Saturday, 24 October 2015

Network Check Before VDI Implemention on Branches



Check you able to ping VDI Server from client device

Ping myvdiserver. you need to ping VDI connection server IP.


once you able to communicate vdi server check how good communication between client Desktop to VDI Server

Try this batch script

==========================================================
@echo off

set /p host=VDI Server URL:
set logfile=Log_%host%.log

echo Target Host = %host% >%logfile%
for /f "tokens=*" %%A in ('ping %host% -n 1 ') do (echo %%A>>%logfile% && GOTO Ping)
:Ping
for /f "tokens=* skip=2" %%A in ('ping %host% -n 1 ') do (
    echo %date% %time:~0,2%:%time:~3,2%:%time:~6,2% %%A>>%logfile%
    echo %date% %time:~0,2%:%time:~3,2%:%time:~6,2% %%A
    timeout 1 >NUL
    GOTO Ping)

=========================================================

Create batch file and run it. you will see command prompt open as shown below.
Enter Connection server IP or FQDN and Enter


It will show below mentioned like response. Note : Good network should have stable communication and non disturb of communication. Means it ping latency should be stable which should be less 50ms more than that will impact you VDI desktop performance. 


Or
Try other batch script
==========================================================

@echo off

for /f "tokens=*" %%A in ('ping <ip_Address> -n 1 ') do (echo %%A>>pinglog.txt && GOTO Ping)
:Ping
Timeout /t 1 >nul
for /f "tokens=* skip=2" %%A in ('ping <ip_Address> -n 1 ') do (echo %date% %time% %%A>>pinglog.txt && GOTO Ping)

============================================================
just run this script and it will create file pinglog.txt and don't forget to mention ip address in <ip_address> in script.

Port Check


View Connection/Security servers are usually deployed in DMZ and acts as proxy for horizon view clients. As a best practices for both Security Servers and Connection Servers is to keep the Windows Firewall turned on. During the install process the installer notifies you that your firewall isn’t On. The installer opens the ports during install.

If the firewall on either server is turned off, View will not be able to use IPSEC when communicating. Security servers has to be paired with connection servers. Static IP is a requirement here.

The front-end security servers needs to have following ports opened:

HTTP Ports

80 (TCP)

  • The port 80 TCP must be open in only the inbound direction.

HTTPS Ports

443 (TCP)

  • The port 443 TCP must be open in only the inbound direction.

PCoIP Ports

4172 (TCP/UDP)


  • Used for PCoIP in a VMware View 4.5 and later environment. This port is required for the PCoIP display protocol.
  • The port 4172 UDP must be open in both inbound and outbound directions.
  • The port 4172 TCP must be open in only the inbound direction.


Even if planning small deployment, the View Connection Server must be installed on its own dedicated server. It must NOT be installed on the vCenter server or a domain controller. So the smallest view infrastructure needs four components:

ESXi
vCenter
View Connection Server
Active Directory




Key Firewall Considerations for VMware Horizon 6

  • TCP 8472: View interpod API (Cloud Pod Architecture) – NEW
  • TCP 22389: Global ADLDS (Cloud Pod Architecture) – NEW
  • HTTPS (443): Horizon Client access, authentication and RDP tunnel (HTTPS Secure Gateway)
  • HTTPS (8443): Used by HTML Access (Blast)
  • HTTPS (22443): HTML Access (Blast) to Virtual Desktops
  • TCP 9427: Used by Windows multimedia redirection (MMR)
  • TCP 32111: USB Redirection
  • ESP (Protocol 50) used for Security Server and Connection Server IPSEC communication (requires Windows firewall with Advanced Security to be enabled)
  • UDP 500: IPsec negotiation for Security Server and Connection Server communication and pairing.


VMware horizon View 6 documentation links:



Thursday, 15 October 2015

Windows Command Line

Runas is a very useful command on Windows OS. This command enables one to run a command in the context of another user account.

Run a program from another user account

The command to launch a program using another user credentials is given below.

runas /user:domainname\username program

For example, if you want to open registry editor as administrator of the computer, the command would be as below.

runas /user:administrator regedit

After running the above command, you will be asked to enter the password of administrator account. After password validation, registry editor will be opened with the administrator account credentials.

