Archive for the ‘VDI’ Category

Tip: Optimizing Windows Server 2012 (R2) or Windows 8(.1) for VDI/Terminal Server use

Wednesday, March 18th, 2015

Hi Folks,

Citrix already one year ago released in article with several optimizations for Windows Server 2012 (R2) and Windows 8(.1) to optimize these systems for VDI / Terminal Server use. A lot of people doesn’t know it and it can be really helpfull, you can find the article here and it also include a .vbs script to run all these optimizations in one step. It will work for Citrix and also other solutions and can be very usefull to improve the user experience in general.

Just try it!

Cheers

Michael

Tip: Using Windows Server 2012 R2 workfolders with Remote Desktop/Citrix XenApp based Terminal Servers/VDI’s

Monday, February 23rd, 2015

Hi Folks,

already a year ago I wrote an article how you can change the default port for the Windows Server 2012 R2 workfolder role/feature. By default the Workfolder feature works a “sync” share for Windows 8.1 based desktop systems/VDI’s like a self hosted OneDrive/Google Drive. In the article here i’ve also mentioned that these Workfolders can be mapped to a Terminal Server based on Microsoft Remote Desktop Services and Citrix XenApp.

I got a couple of request how the setup should look like so here is a small guide.

1) Install the Workfolder feature (can be found in the file server roles setup) to a Windows Server 2012 R2, make sure that no other feature or application block the SSL Port 443 or modify the Port by following our guide here. During the Workfolder configuration you will be ask what “folder” name should be used, username or username@domain; use username here only.
2) After the workfolder setup is done create a new smb fileshare pointing to your workfolder directory, make sure to setup the exact similar user rights like set for the original workfolder directory. Open Windows Explorer at the Workfolder Server and check the User Rights for the Workfolder and adopt this configuration for the Workfolder Share. If not done right you may mismatch the Userrights and Users may can access files from other Users or loose the Workfolder access.
3) After this is done open the Group Policy Management Console (GPMC) and create a new policy linked to your Terminal Server OU
4) Edit the new policy and browse to User Configuration->Preferences->Windows Settings->Drive Maps and create two new mapping entries, in my sample i map the workfolder shares to drive U: (Click picture to enlarge). Location should be always \\*your_workfolder_server*\*Workfolder_Sharename*\%USERNAME%.

Create the share configuration

Create the share configuration

Update the share configuration

Update the share configuration

Final view

Final view

5) Close the policy and logon to a terminal server to verify the configuration, all modified content within the drive U: will be synced to the user devices and vice versa.

Cheers

Michael

P.S.: This can be also used with any Microsoft Desktop OS based VDI if you want to use the workfolder sync feature only for physical devices (which make sense to prevent double data in the Workfolder Share and the User Profile/Personal VDisk). If you install the file resource manager to the Workfolder Server to set quotes (like 250MB availabe space per User) make sure to set the similar quote also for the fileshare!

P.S.2: The screenshot’s are coming from a production environment, that why the location path is pixeled.

 

Tip (Update): Setting the Startmenu for Terminal Server Users working with Windows Server 2012 R2

Monday, February 23rd, 2015

Hi Folks,

maybe you noticed already that the handling for the Startmenu is very different between Windows Server 2012 R2 and old Windows Server versions like 2008 R2 and so on. These configurations will also work for Windows 8.1 incl. Windows 8.1 RT (Require enabled Group Policy Client service or local Policy setup).

A lot of Administrator want to modify the Startmenu and to offer a standard view for all User, this can be a very tricky task and i saw already a lot of funny way’s how to edit it. To clear this up a little bit i would like to suggest you two ways how this task can be done, the first variant will introduce you a “static” way. Static means the User will get a “fixed” Startmenu without the ability to change something here. The second way will introduce you a way to create a “default” Starmenu  that can be modified by the User. So you can figure out which way works best for you, depending on the scenario, for example if you deploy Terminal Server thru Citrix Provisioning with an static base image it doesn’t make sense to give the User the ability to modificate the Startmenu in any way. These configurations can be done thru local and/or domain policies.

