I found this post while looking for different custom solutions to notify our end users of changes to the Citrix environment or outages related to published applications. As you can see from my simple, static blog while I definitely appreciate well designed web styles; I am not a huge fan of writing CSS and figuring out what works (or doesn’t) with different browsers, etc. Anyway, after downloading this tool and playing around with it I figured it would work for the team to leverage to easily publish notifications for the end users.

I liked the functionality but I wanted a self contained solution and a few more formatting options so I borrowed this idea and wrote this tool to encompass what was already done and add a little more. This also gave me an excuse to finally dip my toe into WPF. I did not modify much of the look/feel of the original as it works well. If it ain’t broke…

Modify receiver.html

Most everyone should already have it, but you will need at least .NET 4.5 Framework installed on the SF server(s).

First thing to do is modify the receiver.html file. In the original post, this was done with a separate PowerShell script, but I added it to the tool. Click on the Modify receiver.html button and it will prompt you to select the target file (in case you have multiple stores), make a backup copy of the current one and make the following modification:

Replace

<div id=”pluginTop”><div id=”customTop”></div></div>

with the following

<div id=”pluginTop”><div id=”customTop”><div class=”StoreMarquee”><span></span></div></div></div>

If you have multiple Storefront servers, you will need to copy the updated file to each server or run the tool separately on each server.

Multiple Storefront Servers

If you want to publish the notification to multiple Storefront servers, you will need to create a Publish.txt file in the same directory as this utility. Enter the following path to each server as shown below; one server per line replacing [StoreName] with the actual name of your store:

\\server01.corp.net\C$\inetpub\wwwroot\Citrix\[StoreName]Web\custom\style.css

\\server02.corp.net\C$\inetpub\wwwroot\Citrix\[StoreName]Web\custom\style.css

\\server02.corp.net\C$\inetpub\wwwroot\Citrix\[StoreName]Web\custom\style.css

Using the tool

Once the preliminary stuff is done, simply launch the tool, open the style.css file using the button on top and set up your notification. Enter the message in the text window and modify the colors, font styles, and sizes using the controls. Set the Banner State to Enabled or Disabled and then click Apply. If you have multiple Storefront servers, click the Publish button to push it to the other servers. As shown below, the tool will also preview what the banner will look like before you publish it.

Note: If you have a long notification, you might find that the scrolling needs to be slowed down a bit. You can do this by manually modifying the following lines in the style.css file after you apply your changes and before you publish. Change the 30s to however many seconds works best.

animation: StoreMarquee 30s linear infinite;
-moz-animation: StoreMarquee 30s linear infinite;
-webkit-animation: StoreMarquee 30s linear infinite;

Storefront Custom Banner

Download the tool/source here.

In a recent redesign of a PKI infrastructure, I engaged Microsoft to help implement some best practices as the previous PKI design had been setup by the “guy who knows the most about certificates” about a decade ago.

As part of this process, the PFE stated that the use of the certsrv web page is being deprecated within Microsoft in favor of command line and MMC functionality. With that in mind, I made it a point to publish templates that were only absolutely necessary and focus on the site being an easy point to download the chain and CRL and that’s about it. It was funny how quickly I realized I used that webpage way more than I thought I did.

To keep me from having to constantly refer to Technet or keep using certreq /? all the time, I put together this quick PowerShell script to help automate the process. I also added a little Windows Forms integration so that I could allow some of the application teams to request their own certs instead of constantly requesting new ones for testing, etc.

This isn’t groundbreaking or anything and it isn’t the first script with this functionality, but it saves me a bit of time :).

#requires -Version 3.0

function Get-CertificateRequestFile {
  param (
    [string]$InitialDirectory = $PSScriptRoot
  )
  [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-Null
  $ShowDialog = New-Object System.Windows.Forms.OpenFileDialog
  $ShowDialog.InitialDirectory = $InitialDirectory
  $ShowDialog.Filter = "CSR File (*.csr)|*.csr|Request File (*.req)|*.req|Text File (*.txt)|*.txt|All Files (*.*)|*.*"
  $ShowDialog.ShowDialog() | Out-Null
  return $ShowDialog.FileName
}


function Get-CertificateTemplates {
  $script:IssuingCA = certutil -config - -ping
  $script:IssuingCA = $script:IssuingCA | Where-Object { ($_ -match '\\') -and ($_ -notmatch 'Connecting')}
  $TemplateList = certutil -CATemplates -config $script:IssuingCA
  return $TemplateList
}

