30. March 2009 by admin.

Probably one of the most common complaints when someone is deploying Exchange  and the organization has Windows Mobile Phones that they would like to sync up with the Exchange server is the puzzling “Why won’t this just work?” question that plagues system administrators. Usually this is following the flagging the option to use forms-based authentication. While the solution is out there, sometimes folks don’t know exactly why or where the problem is originating so they have a hard time finding it. Well, hopefully this little paragraph describing the problem will allow some search engine somewhere to allow someone, somewhere to locate this solution easier. That and it’s always good to just have this one handy in your local arsenal of tools that Myke and I are comprising. So. Adding to our list of ‘ oh yeah, that’s how I fixed that ‘ articles… here’s how to resolve why Microsoft ActiveSync will not work any Exchange installation where SSL and/or forms-based authentication has been enabled out of the box.  Keep in mind these changes should be made to the server with the mailboxes on them, not a front-end server. Also something worth noting is that if you have an SBS2003 installation, these options should already be set. If they are not or you are having problems with ActiveSync, run through these instructions to check and ensure that they are all present. If they are, perhaps your problem isn’t in authentication or contacting the server, but something a little easier to address.
**This method will involve creating a new virtual directory from a copy of the original to handle related requests. If you are not comfortable with registry changes or IIS settings, you may not want to try this.

Disable forms-based authentication on the Exchange server you are about to modify.

1. Open Exchange Manager.
2. Expand Administrative Groups, expand the first administrative group, and then expand Servers.
3. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
4. Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
5. Click the Settings tab, clear the Enable Forms Based Authentication check box, and then click OK.
6. Close Exchange Manager.
7. Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).

Create a secondary virtual directory and configure ActiveSync to communicate with it.

1. Start Internet Information Services (IIS) Manager.
2. Locate the Exchange virtual directory. The default location is as follows:

   Web Sites\Default Web Site\Exchange

3. Right-click the Exchange virtual directory, click All Tasks, and then click Save Configuration to a File.
4. In the File name box, type a name. For example, type ExchangeVDir. Click OK.
5. Right-click the root of this Web site. Typically, this is Default Web Site. Click New, and then click Virtual Directory (from file).
6. In the Import Configuration dialog box, click Browse, locate the file that you created in step 4, click Open, and then click Read File.
7. Under Select a configuration to import , click Exchange, and then click OK.A dialog box will appear that states that the “virtual directory already exists.”
8. Select the Create a new virtual directory option. In the Alias box, type a name for the new virtual directory that you want Exchange ActiveSync and Outlook Mobile Access to use. For example, type exchange-oma. Click OK.
9. Right-click the new virtual directory. In this example, click exchange-oma. Click Properties.
10. Click the Directory Security tab.
11. Under Authentication and access control, click Edit.
12. Make sure that only the following authentication methods are enabled, and then click OK:
    • Integrated Windows authentication
    • Basic authentication
13. On the Directory Security tab, under IP address and domain name restrictions, click Edit.
14. Click the option for Denied access, click Add, click Single computer and type the IP address of the server that you are configuring, and then click OK twice.
15. Under Secure communications, click Edit. Make sure that Require secure channel (SSL) is not enabled, and then click OK.
16. Click OK, and then close the IIS Manager.
17. Click Start, click Run, type regedit, and then click OK.
18. Locate the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters

19. Right-click Parameters, click to New, and then click String Value.
20. Type ExchangeVDir, and then press ENTER. Right-click ExchangeVDir, and then click Modify.NoteExchangeVDir is case-sensitive. If you do not type ExchangeVDir exactly as it appears in this article, ActiveSync does not find the key when it locates the exchange-oma folder.
21. In the Value data box, type the name of the new virtual directory that you created in step 8. For example, type /exchange-oma. Click OK.
22. Quit Registry Editor.
23. Restart the IIS Admin service. To do this, follow these steps:
    1. Click Start, click Run, type services.msc, and then click OK.
    2. In the list of services, right-click IIS Admin service, and then click Restart.

