XenApp and XenDesktop 7.5 MCS creating Machine Catalogs and can’t add VM’s from vCenter 5.5

I’m building a XenApp 7.5 (Same code as XenDesktop 7.5 only a different license) environment, and hitting a wall when creating Machine Catalogs. Under the step “import or add virtual machines”, I click on the “Add VMs” button, and can’t browse past the top level of my vCenter cluster and can’t see any vm’s. I checked http://support.citrix.com/proddocs/topic/xenapp-xendesktop-75/cds-vmware-rho.html and the account I’m using meets the permissions requirements. I know that the issue isn’t with this XenApp DC because I am able to connect to our secondary data center and browse vm’s from this same DC.

I opened a support ticket with Citrix and VMware and after two weeks it still wasn’t working.

While I was looking at the differences between the working and non working data centers, I noticed that in the data center that’s working, I can only see vm’s that are not part of a vApp in the Citrix Studio Console. I moved my XenApp 7.5 vm’s out of the vApp and I can now connect to them with Citrix Studio.

If you are connecting XenApp or XenDesktop 7.5 to VMware vCenter 5.5, don’t place your Citrix virtual machines to be managed inside of a vApp. I can’t verify this issue on other versions of Citrix XenDesktop/XenApp or VMware vCenter.

The system cannot find the file specified failed to resolve the source 0x80070002

Some days SCCM will have you pulling your hair out in frustration. I frequently get errors when my OSD TS are installing programs or applications. It will work fine one time then fail the next.

This is the error I’m talking about:

Severity,Type,Site code,Date / Time,System,Component,Message ID,Description

Error,Milestone,NFK,8/19/2014 11:56:08 AM,COMPUTERNAME,Task Sequence Engine,11135,The task sequence execution engine failed executing the action (Run Command Line Copy default backgound image) in the group (Setup Operating System) with the error code 2147942402  Action output: … 02 (e:nts_sccm_releasesmsframeworktscoreresolvesource.cpp,3273) TS::Utility::ResolveSource (pszPkgID, sPath, 0, hUserToken, mapNetworkAccess), HRESULT=80070002 (e:nts_sccm_releasesmsclientosdeploymentinstallsoftwareruncommandline.cpp,399)cmd.Execute(pszPkgID, sProgramName, dwCmdLineExitCode), HRESULT=80070002 (e:nts_sccm_releasesmsclientosdeploymentinstallsoftwaremain.cpp,372) WinHttpSendRequest failed. SendWinHttpRequest failed. 80072ee2. DownloadFile() failed for http://SERVER -FQDN:80/SMS_DP_SMSPKG$/NFK00079/sccm?/backgroundDefault.jpg, C:_SMSTaskSequencePackagesNFK00079backgroundDefault.jpg. 80072ee2. Error downloading file from http://SERVER -FQDN:80/SMS_DP_SMSPKG$/NFK00079/sccm?/backgroundDefault.jpg toC:_SMSTaskSequencePackagesNFK00079backgroundDefault.jpg  DownloadFiles() failed. 80072ee2. Download() failed. 80072ee2. Failed to resolve the source for SMS PKGID=NFK00079, hr=0x80070002 Install Software failed to run command line, hr=0x80070002. The operating system reported error 2147942402: The system cannot find the file specified.

To fix this, add the following Task Sequence Variables to the top of your TS.

SMSTSDownloadRetryCount = 5

SMSTSDownloadRetryDelay = 15

Configuring Automatic Deployment Rules for Software Updates in SCCM 2012

In deploying Microsoft updates, it’s equally important to delay the updates as it is to apply them in order to prevent applying bad updates that cause unintended consequences, including the dreaded BSOD. In this post I’m going to show how to deploy MS updates using an Automatic Deployment Rule (ADR) in System Center Configuration Manager 2012 R2.

I have experimented with different patch schedules and methods over the years, and I’m going to outline what works best for me. Every month, I wait until a week after Patch Tuesday (Waiting a week gives bleeding edge users time to report issues and for Microsoft to pull the patch if necessary.) and deploy updates to my computer. If there are going to be any BSOD’s, I would rather I catch it first instead of a few hundred or thousand of my users. After I let the updates “bake” on my computer for a week and don’t encounter any issues, I deploy them to a small group of users. I pick a small group of people that are generally easy to work with and usually don’t have any pressing deadlines to meet. I sometimes refer to this group as “The canary in the coal mine”, because coal miners used a caged canary back in the old days to alert them to the presence of toxic gases because it would kill them before affecting the miners. If the canary drops dead, back out quickly! After the “canary” group bakes with these updates for a week without issue, its time to deploy the updates to the rest of your computers, including laptops. Some users will take their laptop home nightly and they may miss the collection’s maintenance window of 4 to 7 AM. For these offsite laptops, I deploy updates a week after the bulk of the users. This gives the laptop users a chance to return to the office and pick up updates during the maintenance window. If this window is missed, the only effective way to get it done is to push the updates during working hours during lunch time, and suppress a restart. This may not be ideal, but what else are you going to do if they take the laptop home every night?

