Posts

How to: move FSMO Roles, Demote and re-promote a Domain Controller with PowerShell

Image
Here are the commands you need if you want to demote and re-promote a Domain Controller with PowerShell Move FSMO Roles: Move-ADDirectoryServerOperationMasterRole -Identity nameofthedcwhereyouwanttomovetheroles -OperationMasterRole pdcemulator, ridmaster, infrastructuremaster, schemamaster, domainnamingmaster (the roles you want to move) Check if everything worked: Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator Demote Demote Test Test-ADDSDomainControllerUninstallation -DemoteOperationMasterRole - LastDomainControllerInDomain -RemoveApplicationpartitions (Only needed when it is the last Domain Controller in your Environment) Start Demote Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition Promote Promote: Windows features Install-WindowsFeature -name AD-Domain-Services -IncludeManagementTools Test-Promote: Test-ADDSForestInstallation -DomainName your.dom...

How to: Create a Client Certificate for LDAPS with OpenSSL

Image
Today I will introduce you my new article on how to create a client certificate with OpenSSL so that you can use it for LDAPS You need to create two files in your new folder which we will need later on (I prefer notepad++ for the creation of my files): 1             1.  Your request.inf file 2             2.  Your v3ext.txt file 1.     Request.inf (save as .inf with notepad++) [Version]  Signature="$Windows NT$"  [NewRequest]  Subject = "CN= your-active-diretory.fqdn” f.ex : “simonAD.testinfo.com” (enter the FQDN of your AD Server)  KeySpec = 1  KeyLength = 2048 (enter the key length with fits your need. Some say you need to take at leas 2048 to make LDAPS work)  Exportable = TRUE  MachineKeySet = TRUE  SMIME = FALSE  PrivateKeyArchive = FALSE  UserProtected = FALSE  UseExistingKeySet = FALSE ...

Citrix ShareFile - files are not scanned by anti virus software

Image
If the uploaded files weren't scanned from the anti virus software you should check the ShareFile Logs. You will find an error saying: The remote server returned an error: (407) Proxy Authentication Required As solution you'll need to restart the ShareFile Server or the ShafreFile Service. The error is caused by changes on your proxy because ShareFile won't re-authenticate after the first authentication.

Slow login after shutdown XA6.5 Data Collector

Image
If your Data Collector is facing a problem with slow login times after a shutdown you'll find a solution for this problem in a blog post from my Co-worker and CTA Matthias Schlimm: Click here for the solution

New product names for Citrix

Image
Like most of you may heard, Citrix has changed again their product names. Nothing the world really needs but we have to deal with it. So here we go: Citrix Receiver      = Workspace App XenApp                 = Virtual Apps XenDesktop          = Virtual Desktops XenServer             = Citrix Hypervisor NetScaler ADC     = Citrix ADC A full list you'll find here: citrix-product-guide/

Private fix before installing Citrix 7.15 CU2 for VDA

Image
Before you install the version 7.15 CU2 for VDA you need to get a private fix (LC9648) from Citrix. Otherwise it can happen that your black screen error when booting your provisioned machines still exists. continued-problems-with-black-screen-at-session-start-with-windows-10

Last stable running NetScaler 12.x version

Image
Like you may also experienced the last versions of NetScaler 12.x were so buggy that it is almost impossible to work correctly with them. After a short talk with colleagues I would recommend the version 12.0.56.20 as latest stable running version.

Citrix and Mouse cursor on 2K Monitors

Image
Mouse cursor disappearing in Citrix sessions. Mostley on 2K Monitors with a scale of 150%. When changing the scale to 125% or 175% it works. Due to the fact that we need to stay with 4.9 LTSR we couldn't use version 4.11 were this problem is fixed. You can solve this problem with a private fix you can request from Citrix for version 4.9 LTSR

Citrix: Mouse Cursor is distorted or disappearing with 2K Monitors

Image
One of our Customer had a problem with his mouse cursor in a Citrix Session. The mouse cursor of the employees were distorted or disappearing when they used a 2K Monitor. The error is known like you can see under point 4 and 5: CTX229052 Windows 10 Fall Creators Update (v1709) – Citrix Known Issues The error is solved in Citrix Receiver version 4.11 like you can read here: Citrix Receiver for Windows 4.11 solved Problems Unfortunately the customer uses LTSR and we are not able to update from 4.9 LTSR to 4.11. We hoped that the fix will be in CU2 which will be released soon.  The Cursor problems won't be fixed in CU2. The Fix will be included in CU3.  But it's possible to get a private Fix for this error when contacting Citrix Support . That's how we solved the problem.

