October 29, 2013

Citrix NetScaler Troubleshoot Authentication

This post explains one method of validating authentication while using a Citrix NetScaler.  I use this all the time when setting up Access Gateway but it could be used for any authentication purpose.

When setting up Access Gateway for the first time it can be tricky determining where your authentication is going wrong.  NetScaler provides a laundry list of authentication options but I will just be testing LDAP lookup.

We can use the CLI to view the AAA log for a live view of the processing.  SSH to the NetScaler IP (NSIP) and logon.  Type "shell" and Enter.  Once in the shell, type "cat /tmp/aaad.debug" and Enter.

Depending on traffic to your NetScaler, you may see a lot of messages or none at all.  Either way, you will see live authentication information.  This is invaluable to find out where in the process it is all going wrong or right.  Below you'll see the user name is sagelike.com is authenticating via LDAP and three groups have been retrieved.  The most important line is the last, where we see the accept being sent.  At this point, the user has been successfully been authenticated and the process will move to the next step.  For Access Gateway, this is typically using single sign-on to authenticate the user to Citrix Web Interface.

An incorrect logon typically gives you very little feedback. This is the best method I have found to get more detailed information.

SageLike Post ID: SL0004

Applies to:
NetScaler 9.2
NetScaler 9.3
NetScaler 10.0
NetScaler 10.1
Maybe others

CTX114999 - How to Troubleshoot Authentication with aaad.debug

May 22, 2013

Citrix Synergy 2013 Live

Anaheim Convention Center

Citrix Summit 2013 is officially over.  It has been two days of speakers and sessions geared towards partners.  Big announcements don't typically happen until Synergy when the conference opens up to everyone.  The one interesting announcement so far has been the separation of Summit and Synergy for 2014.  There will be two conferences next year held at different times of the year and in different locations.

Very soon, Mark T will take the stage for the opening keynote to reflect on the last year as well as make new announcements.  I can't wait.  I'll do my best to live blog the keynote so keep refreshing this page.  In the meantime, check out my coverage from Synergy 2012 and Synergy 2011.

So far, the theme of the conference has been mobility, mobility, mobility.

  • It's big and getting bigger
  • Partner with Apache
  • Focus on corporate customers
  • Now on Azure
  • StorageZone Connectors
    • Connect to SharePoint (check-in, check-out)
    • Others coming
Desktop Player for Mac
  • Tech preview next month
  • Run Windows local on your Mac
  • Part of XenDesktop
  • I want to check this out

Mark T is talking about mobile and how the new generation of workers expect this.  Mobile also aids with disruptions (natural disasters) and the general consumerization of technology.  Mark T had a discussion with one of the worlds largest beverage companies and their new strategy is DOS (Don't Own Stuff).  Another big client's philosophy is streamlining MAC (Move, Add & Changes).  Citrix sums this up as mobile work styles.

Announcing XenDesktop 7
  • Flexcast Management Architecture (FMA)
  • 1 download
  • Fast deployment with built-in wizards
  • Automatic configuration checks
  • 20 minutes to get started
  • Down to two consoles: Studio and Director
  • HDX Insight
    • Full end-to-end monitoring for HDX traffic
    • Integrated into Desktop Director
  • App-by-app publishing
  • Windows app migration
    • Integrated AppDNA technology
  • Runs on Windows Server 2012
  • HDX Mobile
    • HD video on any device even over 3G
    • Smooth scrolling, natural gesturing
    • Supports native mobile functions
  • Mobile SDK for Windows apps
    • Gives you access to mobile device sensors
    • >50 APIs
  • Desktop Director
    • Looks awesome
    • Advanced reporting
    • Gives you what you need to solve issues
  • Receiver
    • Great Windows 8 support
    • Amazing Flash video support demoed on an iPad Mini
  • Shipping June with XenApp 6.5 FP2
  • Almost 10 year partnership that started with the Boeing 787
  • Brad Peterson is demoing Adobe Photoshop on an iPad mini
    • Super fluid editing and effects
    • Response time is fairly amazing
  • Next demo is a MacBook connected to 5 high end workstations
    • Brad is switching between the applications
    • They are editing a 4K video-live with Adobe Premium, perfect smooth performance
    • Each application is more stunning than the last
    • Google Earth being demoed using the LeapMotion to zoom around the planet--very cool
  • vGrid vGPU announced and integrated into XenDesktop 7
XenApp 6.5 Feature Pack 2 coming soon

  • Worx Enroll - self-service device registration
  • Worx Home - mobile settings, support and store
  • Citrix GoToAssist is integrated into XenMobile
  • Brad is back to demo
    • Worx Enroll as an iOS app to sign up
    • Worx Home shows you apps and it starts downloading and installing them onto an iPhone
      • Mix of SaaS, Windows, and other apps
    • Admin console is slick, he performs a simple wipe of the phone
    • Talks about the Android Stick (USB)
  • Three built in apps:
    • WorxMail
    • WorxWeb
    • ShareFile
  • Apps are isolated and only allowed to talk to other approved apps
  • Copy and paste can be limited both in and out
  • ShareFile now has the ability to edit PDFs including a slick demo where Brad added a signature via an iPad mini
  • ShareFile connects now allow access to corporate file shares as well as SharePoint including inline editing.
  • Three are now three editions that will be shipping in June
    • MDM Edition
    • App Edition
    • Enterprise Edition
  • Worx App SDK - enable any mobile app
  • Worx App Gallary - new store for apps coming this summer
  • Fastest growing product
  • New 3rd party services with several vendors
That's all from the keynote.  Interesting, no one 'more thing' but overall there is a lot of very exciting things going on both the refinement and innovation front.  Personal highlights for me are the new Director (looks awesome), Desktop player for Mac, and XenDesktop 7.

