I ran into an issue while upgrading components in preparation for our XenApp 5 migration where after installing Web Interface 5.2 I could connect and see my published applications but when I tried to launch one I would get an error “Citrix online plug-in could not contact the server”.
The solution is to edit the WebInterface.conf in your PN Agent IIS site and add a line “RequireLaunchReference=off”.
It took quite a bit of Googling but I found the solution.
The reason for this problem is that MS KB953230 uses the same range of ports as WDS defaults to (64001-65000) for TFTP file transfers so you need to set WDS to use a different port range (62000-63000 works well). This will only occur on a server where you have the DNS role installed as well as WDS (most likely a domain controller).
Copy the .tar file you downloaded from cisco.com to a TFTP server then login to the switch and run “archive download-sw /overwrite /reload tftp://<your-tftp-ip>/<path-to-tar>/<tar-filename>”
You need to set “User Configuration \ Administrative Templates \ Windows Components \ Internet Explorer \ Turn Off Tabbed Browsing” to “Disabled”, then set “User Configuration \ Administrative Templates \ Windows Components \ Control Panel \ Display \ Desktop Themes \ Load a specific visual style or force Windows Classic” to “Enabled” but leave the path blank.
As we’re implementing a migration from Windows 2003/Exchange 2003 to Windows 2008/Exchange 2007 at work at the moment I’ve been doing a lot of reading on FSMO placement for the new domain controllers. I found this article which gives a clear outline of how it should be done.
In my environment, we have 1 physical DC which is also the file server and TS licensing server, and another VM which is built specifically as a DC. The VM is assigned the Schema Master, Domain Naming Master, PDC Emulator, RID Master roles and is a Global Catalogue, while the file server will handle the Infrastructure Master role and will NOT be a Global Catalogue. All DCs at branch offices will be setup as Read Only DCs and will be Global Catalogues and will be configured to cache the passwords of the users at that office. As we are also running Exchange 2007 at this site I am evaluating whether there is another server we can promote as a redundant Global Catalogue.
Many times I’ve gone to hit CTRL-K, S in a JOE session to save changes to a file but missed the “K” meaning I actually sent CTRL-S to the terminal which sends a “stop flow” signal.
Previously I’ve always just disconnected the session and restarted with a fresh one meaning I lost any changes to the file since my last save so tonight I decided to find out how to recover from this. Turns out all you need to do is hit CTRL-Q and you’ll be able to see all the changes that were sent to the screen since you hit CTRL-S.
Both my network monitoring servers suffered this condition over the 2wks my company takes holidays for Christmas so I returned to work to find 2 VMs consuming 6ghz of CPU between them. A quick check of top showed mysqld_safe consuming 100% CPU on both VMs for no apparent reason.
After trying the usual /etc/init.d/mysql restart with no success, Google was my friend yet again. Turns out this is a common problem with MySQL 5.0.51 on Ubuntu so the procedure to recover is:
sudo /etc/init.d/mysql stop
sudo killall -9 mysqld_safe
sudo /etc/init.d/mysql start
In my journeys through many forums and blogs, I also discovered a great tool to help with MySQL performance issues: mytop. Basically it’s like the normal *nix “top” command, except for MySQL so you can see queries etc as they run.
After messing around for the past 2hrs trying to figure out which driver I needed for the LSI Logic SCSI controller under ESXi I’ve finally worked it out. You need to go to http://www.lsi.com/obsolete/lsi20320_3157.html and download the Windows XP WHQL driver (currently v1.20.18.00).
Once you’ve downloaded it, extract it, then extract the symmpi_wXP_1201800.ZIP file contained inside.
Open WinImage and create a new 1.44mb floppy with the files contained in symmpi_wXP_1201800.ZIP in the root of the image. Make sure you save it as a .FLP!!!
Copy the image to your datastore and attach it to the floppy drive of your XP VM (making sure you have LSI Logic selected in the SCSI controller options) but untick the option to have the floppy drive connected.
Start the XP install and make sure you hit F6 when prompted to install the additional SCSI drivers. Go back and connect your floppy drive and you will be able to load the drivers and complete the install.
Two wrongs don’t make a right, but three lefts do.
