Monday, July 22, 2013

Unable to add new Veeam proxy server with the error: “Failed to install deployment service.”

Problem

You attempt to add a new Veeam proxy server that is located in your DR site that will be used as a target proxy for replication but receive the following error:

[serverName] Failed to install deployment service.

Access is denied.

--tr:Failed to create persistent connection to ADMIN$ shared folder on host [IP Address].

--tr:Failed to install service [VeeamDeploymentService] was not installed on the host [IP address].

image

image

The service account you’re using is a local account on the proxy server that is a part of the local administrators group.

Solution

This error ended up being more Windows related than Veeam as when I tested connectivity to the server, I was able to RDP but could not UNC to the admin$ or c$ administrative shares.  What I realized after troubleshooting the issue was that UAC was turned on for the proxy server with Windows 2008 R2 as the operating system and this was denying access for accounts that try to remotely access these shares.  There are 2 ways to correct this:

  1. Turn off UAC
  2. Modify a registry key to allow remote access

I ended up opting for turning off UAC since this environment has most servers configured as such.

Friday, July 12, 2013

Remote Desktop Web Access (RD Web Access) published RDP connection to a workstation throws the error: “Windows cannot start the RemoteApp program. The following RemoteApp program is not in the list of authorized programs:”

Problem

You’ve published a Remote Desktop Connection to a desktop with the /v:<desktopFQDN> switch but you notice that you are unable to connect to it when you launch the connection through the RemoteApps programs and you are presented with the following error message:

Windows cannot start the RemoteApp program.

The following RemoteApp program is not in the list of authorized programs:

<desktopName>

For assistance, contact your system administrator.

image

image

You’ve verified that you’ve configured the Remote Desktop Connection Authorization Policies (RD CAPs) and Remote Desktop Resource Authorization Policies (RD RAPs) has been configured properly.

Solution

The solution to this problem I encountered at a client’s office ended up being a small typo in the Alias field for the published application which surprisingly caused the published remote desktop connection to stop working.  The environment had 2 session host servers and while combing through the configuration we noticed that the configuration for the published application on both of the hosts were identical aside from the Alias field as shown in the following screenshot:

image

Note that the Alias we wanted to use was RDP_WKS-GAADP01 so the window on the left has the incorrect alias.  Once we updated the session host server with the proper matching Alias, the error went away.

Wednesday, July 10, 2013

Initiating an Enterprise Voice call with Lync Server 2013 configured with a SIP trunk to an Avaya PBX generates the error: "Gateway responded with 407 Proxy Authentication Required";component="MediationServer";SipResponseText="Not Acceptable Here"

Problem

You’ve configured a SIP trunk between your Lync Server 2013 and Avaya PBX then proceed to try making a call but it fails.  A trace and review of the snooper logs reveal the following messages:

TL_INFO(TF_PROTOCOL) [0]101C.3494::07/02/2013-19:27:24.622.00200ea4 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:2387.idx(196))[1942010897] $$begin_recordTrace-Correlation-Id: 1942010897
Instance-Id: 47CF0E
Direction: incoming
Peer: 10.50.1.37:50518
Message-Type: request
INVITE sip: +14413243428@domain.com;user=phone SIP/2.0
Start-Line: INVITE sip:+14413243428@domain.com;user=phone SIP/2.0
From: <sip:tluk@domain.com>;tag=19ff1e0ea0;epid=c3c51f41cf
To: <sip:+14413243428@domain.com;user=phone>
Call-ID: 534e05e8aa1b44708dc434c65085e9bb
CSeq: 1 INVITE
Contact: <sip:tluk@domain.com;opaque=user:epid:aZDoBPYY6F-Y6_eBHuLUJQAA;gruu>
Via: SIP/2.0/TLS 10.50.1.37:50518
Max-Forwards: 70
Content-Length: 3266
Content-Type: multipart/alternative;boundary="----=_NextPart_000_0092_01CE7741.08E3A7C0"
Message-Body:

