We encountered a strange issue on the Windows Server 2016 Remote Desktop Session Host (RDSH) used for VMware Horizon Application Publishing. The Internet Explorer would launch and get into “Not Responding” state, and eventually, the process would close out without any errors.
IE Opening and Crashing
Process of elimination
We thought either Windows cumulative updates introduced the issue as it was working fine earlier.
There were no errors in the Windows Event Viewer (Application, System or Internet Explorer)
We used the Deployment Image Servicing and Management (DISM) command line tool to disable/enabled Internet Explorer without any luck.
Procmon is showing IE tries to launch the process multiple times, but the sub-process keep failing, and IE finally gives up at the end
IE Process launching multiple times
We were running out of troubleshooting ideas
Resolution
My team ended up opening a Microsoft Support case, and they could see that “Name Not Found for the ieproxy.dll” which is due to ieproxy.dll registration issues. Support confirmed they had seen similar instances in the past.
Please open command prompt with Admin rights and re-register the dll from System32 and Syswow64 folders.
%SystemRoot%\System32\regsvr32 ieproxy.dll
%SystemRoot%\Syswow64\regsvr32 ieproxy.dll
I hope you will find this information useful if you encounter the issue. If you manage to tweak or improvise further on this solution, please don’t forget to keep me posted.
The AppX package for (Calc, Photos and Edge) did exist in the base operating system
We can launch all the three applications within the optimized golden image template.
We were running the VMWare OSOT tool with the default VMware Windows 10 template. No additional customization or options selected.
One thing was evident the base template was working fine. The suspicion was around AppStack – App Volumes (We disabled the AppStacks/Writable Delivery – Same issue observed) or Dynamic Environment Manager causing the application from launching
We selected to put the Powershell script within the UEM Share as the end-users have the read- access.
DEM-LogonTasks
I hope you will find this information useful if you encounter the issue. If you manage to tweak or improvise further on this solution, please don’t forget to keep me posted.
We have been using VMware Unified Access Gateway (UAG) for quite a few years. To monitor the appliance using vROPS or other monitoring tools or API calls scripts you need a read-only monitoring account created in the console under “Account Settings”.
Read-only account for monitoring
In our deployment we have 14 UAG appliances (Internal/External) – Yes we tunnel internal connections too. Post the upgrade we had to re-create the read-only account for the API call monitoring on all 14 appliances. The following script I wrote to create the read-only account per UAG server. Just change the IP and point to another UAG to create accounts.
####################################################################
# Create ready-only account in the VMware Unified Access Gateway Appliance
# for monitoring purposes using vROPS or API etc.
# Author - Aresh Sarkari (@askaresh)
# Version - V5.0
####################################################################
# Ignore UAG cert errors (self signed or
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
##API Call to make the intial connection to the UAG Appliance##
$Uri = "https://10.0.0.1:9443/rest/v1/config/adminusers/logAdminUserAction/LOGIN"
$Username = "admin"
$Password = "adminpassword"
$Headers = @{ Authorization = "Basic {0}" -f [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $Username,$Password))) }
Invoke-RestMethod -SessionVariable DaLogin -Uri $Uri -Headers $Headers
###API Call to create the user account with read-only access under VMware Unified Access Gateway##
$body = @{
name = "UAG_vRops"
password= "typeyourpassword"
enabled=$true
roles = @("ROLE_MONITORING")
noOfDaysRemainingForPwdExpiry=0
} | ConvertTo-Json
$output = Invoke-RestMethod -WebSession $DaLogin -Method Put -Uri "https://10.0.0.1:9443/rest/v1/config/adminusers" -Body $body -ContentType "application/json"
Write-Output $output
I hope you will find this script useful to create the UAG read only accounts and would not have to create them manually on multiple appliances. My request if you further enhance the script or make it more creative, I hope you can share it back with me?
Often within the App Volumes Manager, there are Writable Volumes that will show up as Status “Orphaned” and essentially that can be caused by active directory user accounts that have been disabled in AD.