I extracted a tarball which had applied 777 (rwx) permissions to all files and directories that it contained. I wanted to set all files to 644 and all directories to 755, but there were too many levels to do it manually so I needed to do it through a shell script. After trying various BASH “for” loops, I checked the man page for “find” and was able to do the whole lot in 2 lines:
find . * -type d -exec chmod 0755 {} +
find . * -type f -exec chmod 0644 {} +
While I work at Head Office, my company runs Citrix Presentation Server 4.0 for branch and remote access. We also have access to Outlook Web Access for checking email from home but I prefer to use the fully-fledged Outlook client when possible, so I needed to install the ICA client on my home Linux workstation which currently runs Fedora 8. The following instructions got it working perfectly after logging in as “root”:
yum install libXp
wget ftp://ftp.ics.com/openmotif/2.3/2.3.0/openmotif-2.3.0-1.fc6.i386.rpm
rpm -Uvh openmotif-2.3.0-1.fc6.i386.rpm
ln -s /usr/X11R6/lib/libXm.so.4.0.0 /usr/X11R6/lib/libXm.so.3
ldconfig
ln -s /usr/lib/ICAClient/npica.so /usr/lib/mozilla/plugins/wget -O /usr/lib/ICAClient/keystore/cacerts/Equifax_Secure_Global_eBusiness_CA-1.crt https://www.geotrust.com/resources/root_certificates/certificates/Equifax_Secure_Global_eBusiness_CA-1.cer
rpm -ivh—nodeps ICAClient-10.6-1.i386.rpm
NB: You may need to adjust or even ignore the second “wget” command depending on who your company bought its SSL certificate through. Mine bought theirs from http://www.trustico.com.au which required me to manually install the root certificate of their upstream CA (GeoTrust).
I decided to install FreeBSD 7.0-RELEASE in a VMware VM tonight since it was just released, and while the installation went smoothly I soon discovered that leaving the MBR of a fresh VM untouched was the wrong thing to do. Obviously it needs something to kick it into action, so I had to download the FreeBSD 7.0 LiveFS CD, boot up, and run:
fdisk -B -b /mnt/boot/boot0 ad0
This assumes your primary boot drive and partition (ad0 and the root filesystem ‘/’ in my case) were mounted under /mnt.
Reboot and you should have a functioning FreeBSD system.
For this you’ll need an IIS 6.0 server with the web and SMTP components installed, as well as the IIS 6.0 Resource Kit Tools.
Install the SelfSSL component from the IIS 6.0 Resource Kit Tools.
Create a new web site in IIS and note it’s site ID by clicking on the “Web Sites” parent in the tree on the left and looking for the number under the “Identifier” column. Open the properties of your new site and set a port for SSL (I chose 442 to avoid conflicts with any pre-existing SSL sites)
Open Start -> Programs -> IIS Resource Kit -> SelfSSL and at the command prompt run (replacing variables to suit your environment):
selfssl /S:<site-ID> /V:3650 /N:CN=<hostname> /P:<site-ssl-port>
So for example I ran:
selfssl /S:87257621 /V:3650 /N:CN=SMTPGWY /P:442
You should make sure that the <hostname> is the same as that of the server on which you are running the SMTP virtual server.
Open your new site and export the certificate as a PFX file.
Delete the web site, then open the SMTP virtual server properties and open the “Access” tab.
Click the “Certificate” button and follow the wizard to import your PFX.
You can check that TLS has been enabled for receiving email by telnetting to your SMTP virtual server on port 25 and, after the SMTP banner has been displayed, enter “EHLO testserver”. In the list of data returned there should be two lines reading “TLS” and “STARTTLS” which mean your SMTP server is ready to use TLS security when receiving emails.
To send email to remote hosts with TLS enabled:
From the “Delivery” tab in the properties of your SMTP virtual server, select “Outbound Security” and tick “TLS Encryption” to enable TLS when sending email to remote servers.
NB: Enabling this option means the SMTP virtual server will require TLS support on ALL remote hosts it tries to send mail to. If TLS is not available, mail will sit in the outbound queue until it expires, an event log entry will be generated under the System event log and an NDR will be sent to the original sender of the email. You can work around this issue by using 2 SMTP virtual servers, one with TLS enabled, the other without, and setting up routing groups on your Exchange server to route outbound email via the TLS-enabled SMTP virtual server only if you are certain that the target domain supports TLS.
So tonight I decided to install FreeBSD 7.0RC1 and try it out. While I’m sure I chose to leave the MBR unchanged, it went ahead and overwrote my MBR with the FreeBSD boot loader.
Fortunately I always keep a copy of Trinity Rescue Kit (A Linux-based rescue CD) handy for times like these and was able to recover my Fedora 8 desktop by booting into Trinity, typing “grub” at the command prompt and then entering:
install (hd1,0)/boot/grub/stage1 d (hd0) (hd1,0)/boot/grub/stage2 p (hd1,0)/boot/grub/menu.lst
This assumes your Windows drive and partition are the first dive/partition on the first disk. I run Windows on a separate physical drive (Primary IDE or SATA 1) because Windows will only boot if it’s installed on the first physical disk in a system.
Your /boot/grub/menu.lst should be similar to (from my Fedora 8 box):
default=0
timeout=5
splashimage=(hd1,0)/boot/grub/splash.xpm.gz
hiddenmenu
title Fedora (2.6.23.14-115-fc8)
root (hd1,0)
kernel /boot/vmlinuz-2.6.23.14-115-fc8 ro root=LABEL=/ rhgb quiet
initrd /boot/initrd-2.6.23.14-115.fc8.img
title Windows XP
rootnoverify (hd0,0)
makeactive
chainloader +1