCheck_Parameters.xml
The XML-Config is introduced to this script by Stefan Beckmann (Twitter: @alphasteff)
The newest version of the script you can find on GitHub:
https://github.com/sacha81/XA-and-XD-HealthCheck
The HTML Output file gained some more input, even it was difficult to decide which feature request to consider and which not.
We check now CPU, Memory and disk space of controllers and workers (XenApp Server and XenDesktop VDIs). Because I learned last month’s that with 7.x and the FMA architecture it’s really possible that an environment contains a number of different VDA versions, I also added this info. And for troubleshooting reason, I assumed that it would be helpful to have also the hypervisor host information on this output.
The code is on GitHub:
https://github.com/sacha81/XA-and-XD-HealthCheck/
For Bug Reports or Feature Request please use GitHub, of course, you can also contribute on this code!