To specify arguments to the program

If you need to provide arguments to the program that need to be invoked as another user, you can put the program name and the parameters in double quotes.

runas /user:username "program argument1 argument2 ..."
For example to open the file C:\boot.ini as administrator, the command would be:

runas /user:administrator "notepad C:\boot.ini"

Running command prompt as another user 

If you have multiple commands need to be executed with administrator(or any other user )credentials, instead of running each command using runas, you can open command prompt window once as the administrator and then run all the commands in that window. Below is the command for opening a command window using runas.

runas /user:administrator cmd

Example:

C:\>runas /user:administrator cmd
Enter the password for administrator:
Attempting to start cmd as user "techblogger-pc\administrator" ...
It will launch new command window after printing the above message.

Run a batch file as administrator

To run a batch file as administrator of the computer, you need to mention the path of the batch file in the place of command in the runas syntax.

For example, to run the batch file located at c:\data\mybatchfile.bat, you need to run the below command.

runas /user:administrator C:\data\mybatchfile.bat

Export Folder list


Click Start, click All Programs, click Accessories, right-click Command Prompt, and select Run as Administrator.
 
b. Browse to the location that contains the files and folders whose list of names you want to generate.
 
cd <path>

Export folder name
Dir /b > Myfileslist.txt

Export folder name with sub folder
Dir /s /b /o:n /ad > Myfileslist.txt

Tuesday, 13 October 2015

How to enable .NET Framework 3.5 on Windows 8 or 2012

Install the .NET Framework 3.5 on Demand

If an app requires the .NET Framework 3.5, but doesn't find that version enabled on your computer, it displays the following message box, either during installation, or when you run the app for the first time. In the message box, choose Install this feature to enable the .NET Framework 3.5. This option requires an Internet connection.



Enable the .NET Framework 3.5 in Control Panel

You can enable the .NET Framework 3.5 yourself through Control Panel. This option requires an Internet connection.
Press the Windows key Windows logo on your keyboard, type Windows Features, and press Enter. This brings up the Turn Windows features on or off dialog box. Alternately, open Control Panel, click on the Programs items, and then click on “Turn Windows features on or off” under Programs and Features.
Select the .NET Framework 3.5 (includes .NET 2.0 and 3.0) check box, press OK, and reboot your computer if prompted.

Step 1 :
Go to Settings. Choose Control Panel then choose Programs



Step 2 :
Click Turn Windows features on or off, and the user will see window as image below.



You do not need to select the child items for Windows Communication Foundation (WCF) HTTP activation unless you are a developer who requires WCF script and handler mapping functionality

How to enable .NET Framework 3.5 on Windows 8 in Offline Mode

 if the user does not have an internet connection, this steps can not be applied.


The following are the steps to enable .NET Framework 3.5 (include .NET 2.0 and 3.0) feature in offline mode :

Step 1 :

Insert Windows 8 DVD or mount ISO image. The source of this feature can be found in folder E:\sources\sxs. (In this case E: the user’s drive letter on which the user has loaded Windows 8 Media.)

Step 2 :
Open CMD.EXE with Administrative Privileges. 



Step 3 :
Run the following command Dism.exe /online /enable-feature /featurename:NetFX3 /All /Source:E:\sources\sxs /LimitAccess, and hit Enter. 




After completing the installation of .NET Framework 3.5 you can see that the feature is enabled.



In Windows Server 2012 and for Windows Server 2012 R2

To use the Add Roles and Features Wizard, follow these steps:
  1. Insert the Windows installation media.
  2. Start the Add Roles and Features Wizard.
  3. On the Select features page, select the .Net Framework 3.5 Features check box, and then click Next.
  4. On the Confirm installation selections page, click the Specify an alternate source path link. The screen shot for this step is listed below.
  5. On the Specify Alternate Source Path page, type the path of the SxS folder as a local path or as a network share path. The screen shot for this step is listed below.
  6. Click OK.
  7. Click Install to finish the wizard.




Monday, 5 October 2015

VMware UEM management

VMware UEM series: Management console and setup
VMware acquired Immidio a while back and transformed it into VMware UEM. In this blog series I will show you how to setup VMware UEM, what the requirements are. The next blog article will discuss the installation of the agent in th VDI desktop and the configuration of the group policy. The last blog will discuss benefits of using an UEM solution instead of standard Microsoft tooling.

So enough about what is coming let's take a look at VMware UEM.