Way 1 – Static Startmenu for all users

1) Login as User with Administrator permissions and install/setup all Applications you want to provide to the user.
2) Setup Starmenu like it should be “published” to the users.
3) After you have finished the final look and feel create a new SMB Share on any fileserver in your environment, call it “startmenu” or something similar.
4) At the server where you have created the Startmenu “User” view open the powerhell with administrative permissions and enter the command: “Export-StartLayout -Path \\*yourfileserver*\*sharename*\StartMenu.xml -As XML”
5) Logoff from the Terminal Server and start the GPMC (Group Policy Management Console) on any domain system where the GPMC is available.
6) Create a new policy (or use an existing Policy) and link it to the OU where your Terminal Server Users can be found and click the right mouse button->Edit.
7) In the policy browse to User Configuration->Policies->Administrative Templates->Start Menu and Taskbar and edit here the setting Start Screen Layout.
8) Enable the policy and set the Start Layout File to the file you have created in 4) = \\*yourfileserver*\*sharename*\StartMenu.xml

startmenustatic

9) Close the policy and make sure the policy is assigned to the right OU, after this login to the Server and verify the result.

Please note: The Startmenu can not be modified thru a User! For the Export-StartLayout command (4) you have to use the XML format for the export, the bin format can not be used thru the policy! If you assign the policies to a Computer OU like your terminal servers don’t forget to enable loopback processing!

Update: I forgot, Applications where the shortcut is not listed in %ProgramData%>Microsoft>Windows>Start Menu may dissapear after the second User Login (Notepad, Internet Explorer default entry as example). So you may have to create the Shortcuts by your own and assign it to the Startmenu before exporting the XML file. In this folder you can also setup the Applications that should be shown to the User in the “full” Starmenu applications view by editing the User permissions for each file and folder in a very simple way. As example if you want to hide the Windows Store disable the permission inheritance and set the User permissions to full access for “Domain Administrators”, “System”, “Administrators” and add the Usergroup(s) which should be able to gain access to the Applications thru the “full” Startmenu view (Arrow down button in the Startmenu). If you want to be more secure regarding the general Application access you can also combine this with the Windows Applocker feature.

Way 2 – Flexible default Startmenu for all Users (Source: Microsoft Platform)

There is also an alternative described here: Microsoft Platform, this way allows also provide write access for the users but it’s a little bit tricky to set it up and can cause issues in production.

I personal do prefer Way 1 which make more sense for the most scenarios, so i do provide only the link to the source.

Cheers

Michael

Windows Update KB3013455 breaks Font Smoothing on Windows XP, Server 2003R2 and 2008

Thursday, February 12th, 2015

Hello Folks,

if you are using Windows XP as VDI or have old Terminal Server’s (incl. Citrix solutions) running Microsoft Windows Server 2003R2 or 2008 (32-Bit) you should not deploy KB3013455 which was released during the last Microsoft Patch Day.

The Update will cause a general font smoothing issue with a bunch of fonts and the users will/can get a much lower user experience if working with a lot of text content.

There is currently no work around for this issue, Windows Server 2008R2/2012(R2) and Windows 7/8(.1) do not show any issue once the update is applied.

The issue is already confirmed by Microsoft, read also here: MS15-010

The MS15-010 article currently doesn’t mention Windows XP (or Vista) but i was able to reproduce it also with a Windows XP 32-Bit VM.

Cheers
Michael

P.S.: Some Users also reporting issues with Windows Vista 32 Bit but i believe this is less important for VDI environments.

Tip: Business Card Scanners for Linux / MacOSX in virtual environments and without USB Redirection.

Monday, February 9th, 2015

Hi Folks,

from time to time customers are asking what type of Business Card Scanners can be used with the IGEL Linux or any other “none” Windows Client devices together with XenApp or Microsoft Remote Desktop Services. Typical these customers don’t want to deal with USB Redirection (XenApp 7.x or Microsoft Remote FX) or don’t have USB Redirection available (XenApp <=6.5 / Windows Terminal Server <= Windows 2008 R2)

If you run in a situation like this you should look out for solutions like IRIS Card Anywhere (Canon). Devices working in the same way don’t need a “special” driver installed, they come with an internal memory or SD-Card and can be used like an regular USB Memory and this means: It can be used with Windows, Linux, MacOSX or an Android Tablet providing a USB Port. Disadvantage: They are a little bit more expensive but if you calculate the work to get a driver installed or deployed in your environment than you will have a much cheaper TCO.

Cheers

Michael

P.S.: I used the IRIS Card as sample regarding my past experience, it’s not an advertisement. 🙂 In any way there are several solutions out there and you should test it in advance and before ordering a bunch of these devices. 😉

Info: Will Microsoft’s licensing change boost VDI installations?