To re-enable forms-based communcation, you may do the following:

1. Open Exchange Manager.
2. Expand Administrative Groups, expand the first administrative group, and then expand Servers.
3. Expand the server container for the Exchange Server 2003 server that you will be configuring, expand Protocols, and then expand HTTP.
4. Under the HTTP container, right-click the Exchange Virtual Server container, and then click Properties.
5. Click the Settings tab, click to select the Enable Forms Based Authentication check box, and then click OK.
6. Close Exchange Manager.
7. Click Start, click Run, type IISRESET/NOFORCE, and then press ENTER to restart Internet Information Services (IIS).

Hopefully this will help you out. If not, send your error along to one of us and we’ll see if we have a solution. If we do, we’ll post it up.
Mirrored on: http://travis.sarbin.net/2009/03/29/exchange-2003-activesync-w-ssl-andor-forms-based-authentication

Posted in Exchange | 1 Comment »

29. March 2009 by Myke.

There is a ton of buzz all over the media world about this worm and what it will do and how to tell if you have.  As complex as this worm is, it is also very simple to determine if you have it or not.

Step 1 - If you have Automatic Updates turned on, check to see if it is now turned off.  These reason is that this worm actually turns off updates to protect itself.

Step 2 - Manually run Microsoft Updates.  If you can run updates manually on your computer then you are okay.  This worm will actually prevent you from connecting to the update sites.

Now that we know how to check for it, how do you prevent it.  Very simple.  Keep your computer updated and make sure your anti-virus software is running and current.

What do you do if you have this worm?  You will want to contact your anti-virus software vendor and see if they can help you out.  If not and they want to charge you an arm and a leg, give it a go yourself.  There is a couple very easy to use and free tools you can use to remove it but it will take some patience.

• Malwarebytes Anti-Malware - You can grab this GREAT tool from www.malwarebytes.org.
• LavaSoft Ad-Aware - You can grab this great little removal tool from www.lavasoft.com.

Now that you have a couple of removal tools, start running them and cleaning.  A great tip is to update both pieces of this software and then run them from Safe Mode with your computer not on the network/Internet.

Good luck and happy hunting, so to speak.

Posted in Networking, Internet, Registry, Scripting, Security, Technical Questions, Laptops, Desktops, Microsoft, General Hardware, Servers | No Comments »

27. March 2009 by Myke.

To install Message Queuing 4.0 on Windows Server 2008

1. In Server Manager, click Features.
2. In the right-hand pane under Features Summary, click Add Features.
3. In the resulting window, expand Message Queuing.
4. Expand Message Queuing Services.
5. Click Directory Services Integration (for computers joined to a Domain), then click HTTP Support.
6. Click Next, then click Install.

To install Message Queuing 4.0 on Windows Vista

1. Open Control Panel.
2. Click Programs and then, under Programs and Features, click Turn Windows Features on and off.
3. Expand Microsoft Message Queue (MSMQ) Server, expand Microsoft Message Queue (MSMQ) Server Core, and then select the check boxes for the following Message Queuing features to install:
   • MSMQ Active Directory Domain Services Integration (for computers joined to a Domain).
   • MSMQ HTTP Support.
4. Click OK.
5. If you are prompted to restart the computer, click OK to complete the installation.

To install Message Queuing 3.0

1. Open Control Panel.
2. Click Add Remove Programs and then click Add Windows Components.
3. Select Message Queuing and click Details.

Note:  MSMQ 4.0 is not available in Windows XP and Windows Server 2003.  If you are running Server 2003 and you install MSMQ 3.0, select Application Server to access Message Queuing.

Posted in Citrix, Microsoft | No Comments »

25. March 2009 by admin.

Anyone who has tried to set that up knows what I’m talking about. I actually got this all figured out a couple months ago but failed to make a post about how I did it, so today I found myself trying to remember what I did while trying to fix one of our other sites. So this time, I’m going to post it up.

The surprisingly common error you see when you setup ISA 2006 with Exchange 2007 and try to access ActiveSync manually is the following:

501 - Header values specify a method that is not implemented.

This is a good error actually, it means ActiveSync should be working fine, however, if your ISA server points to a EX2007 Client Access Server (CAS) which then proxies to other CAS servers in your environment, you may get a message like the following when trying to access a mailbox in another internal site:

405 - HTTP verb used to access this page is not allowed.