What is UEM?
UEM stands for User Environment Management, in normal words managing everything regarding the user. So everything that lives in the HKCU and AppData world is managed by a UEM solution. It takes away the need to use roaming or mandatory profile and therefore eliminates all issues users have experienced during the years.
With UEM you now have complete control of the users environment, to your and their benefit.
Requirements
The great thing about VMware UEM is that there are just a minimal set of requirements to get it up and running. the following requirements are there;



  • Configuration share
  • User share
  • License file
  • Active Directory
  • Group Policy




Configuration share
The configuration share is the share where VMware UEM  stores the configuration you setup in the management console. You need to create a share called e.g. UEMShare but the name is of course all your to choose.

The share permissions have to be set to:


  • Administrator: Change
  • User: Read


NTFS permissions have to be set to:


  • Administrators: Full Control
  • User: Read&Execute 


User Share

The user share is the place where the user profile related settings are stored, Its a unique folder for each user similar to the roaming profile folder you're used to. Create share with the name e.g. UserProfiles.

The share permissions have to be set to:
User: Change

The NTFS permissions have to be set to:
Administrators: Full Control : This folder, subfolders and files
User: Read&Execute, Create&append data : This folder only
Creator owner: Full control : Subfolders and files only

Group policies

For group policies to work you need to make sure the correct files are there, there are a couple of files that we need here. The are found in the download of VMware UEM.
VMware UEM Flexengine.admx
VMware UEM helpdesk support tool.admx
VMware UEM Administrator console.admx
VMware UEM Sync tool Computer.admx
VMware UEM Sync tool User.admx
VMware UEM.admx
Copy these and the ADML files to the Policydefenitions folder on the domain controller.

With this in place the only extra requirement is that you need .Net Framework 2.0 SP1 installed. If however you run Windows 8.x that is covered with 3.5

Setup management console
The setup is a breeze, there is nothing difficult there. Let's walk through it quickly.










The only interesting option during the installation is the selection of the management console in the setup. Just wanted to show you this before we head on to the finish.






Select the license file and click on install, a matter of minutes later VMware UEM management console is installed.

Configuration

Let's take a look at some configuration you need to do after the installation of the management console.

After you installed the console you see two new icons, open the one for the management console.




First step to take, and first question you get is to set the configuration share. so fill in the UNC path to the configuration share.




Once you finished with the share you have several options you can switch on or off. the settings allow you to customize your UEM environment. I disabled Application Migration because I won't be using that here.



There is support for App-v 4 and 5 so on that tab configure the settings for App-v if you run that in your environment.  They have some issues with ThinApp so that's not available here.



The other option is Symantec Workspace virtualization... well that as much as I say about that. I've never seen anyone use this,so I disabled it.



A few more settings further and the console opens, I'm ready to start setting up UEM.



This concludes the installation and configuration of the management console. There is not much to it., the real work starts after you setup the agent and the policies. You will need to setup the user environment like they had with a roaming profile.. but now without any profile and based on context and flexible.

Thursday, 1 October 2015

Data Copy(EUC user Data)

Robocopy can be used for Data migration 


Robocopy (Robust File Copy) is a command-line file copy utility that comes with Windows Vista / Windows 2008 or newer. Until Vista, Robocopy was a part of  Windows Resource Kit Tools as a free download (http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en This link is external to TechNet Wiki. It will open in a new window. ). Unlike normal copy commands, Robocopy is designed for reliable copy or mirroring while maintaining the permissions, attributes, owner information, timestamps and properties of the objects copied.





         ============================================================
robocopy "F:\Folder1\FOLDER2" "\\fileshare\myfile\Charvo" /MIR /SEC /secfix /R:5 /W:5
        ============================================================