image

TL_INFO(TF_PROTOCOL) [0]16CC.49F8::07/02/2013-19:27:24.652.00204a6f (S4,SipMessage.DataLoggingHelper:1823.idx(752))[2278930503]
<<<<<<<<<<<<Incoming SipMessage c=[<SipTlsConnection_36A13A7>], 10.1.1.66:5070<-10.1.1.66:54529
INVITE sip:+14413243428@10.3.6.210:5070;user=phone;maddr=svrlyncstd02.domain.internal SIP/2.0
FROM: "Luk, Terence"<sip:tluk@domain.com>;tag=19ff1e0ea0;epid=c3c51f41cf
TO: <sip:+14413243428@domain.com;user=phone>
CSEQ: 1 INVITE
CALL-ID: 534e05e8aa1b44708dc434c65085e9bb
MAX-FORWARDS: 69
VIA: SIP/2.0/TLS 10.1.1.66:54529;branch=z9hG4bK8747CA4E.AB3C8956D2CD766C;branched=TRUE
VIA: SIP/2.0/TLS 10.50.1.37:50518;ms-received-port=50518;ms-received-cid=1250700
RECORD-ROUTE: <sip:SVRLYNCSTD02.domain.internal:5061;transport=tls;opaque=state:T;lr>;tag=510C2D779CC0040DA76277F02F7E55EE
CONTACT: <sip:tluk@domain.com;opaque=user:epid:aZDoBPYY6F-Y6_eBHuLUJQAA;gruu>
CONTENT-LENGTH: 3266
SUPPORTED: ms-dialog-route-set-update
SUPPORTED: timer
SUPPORTED: histinfo
SUPPORTED: ms-safe-transfer
SUPPORTED: ms-sender
SUPPORTED: ms-early-media
SUPPORTED: 100rel
SUPPORTED: replaces
SUPPORTED: ms-conf-invite
USER-AGENT: UCCAPI/15.0.4481.1000 OC/15.0.4481.1000 (Microsoft Lync)
CONTENT-TYPE: multipart/alternative;boundary="----=_NextPart_000_0092_01CE7741.08E3A7C0"
ACCEPT-LANGUAGE: en-US
ALLOW: INVITE, BYE, ACK, CANCEL, INFO, UPDATE, REFER, NOTIFY, BENOTIFY, OPTIONS
P-ASSERTED-IDENTITY: "Luk, Terence"<tel:+14413243445>
ms-application-via: SIP;ms-urc-rs-from;ms-server=SVRLYNCSTD02.domain.internal;ms-pool=svrlyncstd02.domain.internal;ms-application=ad894dc3-55e0-44bf-a07e-3c073aaa4a57
ms-application-via: ms-udc.cdr%3Dae53fde938cbac02468226ebea4f0a60%3A1%3Barch%3Dae53fde938cbac02468226ebea4f0a60%3A1;ms-pool=svrlyncstd02.domain.internal;ms-application=http%3A%2F%2Fwww.microsoft.com%2FLCS%2FUdcAgent;ms-server=SVRLYNCSTD02.domain.internal
Ms-Conversation-ID: Ac53QI9wCGXHUXoVQ+mYkXqLrnRsZQAAAmqgAAACNxAAACJckAAGPPNgAAADOQA=
ms-keep-alive: UAC;hop-hop=yes
ms-subnet: 10.50.1.0
ms-endpoint-location-data: NetworkScope;ms-media-location-type=Intranet
ms-routing-phase: from-uri-routing-done
ms-pai: "Luk, Terence"<sip:tluk@domain.com>,<tel:+14413243445>
ms-privacy: id
ms-obr-normalized-uri: <sip:+14413243428@domain.com;user=phone>
ms-from: "Luk, Terence"<sip:+14413243445@domain.com;user=phone>
ms-user-data: ms-publiccloud=TRUE;ms-federation=TRUE

image

TL_INFO(TF_PROTOCOL) [0]16CC.3F30::07/02/2013-19:27:25.554.002087ff (S4,SipMessage.DataLoggingHelper:1823.idx(774))[2278930503]
>>>>>>>>>>>>Outgoing SipMessage c=[<SipTlsConnection_36A13A7>], 10.1.1.66:5070->10.1.1.66:54529
SIP/2.0 488 Not Acceptable Here
FROM: "Luk, Terence"<sip:tluk@domain.com>;tag=19ff1e0ea0;epid=c3c51f41cf
TO: <sip:+14413243428@domain.com;user=phone>;tag=e9ae58741f;epid=7A239EA1A1
CSEQ: 1 INVITE
CALL-ID: 534e05e8aa1b44708dc434c65085e9bb
VIA: SIP/2.0/TLS 10.1.1.66:54529;branch=z9hG4bK8747CA4E.AB3C8956D2CD766C;branched=TRUE,SIP/2.0/TLS 10.50.1.37:50518;ms-received-port=50518;ms-received-cid=1250700
CONTENT-LENGTH: 0
P-ASSERTED-IDENTITY: <sip:+14413243428@domain.com;user=phone>
SERVER: RTCC/5.0.0.0 MediationServer
ms-diagnostics: 10407;source="SVRLYNCSTD02.domain.internal";reason="Gateway responded with 407 Proxy Authentication Required";component="MediationServer";SipResponseText="Not Acceptable Here";GatewayFqdn="10.3.6.210;trunk=10.3.6.210"
ms-diagnostics-public: 10407;reason="Gateway responded with 407 Proxy Authentication Required";component="MediationServer";SipResponseText="Not Acceptable Here"
ms-trunking-peer: 10.3.6.210;trunk=10.3.6.210;User-Agent="AVAYA-SM-6.2.0.0.620120"
ms-endpoint-location-data: NetworkScope;ms-media-location-type=intranet