At that point you start to question your sanity and your skills on Google as you can’t seem to figure out for the life of you why after all that work of making sure the configurations matched up on all your servers did it now not work? You can access the local CAS server directly and pick up the 501 but whenever you try to hit ActiveSync through the CAS Proxy it seems to just bomb on you.

Assuming the above is true and you can indeed connect to it directly, try looking at a few settings. In IIS Manager, look at the properties for ‘ Microsoft-Server-ActiveSync ‘ under your Default Web Site (or non-Default) and check on your settings for Handler Mappings and Authentication. You should have the following:

• Handler Mappings - Make sure the OptionsVerbHandler is configure for ‘All verbs’ not just ‘OPTIONS’
• Authentication - Make sure all Authentication options are disabled except for ‘ Basic Authentication ‘ and ‘ Windows Authentication’

If you’ve configured those settings, make sure your Proxy CAS and Target CAS are both running the same Exchange rollup version and reboot them. It should be working now.

Hopefully this will help some poor soul out there.

Mirrored on http://travis.sarbin.net/2009/03/25/multiple-exchange-2007-servers-isa-2006-activesync

Posted in Exchange | No Comments »

10. March 2009 by Myke.

Request from Tech Talk reader:  What is the easiest way to export all email addresses out of Active Directory?

Easy, Google the question and there you go.  :-)  Just kidding.  Here is a very basic VBS script you can use.  But first a little background…AD Users & Computers UI lets you list the mail column for each object, which displays the default SMTP email address for objects. You can export the list from ADUC as csv/txt. However, any additional email addresses in the proxyAddresses attribute are not exported.

‘==================================================================================================
‘
‘ VBScript Source File
‘
‘ NAME: LISTEMAILADDRESSES.VBS
‘ VERSION: 1.0
‘ AUTHOR: Myke Reinhold
‘ CREATE DATE  : 7/18/2003
‘ LAST MODIFIED : 10/31/2005
‘==================================================================================================
‘ COMMENT:
‘
‘==================================================================================================

‘Set up constant for deleting values from multivalued attribute memberOf

Const ADS_PROPERTY_NOT_FOUND  = &h8000500D
Const ADS_UF_ACCOUNTDISABLE = 2                       ‘For UserAccountControl
Const strX400Search = “X400″
‘______________________________________________________

‘Set RootDSE
Set objRootDSE = GetObject(”LDAP://rootDSE”)
strDomain = objRootDSE.Get(”defaultNamingContext”)
strADPath = “LDAP://” & strDomain
‘wscript.Echo strADPath
Set objDomain = GetObject(strADPath)
‘wscript.echo “objDomain: ” & objDomain.distinguishedName

‘Setup ADODB connection
Set objConnection = CreateObject(”ADODB.Connection”)
objConnection.Open “Provider=ADsDSOObject;”
Set objCommand = CreateObject(”ADODB.Command”)
objCommand.ActiveConnection = objConnection

‘Execute search command to look for Contacts & Groups
objCommand.CommandText = _
“<” & strADPath & “>” & “;(&(|(objectClass=contact)(objectClass=group))(mail=*))” & “;distinguishedName,displayName,mail,proxyAddresses;subtree”

‘Execute search to get Recordset
Set objRecordSet = objCommand.Execute

‘Start procedure

strResult = strResult & VbCrLf & “Domain: ” & strDomain

strResult = strResult & VbCrlf &  “#Total Records Found (other accounts): ” & objRecordSet.RecordCount & VbCrlf
AddressCount = 0

While Not objRecordSet.EOF ‘Iterate through the search results

strUserDN = objRecordSet.Fields(”distinguishedName”)     ‘Get User’s distinguished name from Recordset into a string
set objUser= GetObject(”LDAP://”& strUserDN & “”)         ‘Use string to bind to user object

strResult = strResult & VbCrlf &  “cn: ” & objUser.cn
strResult = strResult & VbCrlf &  “mail: ” & objUser.mail
arrProxyAddresses = objRecordSet.Fields(”proxyAddresses”)
If IsArray(objRecordSet.Fields(”proxyAddresses”)) Then
strResult = strResult & VbCrLf & “Proxy Addresses”