Writable Status = Orphaned
There is also a Status called “Disabled” and that can be caused when an App Volumes administrator decides to disable the Writable Volumes.
Writable Status = Disabled
Now if you have a enteprise environment with 1000’s of users, it’s hard to perform this activity from the UI. I have created a script that can report on the status of “Orphaned” and “Disabled” send you the output in *.csv report on a daily/weekly basis as per your needs.
####################################################################
# Get List of Writable Volumes from AppVolumes Manager for Status Disabled and Orphaned
# Author - Aresh Sarkari (@askaresh)
# Version - V2.0
####################################################################
# Run at the start of each script to import the credentials
$Credentials = IMPORT-CLIXML "C:\Scripts\Secure-Creds\SCred_avmgr.xml"
$RESTAPIUser = $Credentials.UserName
$RESTAPIPassword = $Credentials.GetNetworkCredential().Password
$body = @{
username = “$RESTAPIUser"
password = “$RESTAPIPassword”
}
Invoke-RestMethod -SessionVariable DaLogin -Method Post -Uri "https://avolmanager.askaresh.com/cv_api/sessions” -Body $body
$output = Invoke-RestMethod -WebSession $DaLogin -Method Get -Uri "https://avolmanager.askaresh.com/cv_api/writables" -ContentType "application/json"
$output.datastores.writable_volumes | Select-Object owner_name, owner_upn, title, status | Where-Object {[string]$_.status -match "Orphaned" -and $_.title -match "(disabled)"} | Export-Csv -NoTypeInformation -Append D:\Aresh\Orphaned.Disabled-Writables.$(Get-Date -Format "yyyyMMddHHmm").csv
#send an email (provided the smtp server is reachable from where ever you are running this script)
$emailfrom = 'writablevolumes@askaresh.com'
$emailto = 'email1@askaresh.com', 'email2@askaresh.com'
$emailsub = 'Wrtiable Volumes with status Orphaned and Disabled - Weekly'
$emailbody = 'Attached CSV File from App Volumes Manager. The attachment included the API response for all the Writable which are orphaned and Disabled in UI'
$emailattach = "D:\Aresh\Orphaned.Disabled-Writables.$(Get-Date -Format "yyyyMMddHHmm").csv"
$emailsmtp = 'smtp.askaresh.com'
Send-MailMessage -From $emailfrom -To $emailto -Subject $emailsub -Body $emailbody -Attachments $emailattach -Priority High -DeliveryNotificationOption OnFailure -SmtpServer $emailsmtp
Depending upon the output, you can have your service desk get in touch with the Active Directory teams to get the affected end-users to be removed from the App volumes writable volumes entitled groups and then proceed towards clean up of their writable volumes if there is no legal hold requirements.
I hope you will find this script useful to get a report for all writable volumes with status Orphaned and Disabled. My request if you further enhance the script or make it more creative, I hope you can share it back with me?
We have provided end-users with 30 GB Writable Volumes, and within the App Volumes Manager console there is an ability in the UI to see the Writable Volumes disk free under the view called – “Usage View”
Writable Volumes – Usage View
The biggest challenge is if you have 1000’s of users, it’s hard to perform this activity from the UI. I have created a script that can send you the output in *.csv report on a daily/weekly basis as per your needs.