Thursday, November 6th, 2014

Hi Folks,

some important change has been done by Microsoft to the volume Licensing, this can boost the VDI business in the future…

What was done exactly:

peruserlic

 

What does it mean? Microsoft changes the Licensing for Desktop OS’s from per Device to Per Device and Per User for Enterprise customers and allows also a installation at the same time on any device incl. Tablets. This can be a big driver for Enterprises to roll out or validate Desktop VDI Installation in the upcoming months now, it makes VDI licening much more simpler and flexible for Enterprise customers. It also includes Windows 8.1 Pro and Enterprise incl. Windows 7 and 8, so it’s not only limited to devices running Windows 8.1 Enterprise and this point could be important too.

For VDI also important is the Remote Access Right and here the Per User option comes with “Any device” access, the device licensing only offer support for “noncorporate” devices. Means the User licensing supports now also corporate owned Linux based Thin Clients or IOS/Android based devices.

One big step in the right direction from Microsoft, really nice! You can also read the full article here: VL Licensing Windows 8.1

Cheers

Michael

Whitepaper: How to use the IGEL Linux together with the Microsoft Remote Desktop Connection Broker

Friday, August 29th, 2014

Hi Folks,

very often i’ve been asked how to setup the RDP Client coming with the IGEL Linux to use the Microsoft Remote Desktop Connection Broker in the right way.

So here is a new Whitepaper how to setup this step by step, the Whitepaper is based on a Windows Server 2012 R2 environement and the current IGEL Linux Firmware 5.03.190.

The download is available here: Download

Cheers

Michael

Tip: How to avoid Adobe Flash in Terminal Server/VDI environments with the IGEL LX/OS

Wednesday, May 28th, 2014

Hi Folks,

maybe you also agree that Adobe Flash content is one of the biggest crap that can be used in a Terminal Server/VDI environment. For example youtube or similar site’s mostly waste expensive Server CPU resources only for watching a “funny” video..

flashtaskbar
Yeah… One User with one HD Flash Movie use 41% of  Server CPU resources!

HTML5 is still not a big deal for most site’s, so how can you handle it?

1) Ban it… Block unwanted traffic with a firewall or proxy. This is highly efficient but will upset the user base and maybe you need it (schools/education), so mostly this option is no deal.

2) Buy more Server.. More or less efficient and very expensive (Hardware, licensing, setup and cooling). No deal!

3) Use solutions like Citrix HDX Flash Redirection… More or less efficient, hard to setup and not 100% compatible, it could be a option but it’s not a real solution.

4) Ban it from the servers… I just setup this for a PoC and it seams to be the most efficient way which is also acceptable for most users. So how is the setup?

a) You need IGEL Linux based devices (LX or OS) based on the x86 architecture to do this.

b) Setup a local Firefox browser session and deploy any Version of the Adobe Flash Player for Linux to it (Browser Plugins in the IGEL Setup).

c) Assign a Hotkey to the Firefox Browser Session like ALT+CTRL+i.

d) Setup a IIS/Webserver on any System that is not already running a IIS/Webserver

e) On the Terminal Server/VDI (i recommend to use the golden Image) site open the hosts file which is located in the Windows/System32/drivers/etc folder and edit it. Now add any Website you want to outsource, point it to the “new” Webserver. Example:

192.168.1.150 youtube.com
192.168.1.150 youtube.de
192.168.1.150 anyotheruselessflashsite.com

Do not perform this for any Website which is used for “business” uploads/work! Don’t use a DNS Server to apply the configuration, this might also point the Thin Clients to a “wrong” site… Of course you can also add Webradio Website’s, browser based games or what ever you don’t want to see in a Webbrowser on the server backend. But at all.. It’s not a security solution at all, it’s to save resources only!

f) Create a small HTML Website with a short Text like “This site can not be used on a Server/VDI! Please press ALT+CTRL+i to open the local Browser and use ALT+CTRL+TAB to switch between the Browser/Session.” or similar. Make it simple and easy to understand… Now set this HTML Page as default and 404 error page for the new Webserver (d).

g) Let the user test it… If the User enter www.youtube.com the “new” Website will open and point the user how to work with the local Browser.. For the User it looks “very” embedded into the session, not 100% but it will be good enough to watch movies for most of them.