For Each ProxyAddress in arrProxyAddresses

‘Sub: Check X400
If InStr(ProxyAddress, strX400Search) <> 0 Then
‘Wscript.Echo “#This was an x400″
Else
strResult = strResult & VbCrlf &  proxyAddress
End If   ‘Ends loop for X400 address
Next

Else
strResult = strResult & VbCrlf &  “#Object does not have proxy addresses”
End If
strResult = strResult &  VbCrLf

objRecordSet.MoveNext
Wend

‘*************************************
‘Begin second query for users
varDisabledCounter = 0

‘Execute search command to look for user
objCommand.CommandText = _
“<” & strADPath & “>” & “;(&(objectClass=user)(mail=*))” & “;distinguishedName,displayName,mail,proxyAddresses;subtree”

‘Execute search to get Recordset
Set objRecordSet = objCommand.Execute

strResult = strResult & vbCrlf &  “#Users”
strResult = strResult & VbCrlf &  “#Total Records Found (users): ” & objRecordSet.RecordCount & VbCrlf

While Not objRecordSet.EOF ‘Iterate through the search results
strUserDN = objRecordSet.Fields(”distinguishedName”)     ‘Get User’s distinguished name from Recordset into a string
set objUser= GetObject(”LDAP://”& strUserDN & “”)         ‘Use string to bind to user object

If objUser.AccountDisabled = TRUE Then                    ‘If User account disabled, then skip proxy address enum
varDisabledCounter = varDisabledCounter + 1
strResult2 = strResult2 & VbCrLf & varDisabledCounter & ” ” & objUser.displayName & VbCrLf

strResult2 = strResult2 & “cn: ” & objUser.cn
strResult2 = strResult2 & VbCrlf &  “mail: ” & objUser.mail
arrProxyAddresses = objRecordSet.Fields(”proxyAddresses”)
If IsArray(objRecordSet.Fields(”proxyAddresses”)) Then
strResult2 = strResult2 & VbCrLf & “Proxy Addresses”

For Each ProxyAddress in arrProxyAddresses
‘Sub: Check X400
If InStr(ProxyAddress, strX400Search) <> 0 Then
‘Wscript.Echo “#This was an x400″
Else
strResult2 = strResult2 & VbCrlf &  proxyAddress
AddressCount = AddressCount + 1
End If   ‘Ends loop for X400 address
Next
Else
strResult2 = strResult2 & VbCrLf &  “#Object does not have proxy addresses”
End If
strResult2 = strResult2 &  VbCrLf

Else

strResult = strResult & VbCrlf &  “cn: ” & objUser.cn
strResult = strResult & VbCrlf &  “mail: ” & objUser.mail
arrProxyAddresses = objRecordSet.Fields(”proxyAddresses”)
If IsArray(objRecordSet.Fields(”proxyAddresses”)) Then
strResult = strResult & VbCrLf & “Proxy Addresses”

For Each ProxyAddress in arrProxyAddresses
‘Sub: Check X400
If InStr(ProxyAddress, strX400Search) <> 0 Then
‘Wscript.Echo “#This was an x400″
Else
strResult = strResult & VbCrlf &  proxyAddress
AddressCount = AddressCount + 1
End If   ‘Ends loop for X400 address
Next
Else
strResult = strResult & VbCrLf &  “#Object does not have proxy addresses”
End If
strResult = strResult &  VbCrLf

End If   ‘End check for disabled user

objRecordSet.MoveNext
Wend  ‘End second query for users

strResult = “Users, Groups & Contacts” & VbCrLf & “————————-” & VbCrLf & strResult
strResult = strResult & VbCrLf & “Disabled Users” & VbCrLf & “————————-” & VbCrLf & strResult2
WScript.Echo strResult

‘Output to a text file
Set objFileSystem = CreateObject(”Scripting.FileSystemObject”)
Set objOutputFile = objFileSystem.CreateTextFile(”C:\proxyaddresses.txt”)
objOutputFile.Write strResult