Windows 10: Using CopyProfile for the “Start Menu” has been deprecated

Image
The Customer had problems with Windows 10 and also with Server 2016 where the TileBar or the Startmenue were not displayed right and didn't work like expected. Therefore he used Sysprep for Derfaul UserProfile to solve the problem. Now Microsoft announced that this is not an supported solution. https://blogs.technet.microsoft.com/yongrhee/2018/03/12/windows-10-using-copyprofile-for-the-start-menu-has-been-deprecated/

Citrix PVS | Win2016 target devices not booting

Image
A customer Win2016 target devices weren't booting or sporadically booting anymore after updating PVS from 7.13 to 7.15 LTSR. They stuck at the Windows Logo. When we hard rebooted a few times somehow they came up after a while. Citrix now presented a private fix for this issue. See: PVS 7.15 | Win2016 target devices not booting after upgrade to PVS 7.15 LTSR

Windows Start Menu not opening anymore with Server 2016

Image
At a Customer environment (Server 2016) we had the problem that users who tried to change their personal settings for their start screen to “Use Start full screen” couldn’t open their Start menu after signing in again after logout. Bu it works as long as they are logged in after the settings were changed. The default view of the menu which the user wants to change Under Settings - > Personalization -> Start ->Use Start full screen, you need to set the settings to on Afterwards it will look like this as long as you're signed in But as soon as you log out and sign in again you can't open your Start Menu again. Nothing happens when you click the Windows symbol. You need to change the settings back and it will work. As far as I know there is no fix at the moment for this one.

Citrix: User processes are still active after Log-out

Image
What happened? In a customer environment they had the problem that the processes from logged out users are still active and couldn't been closed from the Service Desk. It's a 7.13 XenApp provisioned environment on Server 2016 with Sharefile. And that was the problem. After a bit of investigating we found out that every time a user has Citrix SharFile Drive Mapper open (exact doing see in "When does the error occur") the Log-out process will be blocked and t he explorer from the connected users isn't working anymore. As soon as we closed the Drive Mapper process the running processes from the logged out user closed immediately. We could reproduce the error with ShareFile Version 3.6 on Server 2016 and Windows 10. We couldn't reproduce the error with ShareFile 3.6 on Windows 7 and Server 2008 R2 it woked correctly here. When does the error occur? Every time we moved a file in our Drive Mapper and tried to open it directly from Drive Mapper When w...

Remote use of Microsoft SysInternals: example Procdump

Image
Download the MicrosoftSysinternalsSuite and move it to your Server. https://docs.microsoft.com/en-us/sysinternals/downloads/procdump Unzip it anywhere you want it to place In our example I used procdump because I needed a dump from a user to send it to the vendor. Go in sysinternals and search for your needed program: Afterwards copy it via unc path to the user’s computer. In case of Procdumb you need to copy both executable. I created the folder temp there. Afterwards you need the PID of the Programm you want to check. I needed wfica32. If the user doesn’t have the right to execute taskmanager or extend the view for the PID, you can find out the PID with a Powershellcommand: Get-Process - ComputerName NameOfUserComputer -Name ProcessName Afterwards open a CMD and move to your sysinternalsuite folder on your server Then execute following: PSEXEC \\< computername > c:\temp\procdump.exe -e -ma -h < PID > ...

Hide your Desktop Tab in StoreFront for only displaying App Tab

Image
If you want to present your users the desktops and the published apps in one pane you need to treat your dekstop as apps. You can do this with a small POSH command. This allows you to have your published applications and your desktops in one screen and you don’t need to switch. Run POSH as administrator CD to …\Program Files\Citrix\Receiver StoreFront\Scripts Run: Import-Module .\ImportModules.ps1 Afterwards run: Set-EnhancedEnumerationOptions -siteId 1 -storeVirtualPath /Citrix/Internal -treatDesktopsAsApps $true Set-EnhancedEnumerationOptions -siteId 1 -storeVirtualPath /Citrix/External -treatDesktopsAsApps $true When you go back to your Storefront, it should look like this:

NetScaler: Issuer certificate mismatch

Image
After importing a PKCS#12 certificate on a customer NetScaler the error: "Issuer Certificate mismatch, or PEM pass phrase required for this private key". To solve this issue you need to re-export the certificate and uncheck the "Include all certificates in the certification path if possible" checkbox. It's a known bug at Citrix like you can read here: https://support.citrix.com/article/CTX226986

Implementing Single Sign On with NetScaler and Kerberos Constrained Delegation (KCD)

Image
I wrote a manual how you can realize a Single Sign on Solution with Kerberos KCD and NetScaler. It's possible to restrict the user delegation to certain services/protocols on a server. You'll need this if NetScaler is not knowing the user password. If it knows the user password you can realize the SSO with Kerberos Impersonation. This will be an extra post. Let's start with creating a KCD account. 1. Create KCD Accounts Create KCD Account in AD Password never expires should be chosen 1.1    Enable the delegation tab for this user You can activate it with setspn ( It is available if you have the Active Directory Domain Services (AD DS) server role installed) Needs to be run from an elevated command prompt setspn -A host/KCDTest@simon.ns simon\KCDTest 1.2 Choose the delegation option Here you need to chose "Trust this user for delegation to specified services only" and also "use any authentication protocol". ...