 

image

TL_INFO(TF_PROTOCOL) [0]101C.4008::07/02/2013-19:27:25.556.002089ce (SIPStack,SIPAdminLog::ProtocolRecord::Flush:2387.idx(196))[2869572326] $$begin_record
Trace-Correlation-Id: 2869572326
Instance-Id: 47CF1D
Direction: incoming
Peer: svrlyncstd02.domain.internal:5070
Message-Type: response
Start-Line: SIP/2.0 488 Not Acceptable Here
FROM: "Luk, Terence"<sip:tluk@domain.com>;tag=19ff1e0ea0;epid=c3c51f41cf
TO: <sip:+14413243428@domain.com;user=phone>;tag=e9ae58741f;epid=7A239EA1A1
CALL-ID: 534e05e8aa1b44708dc434c65085e9bb
CSEQ: 1 INVITE
VIA: SIP/2.0/TLS 10.1.1.66:54529;branch=z9hG4bK8747CA4E.AB3C8956D2CD766C;branched=TRUE,SIP/2.0/TLS 10.50.1.37:50518;ms-received-port=50518;ms-received-cid=1250700
CONTENT-LENGTH: 0
ms-diagnostics: 10407;source="SVRLYNCSTD02.domain.internal";reason="Gateway responded with 407 Proxy Authentication Required";component="MediationServer";SipResponseText="Not Acceptable Here";GatewayFqdn="10.3.6.210;trunk=10.3.6.210"
ms-diagnostics-public: 10407;reason="Gateway responded with 407 Proxy Authentication Required";component="MediationServer";SipResponseText="Not Acceptable Here"

 

image

TL_INFO(TF_PROTOCOL) [0]16CC.4480::07/02/2013-19:27:25.559.002090bb (S4,SipMessage.DataLoggingHelper:1823.idx(774))[3101263875]
<<<<<<<<<<<<Incoming SipMessage c=[<SipTlsConnection_36A13A7>], 10.1.1.66:5070<-10.1.1.66:54529
ACK sip:+14413243428@10.3.6.210:5070;user=phone;maddr=svrlyncstd02.domain.internal SIP/2.0
FROM: "Luk, Terence"<sip:tluk@domain.com>;tag=19ff1e0ea0;epid=c3c51f41cf
TO: <sip:+14413243428@domain.com;user=phone>;tag=e9ae58741f;epid=7A239EA1A1
CSEQ: 1 ACK
CALL-ID: 534e05e8aa1b44708dc434c65085e9bb
MAX-FORWARDS: 70
VIA: SIP/2.0/TLS 10.1.1.66:54529;branch=z9hG4bK8747CA4E.AB3C8956D2CD766C;branched=FALSE
CONTENT-LENGTH: 0
SERVER: http%3A%2F%2Fwww.microsoft.com%2FLCS%2FOutboundRouting
ms-application-via: SIP;ms-urc-rs-from;ms-server=SVRLYNCSTD02.domain.internal;ms-pool=svrlyncstd02.domain.internal;ms-application=ad894dc3-55e0-44bf-a07e-3c073aaa4a57
ms-application-via: ms-udc.cdr%3Dae53fde938cbac02468226ebea4f0a60%3A1%3Barch%3Dae53fde938cbac02468226ebea4f0a60%3A1;ms-pool=svrlyncstd02.domain.internal;ms-application=http%3A%2F%2Fwww.microsoft.com%2FLCS%2FUdcAgent;ms-server=SVRLYNCSTD02.domain.internal
ms-routing-phase: from-uri-routing-done
ms-diagnostics-public: 5012;reason="ACK is being generated on receipt of a failure final response for an INVITE forked by application";AppUri="http%3A%2F%2Fwww.microsoft.com%2FLCS%2FOutboundRouting"

image

One of the error messages that catches your eye is the following:

"Gateway responded with 407 Proxy Authentication Required";component="MediationServer";SipResponseText="Not Acceptable Here"

Solution

After troubleshooting the issue with the PBX engineer, we noticed that we actually had a port mismatch between what was configured on his end and what was configured on my end.  The gateway listening port I had configured on my end was set to 5060:

image

While his end in the Avaya Aura System Manager 6.2 was set to 5068:

image

Small mistake which was fixed after I changed my TCP port to 5068:

image

Cisco UCS Manager reports the error: “VLAN default is error-misconfigured because of conflicting vlan-id with an fcoe-vlan”

Problem

You’ve recently updated your UCS infrastructure’s firmware to 2.0 or higher and noticed the following errors reported in the UCS Manager:

VLAN default is error-misconfigured because of conflicting vlan-id with an fcoe-vlan

image

Description: VLAN default is error-misconfigured because of conflicting vlan-id with an fcoe-vlan

ID: 10637116

Cause vlan-misconfigured

Code: F0833

image

Solution

The reason why this error is being reported is because Cisco no longer allows overlapping VLAN IDs for LAN and FCoE.  This usually isn’t a problem if the UCS firmware began with 2.0 or higher as the FCoE storage port native VLAN uses VLAN 4048 by default but if you’re upgrading from an earlier firmware, the default will most likely be set to 1 which overlaps with the LAN default VLAN as shown here:

image

As shown in the following documentation for firmware 2.0:

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/gui/config/guide/2.0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_010110.html#task_BECC98E803CB4DE39D256F525C556D89

… you must change the FCoE VLAN ID to a different value that is unique within the UCS infrastructure.  

**Note that changing the FCoE VLAN ID may cause a temporary outage of traffic on the SAN (until the VLAN re-converges) so schedule this small change after hours.

image

image

image

image

Note that the error immediately goes away once the overlapping FCoE VLAN has been corrected.

image

Logging onto a desktop immediately logs the user off with event ID 1542 “Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.” logged in the application logs

Problem

You’ve received a complaint that when a user attempts to log onto their desktop, they immediate get kicked off.  Logging onto the desktop with another account appears to be fine and the following errors are found in the event logs:

image

Event ID 1532:

Windows cannot load classes registry file.

DETAIL - The system cannot find the file specified.

image

Event ID 502:

Failed to apply policy and redirect folder "Pictures" to "\\file-03\RedirectedFolders$\someUser\Pictures".

Redirection options=0x1210.

The following error occurred: "Failed to get folder redirection capabilities".

Error details: "The system cannot find the file specified.

".

image

Event ID 502:

Failed to apply policy and redirect folder "Favorites" to "\\file-03\RedirectedFolders$\someUser\Favorites".

Redirection options=0x1210.

The following error occurred: "Failed to get folder redirection capabilities".

Error details: "The system cannot find the file specified.

".

image

Event ID 502:

Failed to apply policy and redirect folder "Documents" to "\\file-03\RedirectedFolders$\someUser\Documents".

Redirection options=0x1210.

The following error occurred: "Failed to get folder redirection capabilities".

Error details: "The system cannot find the file specified.

".

image

Event ID 502:

Failed to apply policy and redirect folder "Desktop" to "\\file-03\RedirectedFolders$\someUser\Desktop".

Redirection options=0x1210.

The following error occurred: "Failed to get folder redirection capabilities".

Error details: "The system cannot find the file specified.

".

image

Event ID 502:

Failed to apply policy and redirect folder "Start Menu" to "\\file-03\RedirectedStartMenu".

Redirection options=0x9020.

The following error occurred: "Failed to get folder redirection capabilities".

Error details: "The system cannot find the file specified.

".

image

Event ID 502:

Failed to apply policy and redirect folder "RoamingAppData" to "\\file-03\RedirectedFolders$\someUser\AppData\Roaming".

Redirection options=0x1210.

The following error occurred: "Failed to get folder redirection capabilities".

Error details: "The system cannot find the file specified.