This script basically does the following:

1. Queries Active Directory for Contacts & Groups
2. Lists their email addresses
3. Queries Users
4. Lists enabled users’ email addresses
5. Lists disabled users’ email addresses separately
6. Outputs to command line and also to a text file - c:\proxyaddresses.txt

Possible script error - Error list.vbs: (54, 13) (null): 0×80005000

When you look at line 54 it reads:
strUserDN = objRecordSet.Fields(”distinguishedName”)

You have to enter your “distinguishedName” for the script to work.  How how to get it?  It’s fairly simple, Let’s assume your domain is called “example.local”, and the container with employees is called “Employees”.  The distinguishedName in this case wil be “OU=Employees,DC=EXAMPLE,DC=LOCAL”.  If you want to get the name for a subfolder “Employees->Accounting” your name would change to “OU=Accounting,OU=Employees,DC=EXAMPLE,DC=LOCAL”.  Moreover, you can uncomment the following lines (by removing ‘) wscript.Echo strADPath wscript.echo “objDomain: ” & objDomain.distinguishedName to display variables you’re looking for.

Posted in Scripting, Active Directory, Microsoft | No Comments »

8. March 2009 by Myke.

There’s actually a simpler way to read and write to an NTFS partition from XenServer, but you’ll need to plug your USB drive into a Windows machine and share it. Once shared, and knowing the share name, and the IP address of your Windows machine, you can use the following example mount commands:

mount //192.168.1.13/ShareName /mnt

or
mount //192.168.1.13/Sharename /mnt -o username=olivierw

You may have to supply a password for your share, and you may have to supply an alternate user name to the CIFS service (other than the default ‘root’ user). By-the-way, this is the method that XenServer itself uses when you create an ISO CIFS Storage Repository in XenCenter.

posted by: Myke Reinhold
source: Homerun Networks & Citrix

Posted in Citrix | No Comments »

8. March 2009 by Myke.

If you wanted to dedicate a USB drive to your XenServers, you could format it with a Linux filesystem. That way you could use it as storage to backup your VMs, and restore them on other machines if needed. Assuming you know the device name of the partition you want to use, use the following as an example command:

mkfs -v -t ext3 /dev/sdc1

Warning: Doing this will destroy any existing data on the partition, and you will not be able to use this disk on a Windows machine without reformatting it using Windows Disk Manager: You have been warned!

As always, with any Linux command you can use the online manual (if it’s installed), for example:

man mkfs

Once formatted, you can mount this device into the filesystem, as shown previously in USB drive access. Now you can read and write to the drive, as in this following example which will backup a VM to the external USB drive:

xe vm-export vm=’W2K8 DC’ filename=’/mnt/backups/W2K8 DC.xva’

posted by: Myke Reinhold
source: Homerun Networks & Citrix

Posted in Citrix | No Comments »

8. March 2009 by Myke.

Since your XenServer machine is Linux-based, there are some challenges in getting/putting data from/to a removable USB device.

First off: Once you’ve plugged a USB drive into you XenServer machine, how do you access the data therein? The first thing to do is logon to the Control Domain, usually through XenCenter, and type the command:

fdisk -l

Notice that the fdisk command shows the disks that XenServer knows about. I’ve highlighted here (in red) an NTFS USB drive that I’ve plugged into the XenServer. Notice also that the device name is /dev/sdc, and that the first partition on that device has itself a device name of /dev/sdc1. In this example, the local disk on which I’ve installed XenServer is /dev/sda, which has three partitions (shown first in the listing).

Accessing an NTFS USB drive in XenServer

Here I’ve plugged in an NTFS USB drive, and I’ve established that XenServer (Linux) knows the first partition by the name /dev/sdc1.  Since this is a disk device, we need to “mount” it into the Linux filesystem. In this way, it will become a part of the filesystem hierarchy. The only thing I need is an empty directory to mount “over”. Most Linux distributions come with an empty /mnt directory for just this purpose:

mount /dev/sdc1 /mnt

Note that the target directory of your mount has to exist, and any files that existed in that directory will be “hidden” until you un-mount the device (see later for un-mounting). There’s nothing special about the directory you mount over - it’s a regular directory. What I usually end up doing is creating another directory inside of /mnt to mount my disk over. That way I can have many “mount points” if I want to transfer data between them.