Work Better.  Live Better.

January 29, 2013

Windows 2008 R2 on a Laptop

Purpose: This post explains the pros and cons of running a server operating system on a laptop.

A year ago, I was picking out a new business laptop and had a decision to make.  My employer had given me $700 as part of their BYOD program.  As a consultant, I wanted something that could run a lab full of VMs but at the same time be light and portable.  After searching the Ultranet for fifteen minutes, that dream died.  In the end, I chose performance, price, and battery life (Dell Latitude E6420) over portability (MacBook Pro).

The next big decision was hypervisor.  VMware Workstation had worked well in the past but I couldn't stop thinking about a story I heard about a vendor running Windows 2008 R2 on his laptop to avoid being seen running a competitors hypervisor.

There were a couple of things that made me like this route:
1) It was unusual, which in my mind makes it cool
2) It would give me lots of hands on with a server OS that I was frequently working with and a hypervisor that I hadn't touched

The last twelve months running a bulky server OS on my daily driver laptop were an overall positive experience and on more than one occasion came in handy for testing or reference. I learned a fair amount about Hyper-V which will likely pay off dividends now that Windows Server 2012 has been released and looks promising.  That being said, I won't be doing it again.  I ran into a fairly large issue (see "Windows 8 and C-States") that could have been resolved much sooner had I been running a more mainstream laptop OS.  As nice as running a small army of VMs on a laptop can be from time to time, it doesn't justify lugging around a 9 pound laptop.  I have access to several labs for that kind of troubleshooting.  My next laptop will be light and lean--MacBook Air'ish.

If you would like to buck the trend and go down this same path, here are some things you'll want to know.
  • Disable hibernation before enabling Hyper-V (see Aaron's post below)
  • Wireless network connectivity requires a feature called Wireless LAN Service
  • Changing LAN networks frequently causes headaches.  Disable the adapter and re-enabling it often fixes issues when the auto-repair failed.  There were times when it took a reboot to finally fixed it.
  • Bridge your network connections to give VMs Internet access to a wireless connection.  Highlight both networks, right-click, Create Bridge.
  • Disable your DNS suffix if you travel from network to network so it won't automatically append workdomain.local to every host name.  In the Advanced section of your TCP/IP properties, click on the DNS tab, under Append these DNS suffixes (in order), add a ".".  That will force your to enter a suffix every time but will less annoying than the wrong domain name.
  • The Windows Search service is disabled by default so nothing will be indexed (OneNote, Outlook...)

  • Microsoft Security Essentials (their free antivirus) works fine

  • OneNote can't start without the Desktop Experience feature enabled

  • Microsoft Media Player can't play DVDs because it does not come with a codec.  The easy workaround is to install VLC

SageLike Post ID: SL0003

Applies to:
Windows 2008 R2
Maybe others

stealthpuppy.com - Disable Hibernation before enabling Hyper-V on a laptop

January 7, 2013

Windows 8 and C-States

This post explains what to do when your Windows 8 with Hyper-V enabled laptop has power issues.

While working on a light  or heavy workload the laptop turns off.  I do not mean shuts down or blue screens but acts as if you just pulled out the battery  and power cord at the same time.  Basically, a turned off laptop where a running one once was. I have been battling this intermittent issue on my Dell Latitude E6420 laptop for the last year.   Sometimes it was twice in a day, sometimes it was once a week,  other weeks were totally clean.   Dell support believed it was an issue with the motherboard (twice).  At one point, I believed it was an issue running Windows 2008 R2 on a laptop  but that is a story for another post.   When the problem happened on a fresh Windows 8 install it got me thinking.

Windows 8 ran totally clean for a month before the power kill happened.  Right about the time I turned on Hyper-V, hmm...  A few Google searches later and I had the solution.   In the BIOS, Virtualization Technology needs to be turned on and VT for Direct IO will be needed for some functionality.
Turn off C-States.

Hyper-V does not play well with Intel's C-States.  C-States are low power modes for CPUs (see references below for more info).  This doesn't make much sense for a server in a data center, especially when it runs multiple VMs so turning them off is a good thing.  Turning them off will also give your server better performance.  In Hyper-V's defense, they aren't the only one to suffer issues from C-States.  XenServer has had well documented issues (CTX127395) as well.

Sidenote: I did not find official recommendations from Microsoft to turn it off because of issues but I did find one to turn it off for better performance.

SageLike Post ID: SL0002

Applies to:
Windows 2008 R2
Windows 8
Maybe others

hardwaresecrets.com - Everything You Need to Know About the CPU C-States Power Saving Modes
technet.com - Hyper-V and BIOS power plans (c-states)
KB974598 - You receive a "Stop 0x0000007E" error on the first restart after you enable Hyper-V on a Windows Server 2008 based computer
KB2000977 - Hyper-V: Performance decreases in VMs on Intel Xeon 5500 (Nehalem) systems
CTX127395 - Hosts Become Unresponsive with XenServer 5.6 on Nehalem and Westmere CPUs
CTX130464 - How to Check if Extra C-States are Enabled without Booting into the BIOS.
SL0002  - Windows 2008 R2 on a Laptop