Robocopy syntax

ROBOCOPY source destination [file [file]...] [options]
sourceSource Directory (drive:\path or \\server\share\path)
destinationDestination Dir (drive:\path or \\server\share\path)
fileFile(s) to copy (names/wildcards: default is "*.*")
Copy options
/SCopy Subdirectories, but not empty ones.
/ECopy subdirectories, including Empty ones.
/LEV:nOnly copy the top n LEVels of the source directory tree.
/ZCopy files in restartable mode.
/BCopy files in Backup mode.
/ZBUse restartable mode; if access denied use Backup mode.
/EFSRAWCopy all encrypted files in EFS RAW mode.
/COPY:copyflag[s]What to COPY for files (default is /COPY:DAT).
(copyflags : D=Data, A=Attributes, T=Timestamps).
(S=Security=NTFS ACLs, O=Owner info, U=aUditing info).
/DCOPY:TCOPY Directory Timestamps.
/SECCopy files with SECurity (equivalent to /COPY:DATS).
/COPYALLCOPY ALL file info (equivalent to /COPY:DATSOU).
/NOCOPYCOPY NO file info (useful with /PURGE).
/SECFIXFIX file SECurity on all files, even skipped files.
/TIMFIXFIX file TIMes on all files, even skipped files.
/PURGEDelete dest files/dirs that no longer exist in source.
/MIRMIRror a directory tree (equivalent to /E plus /PURGE).
/MOVMOVe files (delete from source after copying).
/MOVEMOVE files AND dirs (delete from source after copying).
/A+:[RASHCNET]Add the given Attributes to copied files.
/A-:[RASHCNET]Remove the given Attributes from copied files.
/CREATECREATE directory tree and zero-length files only.
/FATCreate destination files using 8.3 FAT file names only.
/256Turn off very long path (> 256 characters) support.
/MON:nMONitor source; run again when more than n changes seen.
/MOT:mMOnitor source; run again in m minutes Time, if changed.
/RH:hhmm-hhmmRun Hours - times when new copies may be started.
/PFCheck run hours on a Per File (not per pass) basis.
/IPG:nInter-Packet Gap (ms), to free bandwidth on slow lines.
/SLCopy symbolic links versus the target.
/MT[:n]Do multi-threaded copies with n threads (default 8).
n must be at least 1 and not greater than 128.
This option is incompatible with the /IPG and /EFSRAW options.
Redirect output using /LOG option for better performance.
File Selection Options
/ACopy only files with the Archive attribute set.
/MCopy only files with the Archive attribute and reset it.
/IA:[RASHCNETO]Include only files with any of the given Attributes set.
/XA:[RASHCNETO]eXclude files with any of the given Attributes set.
/XF file [file]...eXclude Files matching given names/paths/wildcards.
/XD dirs [dirs]...eXclude Directories matching given names/paths.
/XCeXclude Changed files.
/XNeXclude Newer files.
/XOeXclude Older files.
/XXeXclude eXtra files and directories.
/XLeXclude Lonely files and directories.
/ISInclude Same files.
/ITInclude Tweaked files.
/MAX:nMAXimum file size - exclude files bigger than n bytes.
/MIN:nMINimum file size - exclude files smaller than n bytes.
/MAXAGE:nMAXimum file AGE - exclude files older than n days/date.
/MINAGE:nMINimum file AGE - exclude files newer than n days/date.
/MAXLAD:nMAXimum Last Access Date - exclude files unused since n.
/MINLAD:nMINimum Last Access Date - exclude files used since n.
(If n < 1900 then n = n days, else n = YYYYMMDD date).
/XJeXclude Junction points. (normally included by default).
/FFTAssume FAT File Times (2-second granularity).
/DSTCompensate for one-hour DST time differences.
/XJDeXclude Junction points for Directories.
/XJFeXclude Junction points for Files.
Retry Options
/R:nNumber of Retries on failed copies: default 1 million.
/W:nWait time between retries: default is 30 seconds.
/REGSave /R:n and /W:n in the Registry as default settings.
/TBDWait for sharenames To Be Defined (retry error 67).
Logging Options
/LList only - don't copy, timestamp or delete any files.
/XReport all eXtra files, not just those selected.
/VProduce Verbose output, showing skipped files.
/TSInclude source file Time Stamps in the output.
/FPInclude Full Pathname of files in the output.
/BYTESPrint sizes as bytes.
/NSNo Size - don't log file sizes.
/NCNo Class - don't log file classes.
/NFLNo File List - don't log file names.
/NDLNo Directory List - don't log directory names.
/NPNo Progress - don't display percentage copied.
/ETAShow Estimated Time of Arrival of copied files.
/LOG:fileOutput status to LOG file (overwrite existing log).
/LOG+:fileOutput status to LOG file (append to existing log).
/UNILOG:fileOutput status to LOG file as UNICODE (overwrite existing log).
/UNILOG+:fileOutput status to LOG file as UNICODE (append to existing log).
/TEEOutput to console window, as well as the log file.
/NJHNo Job Header.
/NJSNo Job Summary.
/UNICODEOutput status as UNICODE.
Job Options
/JOB:jobnameTake parameters from the named JOB file.
/SAVE:jobnameSAVE parameters to the named job file.
/QUITQUIT after processing command line (to view parameters).
/NOSDNO Source Directory is specified.
/NODDNO Destination Directory is specified.
/IFInclude the following Files.