".

image

Event ID 4098:

The user 'CCD' preference item in the 'Redirected Folders & User Customizations {0DABB54B-B804-4C83-B05F-379DC99D1F62}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.

image

Event ID 4098:

The user 'Dispatch Client' preference item in the 'Redirected Folders & User Customizations {0DABB54B-B804-4C83-B05F-379DC99D1F62}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.

image

Solution

The environment I was troubleshooting this issue in was a VMware View 5.1 infrastructure with non persistent pooled desktops that used a mix of Active Directory Folder Redirection and Persona Management to manage user profiles.  The error messages appeared to suggest that the redirected folders were the problem so the first troubleshooting step I did was to make sure those folders were accessible (they were) then I tried renaming the user’s redirected folder’s folder so that it would get created but that did not correct the problem.  What ended up correcting the issue was when I renamed the user’s VMware View Persona Management profile folder which contained everything that the Redirected Folder GPO did not roam (i.e. \AppData\Local).  After renaming the Persona Management folder and having it recreated, the user was then able to log in so I would say that the user’s profile must have somehow got corrupted.

Tuesday, July 9, 2013

Logging onto Cisco UCS Manager throws the error: “Login Error: java.net.SocketTimeoutException: Read timed out”

Problem

You attempt to log into the Cisco UCS Manager via the VIP of your clustered 6100 series Fabric Interconnects but receive the following error:

Logging onto Cisco UCS Manager throws the error: “Login Error: java.net.SocketTimeoutException: Read timed out”

image

Solution

I’ve come across this several times in the past as well as received quite a few calls over the past months so I thought I’d write a post about this in case anyone is searching this on the internet.

One of the reasons why this error would be presented while you log into the UCS Manager is if there is a switchover in progress between the 2 clustered 6100 series fabric interconnects.  To determine whether this is the case, you can either console or SSH into the fabric interconnect and execute the following command:

show cluster state

image

Note how in the above screenshot that both of the fabric interconnects has the status of:

Management services: SWITCHOVER IN PROGRESS

In the event that both fabrics are stuck in this state for a long time, one of the ways to fix this is to actually reboot both fabrics one after another giving enough time in between (say 5 minutes) so that the first fabric that you reboot becomes the primary fabric.

Maximum allowed partnerships exceeded for Exchange 2010 ActiveSync devices

Problem

You attempt to activate an iPhone or Android device with Exchange ActiveSync but receive the following error message:

You have 10 phone partnerships out of the maximum allowed 10 partnerships. After you reach the maximum, you can't create additional partnerships until you delete existing ones from your account. To do so, sign in to Outlook Web App, click Options > Phone > Mobile Phones, and delete any unused partnerships.

The account setup on the iPhone completes but mail does not sync while Android devices display the following message:

You have reached the maximum number of devices allowed in your device network

image

Solution

The reason why these messages are being displayed is because by default, Exchange 2010 actually has a limit on how many devices you can set up with ActiveSync and the default is 10 devices.  This usually isn’t a problem with regular users but if you’re an administrator that regularly sets up devices for users, you may find that you will quickly exceed the limit.

The way around this is to either delete some devices via the following instructions in OWA:

Sign in to Outlook Web App, click Options > Phone > Mobile Phones, and delete any unused partnerships.

image

Or use the Set-ThrottlingPolicy with the EASMaxDevices switch as shown in the following TechNet article to increase the maximum amount of ActiveSync devices allowed:

http://technet.microsoft.com/en-us/library/dd298094(v=exchg.141).aspx

Upgrade vCenter 4.1 to 5.1 fails with: “Error 25004. Setup failed to create the vCenter Server repository.”

Problem

You’ve successfully installed the new SSO and Inventory service then proceed to upgrade your existing vCenter 4.1 Build 4.1.0, 491557 to vCenter 5.1 but receive the following error while upgrading the vCenter service:

Error 25004. Setup failed to create the vCenter Server repository.

image

image

You notice that when you execute the command within SQL Server Management Studio to check the database version, the result indicates that the database has been upgraded to 5.1 but the install fails and rolls back leaving you with an upgraded database and uninstalled vCenter.

Proceeding to rollback to the 4.1 database then trying to use the following KB to purge the old data from the 4.1 database:

Purging old data from the database used by vCenter Server (1025914)
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1025914

… yields the same results.  Changing the vCenter log size to Unrestricted File Growth:

imageimage

… and rerunning the upgrade results in the same failure.