I know this solution is also not a 100% one and it can be bypassed if the User is using the IP. 😉 ..but it’s not a security solution, the User can watch Movies and you have minimized the wasted CPU resource on your backend. It’s easy to control, high compatible and everyone is happy. From my point it’s currently the best way to handle Flash until it will be fully replaced by HTML5 or any other “better” working solution. The performance depends on the User device, a UD5 will better perform than a UD2 but still: A slow client is better than a slow server for most company environments.

Also some more benefit’s.. You can seperate client traffic from your server traffic quite simple, the customer where i suggest this mentioned that they have 10GB or more “flash” streaming traffic (only youtube) per day in the server infrastructure with a little bit more than 300 user’s. You can use it with any Terminal Server/VDI solution but please note: If using VMWare View, Microsoft RemoteFX, Citrix XenDesktop x.x / XenApp 7.5 or any other solution that support real USB redirection don’t setup USB Redirection for Human Interface Devices (HID) because in this case the Mouse and Keyboard can not be used outside the Session (…and with the local Browser).

You can also add other description’s to the created “manual” website, for example for Android press the home button and open the local Browser or similar.

If you have suggestions to improve this solution feel free to give me a mail or add a comment.

Cheers

Michael

Release: Windows 8.1 / Server 2012 R2, Windows RT 8.1 Update and SQL Server 2014 are now available in the MSDN

Thursday, April 3rd, 2014

Hello Folks,

you can now download the Update for Windows 8.1 / Server 2012 R2 and Windows RT 8.1 in the Microsoft MSDN (MSDN Account required), also SQL Server 2014 RTM is available now in the MSDN.

Cheers

Michael

P.S.: It’s named as Update and not Update 1 🙂

Tip: Windows Store Error 0x80240017 vs. Hyper-V

Friday, February 21st, 2014

Hi Folks,

i really could kill some Microsoft developers tonight… Just kidding but this has taken three hours of time to fix a really stupid issue.

Maybe you provide your User a Microsoft based Windows 8 or Windows 8.1 VDI thru Microsoft Remote Desktop Services incl. the Windows Store to download own or company based Apps. By default this should be now big deal but it could… Normally your User browse to the Store and download / buy a new app, depending on the system a App will be shown in the store or not; simple right? …but what happens if this app is already available for the User and he got the App already running on an other device? It will be shown in his Apps and he can select it, now a funny error comes up: “App can not be installed BlaBlaBla… Error 0x80240017”. This error 0x80240017 for Microsoft seams to mean: “Could be everything and we have no clue where it coming from.

There are several Tips and Clues available and i’ve tried everything more than one time (!): Store Reset (wsreset.exe), installing Updates, deleting the Software Distribution Folder, Regional Settings, Time Zone and much more but finally it means: Your System doesn’t fit the requirements for this App! Great.. Why not direct translating it for humans and maybe for the Microsoft Support too (which have also no clue what it could mean)!?!

Ok… Enough blaming, let’s come to my solution for Hyper-V based VDI’s: To fix it just disable the Dynamic Memory Feature for the Windows 8.x based Desktops or/and increase it to min. 1024 or better 2048 (or more) MB of RAM. After this small fix everything works like a charm, it seams to be that the Windows Store can not deal with the Dynamic Memory and the result will be this nonsense error message.

Have Fun!

Michael

P.S.: I checked it also with Windows Server 2012 R2, similar behavior… If you got the issue for a physical device try it on an other “better” hardware.

Tip: Fixing RDP session issues with IGEL Linux V5.x.x

Wednesday, November 13th, 2013

Hello Folks,

it might happen that you run into issues with RDP Sessions in the new IGEL Linux, this is currently very rare but in the case that a RDP Session did not work for you anymore after you have updated from IGEL Linux V4 to V5 you should try the setting RDP Legacy Mode. You will find this setting in the Setup->Sessions->RDP->RDP Global->Options.

If this fixes the issue for you i recommend to contact IGEL and provide some details about your Remote Desktop Services setup.

Cheers

Michael

P.S.: I got this only two times, so from my point it’s really rare but it might help. 😉

Windows 8, Metro Style Apps and Sysprep

Friday, February 8th, 2013

Hi,

very often i got an issue with Windows 8 and Metro Styles Apps, the issue is quite simple… If some user has updated the Metro Style Default Apps coming with Windows 8, syprep will not work anymore. There are some descriptions on TechNet how to fix it but in reality this fix doesn’t work or don’t provide the result it should be.