The big drawback with mounting an NTFS drive is that it’s supported in read-only mode only. This isn’t usually a problem with software like NTFS-3G being available, but Citrix doesn’t support the installation of any software inside of the XenServer Control Domain.

But at least now I can use regular Linux commands to copy data from the drive, for example you could import an already backed-up VM straight from the drive, using something like:

xe vm-import filename=’/mnt/backups/Windows XP.xva’

This assumes that there was an existing folder in the root of the mounted partition called backups.

Before unplugging the USB drive, you’ll need to “un-mount” the drive, making sure that your current working directory is not somewhere down the /mnt path (or wherever you’ve mounted the device):

cd /
umount /mnt

Now you can safely unplug the USB drive from the XenServer machine.

posted by: Myke Reinhold
source: Homerun Networks & Citrix

Posted in Citrix | No Comments »

8. March 2009 by Myke.

Doing a bit of system maintenance, I noticed some interesting stuff today about my %TEMP% folder. 

The folder and its decedents are 13GB in size (that’s with a G and 9 zeros) and has 9,483 files!  This is almost equal to the “free space” on my drive.  Besides needing a bigger drive, this isn’t a good use of space on the machine.  Hum…

How’d it get there?  I’m not totally sure, but a big piece of it is debugging the streaming profiler.  After getting half way through profiling of an application - killing the profiler.  I do this alot.  The profiler tries to be a good citizen and clean up when it is done, but if you kill it, it never gets the chance.  I’ll also add that the profiler doesn’t delete on the way “in” as it ASSUMES that their might be other instances of the profiler running at the same time, so it doesn’t delete their stuff.

Back to me.  13GB wasted in temporary file system space!

XenApp hosted people have it easy.  There’s a configuration option to obliterate the TEMP folders on logoff.  I’m a domain based user using a machine that is part of the domain.  I don’t get the automatic delete on logoff and because I am not admin of the Citrix company domain, I also don’t have ability to set the setting to obliterate everything.  In an ideal world, I would have this Citrix Profile management stuff on my domain and all of this would be magically taken care of for me.  We will get there, but for now I still have 13GB wasted space!

What to do?  Just deleting it won’t be good enough - it will come back!

I went browsing the internet and found this nice article on how to clean house.  I can’t make deleting the TEMP space part of my system’s logoff, but I can command my machine to run batch files of my choosing at logoff.  Great!  If only I had a most-excellent set of batch files to help with the house cleaning.

A bit of coding and now I DO have these and I’m so happy with myself now that I now share the batch files with you.  Installation instructions are inside the batch file comments.

First bat file: logoff-script.bat@echo off
REM This script runs at every logoff for every user.
REM Enable by group policy (local policy)
REM
REM Start/Run GPEDIT.MSC
REM    User Configuration - Windows Settings
REM    Scripts - Logoff
REM    Add - Add this script.
setlocal
set OUTFILE=c:\logoff-script.log

REM Use a worker bat file to faciliate redirection of output.
call logoff-worker.bat | tee -a “%OUTFILE%”
endlocal

Second bat file: logoff-worker.bat@echo off
REM Called by logoff-script to faciliate redirecting output to log file
echo.
echo logoff-script running
date /t
time /t
echo Erasing TEMP directory

echo BEFORE
du -q “%TEMP%”

rd /s /q “%TEMP%” 1>nul: 2>&1
if not exist “%TEMP%\.” mkdir “%TEMP%”

echo AFTER
du -q “%TEMP%”

Things to notice.  First, I logged the output to the root of drive C:.  Mere user’s don’t have privilege to write to this space and on Vista, you’ll probably get a UAC dialog.  Easy to fix by writing to My Documents or similar.

In the main bat, there is a call to “tee -a”.  There are a million tee filters on the Internet.