Solution

While a ticket was opened with VMware and the database was uploaded for their engineer to review, we did not get a response a full week went by so with a few trial and errors, what ended up fixing this issue for us was to upgrade our vCenter from 4.1 Build 4.1.0, 491557, which was quite an older build, to the latest 4.1 release, then upgrade it to the latest 5.1 build.

On another note, while we managed to get past the error above, we then ran into the following error:

Error 26002. Setup failed to register VMware vCenter Server to VMware vCenter Inventory Service.

It was easily fixed by backing up the contents in the folder C:\ProgramData\VMware\VMware VirtualCenter\SSL, copy the contents of C:\ProgramData\VMware\Infrastructure\Inventory Service\SSL to C:\ProgramData\VMware\VMware VirtualCenter\SSL then rerunning the install.

Monday, July 8, 2013

Notes on publishing physical desktops experience with Citrix XenDesktop 5.6

I recently had to test the physical desktop desktop catalog option in Citrix XenDesktop 5.6:

clip_image001[4]

… for a client as they were interested in seeing if it was an improvement to their current method of using RDP through VPN and I thought it would dump my notes into a blog post in case I ever needed to refer to them.

One of the immediate changes that happens to a physical desktop when the Citrix VDA agent installed is that the Citrix virtual desktop agent replaces the ATI Radeon HD 2400 Pro display adapter:

clip_image001

… with the display driver Citrix Systems Inc. Display Driver:

clip_image001[6]

I noticed that this immediately caused an issue with the physical desktop because the Citrix XenDesktop agent’s video driver does not appear to display dual monitors when you interactively log on to the physical desktop from the desk.  Opening the Screen Resolution administration console on the Windows 7 desktop shows that only 1 monitor was detected and therefore the second monitor was projecting the same image as the primary monitor.  I tried playing around with the configuration parameters but couldn’t get the second monitor detected.  This single monitor detection does not appear to affect the XenDesktop experience as the Citrix video driver does a great job with displaying multiple monitors for users connecting via the Citrix Receiver.

Another small issue I noticed with dual monitors was that if you connect via XenDesktop to the physical desktop with dual monitors, drag a window to the 2nd monitor, maximize the window, log on via the console of the physical desktop reverting back to a single monitor, the maximized window in the 2nd monitor won’t automatically get brought back to the single main monitor.

Other than the issue above, the desktop works quite well whether through the console of the physical desktop or XenDesktop access.  When a XenDesktop session is established to the physical desktop, the physical desktop’s monitor goes black with a small ticker that blinks and to take over the session as the console is as simple as hitting ctrl-alt-delete to bring up the login screen.

SQL tables containing Citrix XenDesktop 5.6 DDC entries

For those who have come across one of my previous posts:

Manually removing orphaned Citrix XenDesktop 5.6 DDC (Desktop Delivery Controller)
http://terenceluk.blogspot.com/2013/03/manually-removing-orphaned-citrix.html

… may know that I’ve encountered an issue where the environment I was working in had an orphaned DDC left in the database that was not removed properly.  What I noticed was that while the script in my previous post appeared to have removed the DDC from Desktop Studio, it continued to show up in Desktop Director’s console.  Furthermore, after installing the update:

Hotfixes Update 4 - For Citrix XenDesktop 5.6 Controller x64 - English
http://support.citrix.com/article/CTX136580

Desktop Studio began prompting me to update the orphaned DDC whenever I opened the Dashboard:

Upgrades for some services are available.

Services can be upgraded on the following controller.

image

Opening up another call with Citrix lead us to running the PowerShell cmdlet to generate the SQL script but the problem with doing so this time was that executing Get-BrokerController no longer displayed the orphaned DDC:

image

… and therefore I was unable to get the required SID variable for the cmdlet:

$db = "CitrixXenDesktopDB"
$sid = "DCC-SID"   
New-Item -ItemType file "$PWD\evict_$sid.txt" -Force
Add-Content "$PWD\evict_$sid.txt" (Get-ConfigDBSchema -DatabaseName $db -ScriptType Evict -SID $sid)
Add-Content "$PWD\evict_$sid.txt" (Get-AcctDBSchema -DatabaseName $db -ScriptType Evict -SID $sid)
Add-Content "$PWD\evict_$sid.txt" (Get-HypDBSchema -DatabaseName $db -ScriptType Evict -SID $sid)
Add-Content "$PWD\evict_$sid.txt" (Get-ProvDBSchema -DatabaseName $db -ScriptType Evict -SID $sid)
Add-Content "$PWD\evict_$sid.txt" (Get-PvsVmDBSchema -DatabaseName $db -ScriptType Evict -SID $sid)
Add-Content "$PWD\evict_$sid.txt" (Get-BrokerDBSchema -DatabaseName $db -ScriptType Evict -SID $sid)
Invoke-Item "$PWD\evict_$sid.txt"