I don’t know why Microsoft has implemented the handling for Metro Apps in this way but from my opinion this is really a poor design how to handle the default Apps during a Sysprep and strongly needs to be fixed or changed if this is really a “design” related issue (I know nobody solving this issue with the three mentioned solutions in the TechNet Article to get Sysprep working again!).

So if you have to deal with Windows 8 for VDI/Provisioning don’t deal with the Metro App’s in any way on your Master Image(s)!

Cheers
Michael

P.S.: I forgot, Windows 2012 shows the same behavior…. 🙁

Tip: Configure a Keyboard shortcut to minimize fullscreen Citrix or Microsoft RDS sessions for a Linux based IGEL OS

Wednesday, October 3rd, 2012

Hello,

very often i’ve been asked how a Citrix or Microsoft RDS fullscreen session can be minimized in an IGEL Universal Desktop LX/OS firmware. By default IGEL has not enabled this but this task is simple to do….

Open the IGEL Setup or the UMS Profile, now go to User Interface->Hotkeys->Commands and select Minimize all Windows… Click on Edit now and activate the hotkey, i prefer CTRL¦ALT and ESC (Write Escape in the Hotkey field to set ESC) but you can also set other combinations of course. Please make sure that your set combination do not conflict with any other Linux or Windows key combination!

Close the Setup or the profile (assign the profile to an Client if not already done) and here you go.

Cheers

Michael

P.S.: One Extension, of course any local Client key mapping do not work if the keyboard is mapped into the session thru “real” USB redirection!

P.S.2: For ICA Sessions it could be required to Setup a second key combination to Stop the direct Keyboard Passthrough, this configuration can be found in the IGEL Setup->System->Registry->ica->wfclient and then configure the following Settings: keypassthroughescapechar and keypassthroughescapeshift. This can be also configured with a profile in the IGEL UMS. If you’re connecting thru the Firefox Browser (Citrix Webinterface) you have to Setup the configuration in the Default.ica file from the Webinterface!

Tip: Optimizing Audio quality for RDP connections for IGEL Universal Desktop LX/OS

Friday, September 28th, 2012

Hi,

this hint is only for RDP connections between a IGEL Universal Desktop LX / OS and a Windows based Remote Desktop Server (for example Windows 2008 R2 SP1, not Remote FX) and if you got a bad audio quality (noisy/cropped). It can be used with different firmware versions, in my case i used the 4.10.100.

Open the IGEL Setup and/or the profile and go to System->Registry->rdp->winconnect->sound-driver and change it to OSS.

Apply the settings and restart the session to the Server, the result should be much better now.

Cheers

Michael

USB redirection with Citrix XenApp and Microsoft Remote Desktop Services

Wednesday, June 6th, 2012

Did you ever ask the question what extended USB redirection in the IGEL product description means? No… It’s not USB redirection coming with VMWare View, XenDesktop or RemoteFX; this is included in the clients by default. It’s a solution called “USB for Remote Desktop” from Fabulatech. This solution was primary designed to offer USB redirection for Microsoft’s Remote Desktop Services.

Since the latest version it also support XenApp and it’s maybe a good add-on if you require “real” USB redirection for your users or devices with the benefit that you can configure all the devices from remote with the IGEL Universal Management Suite. To get more information’s have a look here: http://www.usb-over-network.com/partners/igel/

Important: In the IGEL firmware release notes you can see what version of Fabulatech USB for Remote Desktop is installed, on the Terminal Server’s the same or compatible Version is required; don’t try to mix it! You also need the Advanced Feature Set for the IGEL Thin Client to be able to use it.

Cheers
Michael

Windows 8 – Wohoooo….

Wednesday, February 29th, 2012

Since today Windows 8 is released as public beta (http://windows.microsoft.com/en-us/windows-8/iso) and also Windows Server 8 can be downloaded now (http://technet.microsoft.com/en-us/evalcenter/hh670538.aspx).

Together with million of other people iam now downloading this stuff (Very slow at the moment 🙂 ) and will start my first test together with the IGEL Clients. Iam very intrested to see the results and if the Windows 8 Remote FX implementation will work.  I will post the results here during the next days.

Cheers

Michael