Ghost in the Citrix XenApp

Posted by robd on August 06, 2020
Citrix / No Comments

We’ve had this really frustrating issue for a few months where XenApp applications would launch then if a user closed the app or left it then they would be able open it again.

When you jump of the Citrix XenApp server you’d see the session but in a weird state.

Either like this:

or with the username but just a few processes listed:

  • Citrix Graphics (ctxgfx)

  • Client Server Runtime Process (csrss.exe)

  • Desktop Window Manager (dwm.exe)

  • Windows Logon Application (Winlogin.exe)

  • Windows Logon User Interface Host (LogonUI.exe)

  • EMUser.exe – Ivanti service

The work around workaround is to kill winlogin.exe or loginui.exe or emuser.exe and the session ends.

If we remove DisableLogonUISuppression this problem goes away, but then when launching a published application users see a black screen.

So after doing a million things one of the guys at Ivanti found the issue, the App was taking more than 60,000 Milliseconds to launch so Citrix was shitting itself.

The fix, increase the Citrix policy “application launch wait timeout” in Citrix to 12,000 Milliseconds.

And bobs your uncle.

You’re probably asking, why the hell does an app take more 60,000 Milliseconds  to launch….well, I’m blaming Ivanti personalisation and Chrome.

 

If that doesnt help then check these out:

https://support.citrix.com/article/CTX232490

https://www.reddit.com/r/Citrix/comments/8s9pva/disconnected_sessions_are_not_logging_off/

Ghost Sessions Haunting Me from Citrix

Tags: , , ,

ODBC Driver Update

Posted by robd on April 23, 2020
powershell, SQL / No Comments

Hello,

As many of you may know the latest round updates have disabled TLS 1.0 and TLS 1.2

For us that meant either enabling TLS everywhere or using newer methods. Below is a URL to enable:

https://blogs.windows.com/msedgedev/2020/03/31/tls-1-0-tls-1-1-schedule-update-edge-ie11/

A much better option is to install Microsoft® ODBC Driver 13.1 for SQL Server on the clients:

https://www.microsoft.com/en-us/download/details.aspx?id=53339

Then update a whole bunch of ODBC system DSNs.

Thats great but some of our Citrix servers have a lot of system DSNs and I didnt much fancy doing them one by one so here’s some PowerShell to do it for you:

Boom.

 

Tags: , , ,

Updating Cisco Prime 3.4 to 3.7

Posted by robd on March 06, 2020
Cisco / No Comments

Well what a fun few days its been.  I’ve been on a mad mission to update our Cisco products, first I did Cisco ISE (I’ll try and blog about that later) and then Cisco Prime.

Here’s the Cisco Prime tac I took:

SSH to Prime

First thing first, backup Prime.  In my case that was on the prime server in the default repo.

Next now ftp the update the file to prime:

next check its there:

Now update:

Oh no ERROR:

You have to open the VM console!!!!!!!

Try again!

Ugh, its full.  Delete the old backups

Try again

Arggggh now what, stop Prime….

Try again:

Now its working!!

Tags: , ,

Vib Error updating ESXi from 6.0 to 6.7

Posted by robd on March 05, 2020
vmware / No Comments

Tried to upgrade ESX on a Cisco server today but kept getting the following today:

missing_dependency_VIBS ERROR. Found=[Qlogic_bootbank_scsi-qla2xxx….. These vibs on the host are missing dependency if you continue to upgrade.

So to fix, put the host in Maintenance mode then check if the device blocking is in use:

In my case it wasnt so bin it off:

 

All done, reboot and try and upgrade

 

Tags: , ,

Check and change DNS on all the servers in the domain

Posted by robd on February 19, 2020
DNS, powershell / No Comments

Here’s a brilliant PowerShell scipt to check what the DNS servers are set as accross the domain then change it:

 

 

Tags: ,

Dynamic vlan Assignment on Flexconnect using Cisco Wireless

Posted by robd on February 17, 2020
Wireless / No Comments

Hello,

I recently setup dynamic vlan assignment using Cisco ISE and a Cisco vWLC but had an issue where on some APs on some sites wouldnt move the devices to the correct DHCP scope.

So just make it clear what dynamic vlan assignment is, its when you have one SSID to rule them all and in the dark bind them.

So I have laptop and hand held scanners and only one SSID, I want my hand held scanner to go onto a different vlan and DHCP scope my laptops. So I use this option in profiles in ISE:

Then setup the scope option and bobs your uncle.

So back to the issue, some sites just wouldnt move scopes i.e. they’d stay on default scope.  So first thing I did was debug the client via the CLI on the vWLC:

So the client knows it should be on vlan 153 but isnt moving…….So after much googling I found that my flex connect groups hadnt been setup properly.

I was missing the vlans from the vlans from AAA VLAN-ACL Mapping.  Added them in and everything started working on every site!!!

Very weird how it ever worked but there you go.

 

Tags: , , ,

Checking MTU from a remote client without having to talk to anyone

Posted by robd on January 02, 2020
Networking / No Comments

We suspected we had some MTU issues at one of our remote sites and as a 3rd line engineer I don’t often have to talk with users and after a while you get in the habit of not talking to users which leads to never wanting to talk to users. – Note you’ll need admin access to the users machine.

So here’s a little guide to run tests from users computers without having to call and talk to them.

First download and put it somewhere you can cmd too on your machine.

https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

Optional – Then download this if you for example want to test MTU.

https://elifulkerson.com/projects/mturoute.php

Next copy the MTUroute software to the user’s computer.

Next from your computer run the below command which will remotely execute mturoute.exe to test the MTU to 192.168.1.5 on UsersComputer:

Tags: ,

Copy Protected by Chetan's WP-Copyprotect.