####################################################################
# Get List of Wrtiable Volumes from AppVolumes Manager for free space less than 3 GB out of 30 GB
# Author - Aresh Sarkari (@askaresh)
# Version - V2.0
####################################################################
# Run at the start of each script to import the credentials
$Credentials = IMPORT-CLIXML "C:\Scripts\Secure-Creds\SCred_avmgr.xml"
$RESTAPIUser = $Credentials.UserName
$RESTAPIPassword = $Credentials.GetNetworkCredential().Password
$body = @{
username = “$RESTAPIUser"
password = “$RESTAPIPassword”
}
Invoke-RestMethod -SessionVariable DaLogin -Method Post -Uri "https://avolmanager.askaresh.com/cv_api/sessions” -Body $body
$output = Invoke-RestMethod -WebSession $DaLogin -Method Get -Uri "https://avolmanager.askaresh.com/cv_api/writables" -ContentType "application/json"
$output.datastores.writable_volumes | Select-Object owner_name, owner_upn,total_mb, free_mb, percent_available, status | Where-Object {$_.free_mb -lt 3072} | Export-Csv -NoTypeInformation -Append D:\Aresh\Writableslt3gb.$(Get-Date -Format "yyyyMMddHHmm").csv
#send an email (provided the smtp server is reachable from where ever you are running this script)
$emailfrom = 'writablevolumes@askaresh.com'
$emailto = 'email1@askaresh.com', 'email2@askaresh.com' #Enter your SMTP Details
$emailsub = 'Wrtiable Volumes Size (free_mb) less than 3 GB out of 30 GB - 24 Hours'
$emailbody = 'Attached CSV File from App Volumes Manager. The attachment included the API response for all the Writable Volumes less than 3 GB of free space'
$emailattach = "D:\Aresh\Writableslt3gb.$(Get-Date -Format "yyyyMMddHHmm").csv"
$emailsmtp = 'smtp.askaresh.com'
Send-MailMessage -From $emailfrom -To $emailto -Subject $emailsub -Body $emailbody -Attachments $emailattach -Priority High -DeliveryNotificationOption OnFailure -SmtpServer $emailsmtp
Depending upon the output, you can have your service desk get in touch with the affected end-users to clear-up disk space or provide options for further expansion.
I hope you will find this script useful to get a report for all writable volumes nearing their disk space usage. My request if you further enhance the script or make it more creative, I hope you can share it back with me?
Imagine yourself in a situation where you have to capture the entire XenApp 6.5 Farm information to understand what the customers have in their environment. The traditional way to understand the environment is to sit down multiple times with the CTX Architects/Admins to understand the details of infrastructure and even then missing on important details. This script will document whatever you see under the Citrix AppCenter Console and the output can be copied to a txt or word document.
My Testing results
I ran the script in my environment and generated the output as per the figures mentioned below. I am listing down certain requirements and things I learnt during the execution:
C:\Windows\System32\WindowsPowerShell\v1.0\Modules, in a new folder named Citrix.GroupPolicy.Commands
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules, in a new folder named Citrix.GroupPolicy.Commands
Make sure you open the File Properties of Citrix.GroupPolicy.Commands.psm1 file and click on Unblock and click Apply and OK. If you don’t go through this step you will get an error during importing of module
Step2:
Open Windows PowerShell console and type Set-ExecutionPolicy RemoteSigned
Open Windows PowerShell screen and type import-module Citrix.GroupPolicy.Commands
Step3:
Download the script fromScriptand place thescript under the C:\XAInventory folder
Click Start – All Programs – Citrix – XenApp 6.5 Server SDK – Windows PowerShell with Citrix XenApp 6.5 Server SDK
Navigate to C:\XAInventory folder and type .\XA65_Inventory.ps1 |out-file .\XA65Farm.txt
Copy the output from C:\XA65Farm\XA65Farm.txt to a Word Document for better reading and formatting.
Step4:
Analyze the customer environment with complete detailed information for the XenApp 6.5 infrastructure
Inventory Output Results:
A lot more is captured with respect to Server, Zones, Applications etc. Check it out yourself to experience the in depth details
Source: (Thanks) Lets give some respect and thanks to the author of this script Carl Webster because of whom we all will be saving none less than 30-40 hours of efforts in capturing details of the XenApp Environment. He has written a 13 page blog on what all information is captured in the inventory script. Note if you check out his blog there are scripts for multiple versions of XenApp 6.5/6/5
If you like this post please leave your valuable comments