$script:IssuingCA = ""
$TemplateItems = @{}
$i = 0
$RequestFile = Get-CertificateRequestFile
$Templates = Get-CertificateTemplates

foreach ($Template in $Templates) {
  if ($Template.Contains("--")) { 
    $CurrentItem = $Template -split ' -- '
    $TemplateItems.Add($i,$CurrentItem[0])
    $i++
  }
} 
do { 
  Clear-Host
  Write-Output "`n"
  Write-Output "Selected Certificate Authority: $script:IssuingCA`n"
  $TemplateItems.GetEnumerator() | Sort-Object Name | ForEach-Object {Write-Output (" {0} - {1}" -F $_.Key, $_.Value)}
  $SelectedItem = Read-Host -Prompt "`nSelect the number for the requested template (CTRL+C to quit)"
  if ($SelectedItem -notin @(0..$i)) { 
    $CurrentUIColor = $Host.UI.RawUI.ForegroundColor
    $Host.UI.RawUI.ForegroundColor = 'Yellow'
    Write-Output "Please select a valid number or CTRL+C to quit.." 
    $Host.UI.RawUI.ForegroundColor = $CurrentUIColor
    Start-Sleep -Seconds 2
  }
} while ($SelectedItem -notin @(0..$i))

$results = $TemplateItems.GetEnumerator() | Where-Object { $_.Key -eq $SelectedItem}
$SelectedTemplate = ($($results.Value -split ':')[0]).Trim()

certreq -submit -config $script:IssuingCA -attrib "CertificateTemplate:$SelectedTemplate" $RequestFile

Clear-Variable TemplateItems

So you were probably redirected here and are wondering where is the tool?

While I did have something written in C#, it was kind of a pain to keep updating and seemed to have grown into something overly complicated. So… I decided to re-write it in Powershell. It is a side project but I should have something set to release before too long.

There are definitely other cool versions of something like this you can find, but they seemed to do one or two things and not everything. For example, it would clean excluded files but not excluded directories, or it would work with local UPM settings, but not really integrate with AD policies, etc. I want a tool that I can clean one or all profiles and clean files and directories that are excluded. Therefore, I cracked open ISE and off I went.

Sorry for the inconvenience; hope you find it worth the wait when ready.

Working with some older hardware (HP DL585 G7 and NC523 SFP 10Gb Dual Port Adapters), I ran into an issue with a Hyper-V cluster where the nodes would intermittently crash with the DPC_WATCHDOG_VIOLATION error with a 0x133 error code. The crash was guaranteed to be repeated if I manually initiated a Live Migration process. This error is essentially caused by a driver exceeding a timeout threshold. You can read more about the watchdog violation here and if you’re feeling really geeky, you can read about DPC objects and driver I/O here.

After analyzing the memory.dmp, the stack pointed to the QLogic driver (dlxgnd64.sys). As I’m sure you would, I proceeded to update the driver for the Intelligent NIC; however, since the server was already a little over 2 years old, the latest version of the HP driver was already installed. Hmm… Next, I went to QLogic directly and looked up their number for the NC523 which they OEM for HP which turned out to be QLE3242. The driver on the QLogic site was more current so I gave that a shot. After updating I tested again with a Live Migration and once again enjoyed the lovely cornflower blue hue of the BSOD. Crap. Back to Google.

After additional digging, I found some errors in the System event log for ID 106 regarding load balanced teaming on the NIC. After a little research, I ran across this article on MS Support. Again, I’ll let you read the details but in a nutshell, the NIC’s in the team were overlapping their usage of the same processors. As I was using hyper-threading, I followed the steps in the article to specify specific processors for each NIC and the max number of processors VMQ could use:

Set-NetAdapterVMQ -Name “Ethernet1” -BaseProcessorNumber 4 -MaxProcessors 8 (VMQ would use processors 4,6,8,10,12,14,16,18)
Set-NetAdapterVMQ -Name “Ethernet2” -BaseProcessorNumber 20 -MaxProcessors 8 (VMQ would use processors 20,22,24,26,28,30,32,34)

This did not require a restart and once I made the changes on the NIC’s, I was able to Live Migrate without any crashes. I will also note that although I updated the drivers, I also tested this without updating on another Hyper-V cluster with identical hardware and the VMQ settings resolved the issue there. I burned about 6 to 8 hours banging my head on various troubleshooting items including several I didn’t include here so I hope this post saves you a bit of time and headache.

After upgrading Storefront from 2.5 to 3.5, I noticed that all published applications where the VDA was running on Windows 2012R2 started displaying the Windows logon process in a splash screen.alt text

The application continued to launch successfully, but this splash screen did not start appearing until after the Storefront upgrade. This also did not occur on VDA’s running on Windows 2008R2, only 2012 servers. The fix was to update the following registry key on the VDA:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CitrixLogon
Name: DisableStatus
Type: REG_DWORD
Value: 0x00000000