What ended up being the solution was to actually open up the Citrix XenDesktop SQL database from within SQL Server Management Studio and browsing the following table for the orphaned DDC object:

  • ConfigurationSchema.Services
  • MachinePersonalitySchema.Services
  • DesktopUpdateManagerSchema.Services
  • ADIdentitySchema.Services

I was eventually able to find an entry representing the orphaned DDC to generate the SQL script to remove the orphaned DDC so that I am no longer prompted to upgrade the DDC but I can’t help to wonder what will happen when I need to patch the DDC again.

One last note before I end this post is that I was also given a tool named XenDesktop Site Checker:

http://support.citrix.com/article/CTX133767

… that was supposed to be the GUI version of the PowerShell script above.  The instructions I received from the engineer are as follows:

Download the site checker tool from this article and run as administrator on your DDC (Xendesktop Server).  One it run on the left pane it should display the site name and where you can drill down to the Controllers on the controller branch in the tree.  See if the controller that needs eviction come up and right click on that controller, when you do you should see an option to create Evict Script as seen below.  Try to use that evict script to remove the orphan DDC.

clip_image002

I didn’t end up having to use it but figured I’d include it in this post as it might come in handy in the future.

Thursday, July 4, 2013

terenceluk.blogspot.com turns 3 years old

It’s truly amazing to see how far this blog has made it over the past 3 years and it brings a smile to my face to see the comments I receive from people all around the world thanking me for the posts.  Work has been extremely busy for me over the past few months which is why I haven’t really written many posts but I promise I’ll be back in full force soon.

I’d like to thank everyone for visiting my blog and contributing to the 1.3 million visitors and the average for 3500 visitors a day. 

Thank you!

Wednesday, July 3, 2013

Veeam 6.5 replication job fails with “Soap fault. No DataDetail: 'get host by name failed in tcp_connect()', endpoint: 'https://DR-vCenterName:443/sdk'”

I recently ran into an issue where my Veeam replication job that replicates VMs from a head office to a DR site would fail with the following error:

[30.06.2013 16:37:40] <  6648> vim| >>  |Cannot get service content.

[30.06.2013 16:37:40] <  6648> vim| >>  |Soap fault. No DataDetail: 'get host by name failed in tcp_connect()', endpoint: 'https://DR-vCenterName:443/sdk'

The infrastructure consists of a Veeam backup and replication server in the head office with a dedicated Veeam proxy target in the DR site along with a vCenter and ESXi host serving as the replication target.  The proxy in the DR environment wasn’t joined to the domain or configured with DNS settings so just as the error apparently suggests, the cause of the failure was because the proxy in the DR could not resolve the vCenter name in the DR.  A simple host record fixed this or if preferred, configuring the DNS settings of the DR proxy with the domain’s DNS servers would achieve the same results.  I opted to use a host record because the DR environment I was working in was a hosted solution that did not allow DNS queries from DR to the head office.

Setting up replication with Veeam 6.5 over a slow WAN link with the option “Map replicas to existing VMs”

I’ve recently had to set up a disaster recovery environment for a client using Veeam Backup & Replication 6.5 (6.5.0.109):

image

… as the replicating application to replicate virtual machines from their office to another datacenter.  The virtual machines were quite large and the link between the office and the datacenter was only 10Mbps so we decide to use the Low connection bandwidth (enable replica seeding) option:

image

… where we would copy the Veeam backups to the DR site and use the Get seed from the following backup repository:

image

to perform the initial seeding so we won’t have to pull the terabytes of data through a 10Mbps link.  What I noticed immediately when I kicked off this job was that the operation’s data rate was going as slow as the 10Mbps link so I placed a call into Veeam support and was told that this feature apparently had a bug and that I should workaround this problem by:

  1. Install Veeam onto a server in the DR site
  2. Copy the backups to DR
  3. Use the Veeam server in the DR site to perform an actual restore onto the vCenter/ESXi hosts serving as the replication target
  4. Use the Map replicas to existing VMs option to map the replica (the manually restored VM)

image

I have since gone ahead to do this and was able to get the replication between sites going.