In the worker, there’s a call to “du.exe” to log the before/after statistics.  This is the du.exe utility from Mark Russinovich (SysInternals).  Download from Microsoft Technet.  If you don’t have the DU utility and still want to log output, dir /s “%TEMP%” 2>&1 | tail -2.   Right, better to use the tool.

What about the registry?  If the file system has garbage left over from interrupted profiling, then the registry should also be poluted.  Went looking, nothing there.  Luck?  Probably not, but I uninstalled/reinstalled the profiler and client yesterday, so it is possible that the installer took care of this for me.  The place to look is HKLM\Software\Citrix\AIE, yes AIE!.  More information on the temporary spaces of the streaming profiler can be found here.

We will begin working on creating these files into Powershell scripts.  Once they are complete we will post them here for download.

posted by: Myke Reinhold
source: Homerun Networks & Citrix

Posted in Citrix | No Comments »

8. March 2009 by Myke.

Profile management ensures that the user’s personal settings are applied to the user’s virtual desktop and applications, regardless of the location and end point device.

Profile management is enabled through a profile optimization service that provides an easy, reliable way for managing these settings in Windows environments to ensure a consistent experience by maintaining a single profile that follows the user. It auto-consolidates and optimizes user profiles to minimize management and storage requirements and requires minimal administration, support and infrastructure, while providing users with improved logon and logout.

Profile management is a feature available for XenApp Enterprise and Platinum editions and XenDesktop Advanced, Enterprise and Platinum editions.

Business challenges

In a virtualized world, where users can get to their desktops and applications from practically any location or device, you need to leverage “user profile” technology to ensure users get a consistent experience every time. When users log on to their virtual desktop or launch a virtual application, they want to see everything just as they left it, with their own personal settings, shortcuts, toolbars, templates, desktop wallpapers and favorites. The more complex and varied the user access scenarios, the more challenging it becomes for IT to manage these user profiles.

The most common challenges that impact the user experience and that administrators have to address when managing user profiles are:

• Last writer wins – When users work on more than one physical or virtual device, their individual personal settings may be overwritten in a seemingly random manner when they log off.
• Profile bloat and logon speed – Profile bloat creates unwieldy growth in user profiles and resulting storage and management issues. Typically during logon Windows copies the user’s roaming profile over the network down to the local machine. Logon time is prolonged by the time it takes to transfer the whole profile over the network. The larger the profiles are and the more files they contain the slower the logons will be.

Key benefits of using Profile management

• Consistent Experience: Increases user satisfaction and improves productivity
  — Reliable roaming experience: Ensures that personal settings, documents, shortcuts, templates, desktop wallpapers, cookies and favorites always follow the user across different Windows environments on any device.
  — Faster logon times: Provides the ability to control and reduce the profile size, which improves the logon times.
• Better Management: Reduces administrative burden
  — Inclusion by default: By default all settings are captured, reducing the amount of time and effort spent in identifying what should be captured in a profile.  Administrators only need to focus on the items to be excluded from a profile, such as conflicting settings, files or folders that bloat the profile.
  — Profile size control: Enables administrators to only include specific files and folders or exclude unnecessary ones that account for tens or hundreds of megabytes, minimizing the amount of data being managed and stored in the profile and decreasing network overhead.
  — Robust profiles: Automatically detects and stores all modified profile settings in the registry and file system and can be configured to capture any kind of registry and file system modification within the profile. Prevents the unintentional overwriting of user profiles by using built-in logic to determine which data should be kept.
  — Extended synchronization: Allows administrators to synchronize files and folders for poor-performing applications that do not store user-related content within the user profile but somewhere on the device hard disk.
  — Detailed reports: Logs detailed information on all actions being performed in an easy to read and understandable format, simplifying the troubleshooting and analysis process.
  — Easy to implement and simple to maintain: Enables administrators to automatically migrate existing user settings and choose at a granular level which profile information to keep or discard. It runs as a system service, and does not require any additional servers, services, or databases or changes to logon scripts.

To use Citrix Profile Management, just log into MyCitrix.com and download it.

posted by: Myke Reinhold
source: Homerun Networks & Citrix

Posted in Citrix | No Comments »