In the SCCM console, select Software Library, expand Software Updates and select Automatic Deployment rules. Click the button for “Create Automatic Deployment Rule”.

Name your ADR and provide a description if you desire. Select a Deployment Template if you have created any. Select your collection, and select Create a new Software Update Group, and click Next.

On the Deployment Settings dialog, select “Use Wake-on-Lan if you desire. I don’t use this feature as all of my computers automatically power on for the 4 AM maintenance window via BIOS settings. Click Next.

On the Software Updates dialog, set your property filters to select the updates you want. In my case I exclude a particular Bulletin ID that we have found to cause problems with our deployed applications by preceeding it with a minus.

Specify the Evaluation Schedule.

Specify the Deployment Schedule.

Specify the User Experience. I prefer to select “Hide in Software Center”, and leave all boxes unchecked so that they only deploy during the collection’s maintenance window. Click Next.

Specify an alert of 90 percent and 7 days, unless you prefer otherwise.

I leave the defaults selected on the Download Settings dialog, and click Next.

Select a Deployment Package if one exists, otherwise create a new deployment package and specify the source, then click Next.

Select a your Distribution Points or Distribution Point Group.

Accept the default on the Download Location dialog, and click Next.

Make the appropriate language selection, and click Next.

Carefully review the Summary page, click Save as a Template, and click Next if you don’t need to make any changes, then click Close.

Repeat this process and for any other operating systems you manage and make changes as necessary.

Printing IS important in the VDI environment

I manage a Citrix XenApp system. Recently during a business lunch our sales rep told us that his customers have had “great success” with VMware Horizon View as a Citrix replacement.

From what I’ve been reading on comparisons of VMware vs Citrix VDI, VMware is a little immature at the moment. I consider Citrix XenDesktop and XenApp to be mature and complete end to end products. Profile management? Check. Universal Printing? Check. Remote access? Check. (Netscaler) Then you also have GoToMeeting, GoToWebinar, Sharefile, and MDM. At first glance it looks like it would be easy to upgrade a Citrix environment with VMware Horizon View 6. VMware’s webinar I watched recently said you just install the Horizon agent on your Citrix server to publish apps and you don’t even have to uninstall Citrix.

The reality is that VMware Horizon View 6 lacks some key features, including universal printing and profile management. To be fair, if you are doing VDI on a Windows desktop OS, VMware has universal printing. However if you are publishing a desktop or application on a server OS, no universal printing. I think I’ll stick with Citrix, thank you.

Here’s a good summary of the differences between Citrix and VMware VDI client printing support.

User changed password in AD and keeps getting locked out

I’ve noticed that Active Directory account lockouts seem to be more common these days. I believe this is a result of the use of mobile devices, with some users having multiple mobile devices.

The most common cause of account lockout is when a user changes their password and doesn’t immediately update their password on a mobile device with an email account configured for ActiveSync. I’ve even had one person tell me that they did update their password on their iPhone, then after repeated account lockouts they remembered the iPad they left at home that also had their company email account on it.

If mobile devices with ActiveSync accounts isn’t the cause, I recommend using Account Lockout Examiner, a freeware tool from Netwrix.

Netwrix Account Lockout Examiner: Alert your help desk staff about lockout events and troubleshoot account lockouts, analyzing potential causes. Accounts can be unlocked within the console, a Web-based interface or via a mobile device.

Download it here.

Best sales pitch ever!

Yesterday I attended a sales pitch for Barracuda backup appliances, hosted by SLAIT Consulting at Colonial Shooting Academy in Virginia Beach, VA. I always enjoy attending these events, if nothing else you always meet new people and get some lunch while learning about new technology.

What made this event so awesome is the fact that I love to shoot guns, and the event was at a gun store and shooting range. After lunch and the sales pitch we were given a safety brief and headed to the range. In addition to a selection of pistols, they laid out a couple of AR-15’s and an AK-47 and all the ammo you could shoot. This was the first time I had ever shot an AR or AK. It was a BLAST!