Import vCenter server certificate on the Xendesktop 7.6

Import vCenter server certificate on the Xendesktop 7.6

I was trying to integrate a vcenter server to a Xendesktop 7.6 environment.
And received the "Cannot connect to the vCenter server due to a certificate error" message.


After a quick google it seemed this issue could be resolved quickly by copying the certificate from the vcenter server to the delivery controller, or import the certificate by browsing to your vcenter web client and import the certificate from there.

Well first I tried to download the cert from the vcenter server by connecting filezilla to the vcenter server (see my previous post). Downloading was succefull, importing the certificate to the Trusted Root Certification Authorities store succeeded also, but the error remained.

Then I opened up the Internet explorer, browsed to the vSphere webclient page and looked at the certificate.

The CA Root Certificate was not trusted because it wasn't in the trusted Root Certification Authorities store. I clicked on View Certificate.


And installed the CA root certificate by clicking Install certificate.
That did the trick!

Connect Filezilla to vCenter Server

Connect Filezilla to vCenter Server

I needed to connect to my vCenter server to get the certificates that are installed for use on my Xendesktop 7.6  farm. I have established the connection by using Filezilla.

Open Filezila
Click on File, Site Manager

Click on new Site

Give your new site a name, for example Vcenter
Add the host name of your vcenter server or ip address
Protocol: SFTP-SSH File Transfer Protocol
Logon Type: Ask for password
User: Root

Click on connect. If your connection fails and you have checked your password then open an webbroser and browse to your VMware vCenter Server Appliance. For example https://vcenter.yourdomain.local:5480

Login to the server

Enable Administrator SSH Login enabled

Thinapp - Application crashes after launch, added Workingdirectory= to package.ini

I had to Thinapp an simple application. I just had to copy the application executable and a couple of configuration files to the "c:\program files\MyApplicationDirectory"  folder.
The application could be started by double clicking the executable. I captured these steps, and build the Thinapp.

Next step, start the thinapp and inform the user that the application was ready for use. Done? Wrong!
The application crashed as soon as the thinapp was started.

I opened the cmd.exe entrypoint browsed to the application directory, run the executable and it worked!? So what this application was missing was an working directory setting. I edited the package.ini by adding the WorkingDirectory= line:

[MyApplication.exe]
Source=%ProgramFilesDir%\MyApplicationDirectory\MyApplication.exe
WorkingDirectory=%ProgramFilesDir%\MyApplicationDirectory

And it worked!

Thinapp - Locked Sandbox

Do you want to rebuild your thinapp or do you want to delete your Thinapp sandbox, but you get an error that the folder or file is in use?

The tool that I use frequently for troubleshooting is the part of the great Sysinternals suite and is called Process Explorer. Process Explorer gives you an detailed view of processes running on your system.
You can download sysinternals process Explorer here link



Start the process explorer application, click on Find, Find Handle or Dll.
Search for .rw, these are the Thinapp virtual registry files, and/or search for the application executable name.



Kill the process(es) that keeps your thinapp locked.
Now you should be able to delete your sandbox or rebuild your Thinapp.

Reboot Netscaler VPX from the command line

The following command reboots your Netscaler VPX:

Log in to the netscaler console
Type: shell and hit enter
Type: reboot  -warm

Download Flash Plugin offline installer

The following link points to the direct download links for the offline versions of the flash installers in .exe and .msi format. And for use with SCCM.

http://www.adobe.com/nl/products/flashplayer/distribution3.html


Download the Internet Explorer plugin and/or the Plugin for other Browsers.
Internet Explorer plugin file name: install_flash_player_13_active_x.msi
Other Browsers plugin file name: install_flash_player_13_plugin.msi

You can also download the Flash player 13 Administration Guide from:

http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/devnet/flashplayer/pdfs/flash_player_13_0_admin_guide.pdf
I will write down the actions I took for distribution flash by group policy on a later moment.
Stay tuned.

Win 8.1 - Receiver 4.1 - Webinterface 5.4 - Single Sign on

Last week I had an interesting project.
The customer wanted to use an Windows 8.1 tablet with an Direct Access connection and they wanted single sign on access to an published Desktop through their web interface web or services site.

Well the only receiver that worked stable on Windows 8.1 was Citrix receiver 4.1.
After instaling reciever 4.1 and adding the .adm templates to the local group policy and configuring this policy and adding the web interface website URL to the local intranet zone I still  was unable to connect through SSON when using the services site on the web interface server.

Connecting to the storefront services site did work but not through the direct access connection. There was no netscaler in the organisation that I could use.

I ended up in creating an web site on the webinterface server, set this site up for single sign on access.Configured Secure Access with Gateway direct settings, or else you could not start published applications through an Direct Access connection.

Then Added the website url to the local intranet zone on the Windows 8.1 tablet and enabling Automatic log-on with current username and password in the local intranet custom level settings. The users get an icon on their desktop through a GPO pointing to the URL of the webinterface website.






This works, it's not exactly what you want, you want to use receiver 4.1, single sign on to a storefront server.
 

Configure .adm template and Add website to local intranet zone

Right click Administrative templates, choose add remove templates
Click on add
The .adm template can be found on the following location:

C:\Program Files (x86)\Citrix\ICA Client\Configuration\icaclient.adm

Configure the following settings:





How to add the url of your webinterface website to the local intranet zone in internet explorer

Add the following key to your client workstation by policy or script:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\server1]
"*"=dword:00000001

if the url to your webinterface site is https://server1.domain.local then use the following:

[HKEY_USERS\S-1-5-21-894708121-507573567-1431495262-25276\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\domain.local\server1]
"*"=dword:00000001