RDS vs. XenApp

I read a great article today from Thomas Kötzing (@Koetzing) regarding feature comparison between Server 2012 Remote Desktop Services and Citrix XenApp 6.5 for delivery of user workspaces. I highly recommend anyone considering deployment of server-based computing take a look. He really hits the nail on the head with regards to need comparison for features between the two in the SMB marketplace.

Internet Explorer End of Life Nag

I was at a customer that recently complained that many of their Internet Explorer applications hosted on Citrix XenApp were opening additional tabs for users asking for Internet Explorer to be upgraded. This as it turns out is by design from Microsoft. As of January 2016 IE 8-9-10 are no longer receiving updates from the software giant. They want everyone to move to Internet Explorer 11. This nag screen is actually part of the last update to each to of the legacy browsers - so it is 100% by design.

Of course many enterprise applications were written to work with older versions of IE and development or testing cycles may not be available to simply upgrade. So how to get around this nag window? Fortunately Microsoft has enabled a new feature control registry value that can override this default option. Full details can be found here. I have included the snippet regarding x64 configuration below. Throw this in a group policy preference and apply where needed - no more nag screens!

For x64-based systems

1. Click Start, type regedit in the Start Search box, and then click OK.
2. Locate the following registry subkey:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
3. Right-click FeatureControl, point to New, and then click Key.
4. Enter FEATURE_DISABLE_IE11_SECURITY_EOL_NOTIFICATION, and then press Enter to name the new key.
5. Right-click FEATURE_DISABLE_IE11_SECURITY_EOL_NOTIFICATION, point to New, and then click DWORD (32-bit) Value.
6. Enter iexplore.exe, and then press Enter to name the new value.
7. Right-click iexplore.exe, and then click Modify.
8. In the Value data box, enter 00000001, and then click OK.
9. Locate the following subkey:
   HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl
10. Right-click FeatureControl, point to New, and then click Key.
11. Enter FEATURE_DISABLE_IE11_SECURITY_EOL_NOTIFICATION, and then press Enter to name the new key.
12. Right-click FEATURE_DISABLE_IE11_SECURITY_EOL_NOTIFICATION, point to New, and then click DWORD (32-bit) Value.
13. Enter iexplore.exe, and then press Enter to name the new value.
14. Right-click iexplore.exe, and then click Modify.
15. In the Value data box, enter 00000001, and then click OK.
16. Exit Registry Editor, and then restart the browser to enable the new key.

The PageFile - Oh My!

The page file should be two times the amount of RAM!

The page file should be one and one-half the size of RAM!

The system should manage the size of RAM!

It is 2014, who needs a page file!

---

You may hear any of the above from colleagues or clients in today's day and age. The long and short of it is that you cannot easily and accurately compute the the needed page file ahead of time in many environments due to different software that is used. Below you will find some references as well as an excerpt from a write up I wrote a couple years ago for sizing virtual memory in a specific environment.

Pushing the Limits of Windows: Virtual Memory (really the be-all guide)

http://blogs.technet.com/b/markrussinovich/archive/2008/11/17/3155406.aspx

How to use the DedicatedDumpFile registry value to overcome space limitations on the system drive when capturing a system memory dump (I used this on the 2012 build to eliminate the tie between dumps and PF)

http://blogs.msdn.com/b/ntdebugging/archive/2010/04/02/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump.aspx

How To Size Page Files on Windows Systems (good reference)

http://mcpmag.com/Articles/2011/07/05/Sizing-Page-Files-on-Windows-Systems.aspx?Page=1

The Pagefile Done Right! (my go-to guide)

http://blogs.citrix.com/2011/12/23/the-pagefile-done-right/

PAGE FILE SIZING

“Perhaps one of the most commonly asked questions related to virtual memory is, how big should I make the paging file? There’s no end of ridiculous advice out on the web and in the newsstand magazines that cover Windows, and even Microsoft has published misleading recommendations.” –Mark Russinovich

The following items hold true in regards to the Windows Page File.

1.       Even systems with large amounts of RAM benefit from the presence of a page file.

2.       The page file space is no longer needed to capture a full system dump as it was on legacy systems. (http://blogs.msdn.com/b/ntdebugging/archive/2010/04/02/how-to-use-the-dedicateddumpfile-registry-value-to-overcome-space-limitations-on-the-system-drive-when-capturing-a-system-memory-dump.aspx)

3.       There is a performance hit to a system whenever the operating system automatically resizes the page file.

4.       Excessive use of the page file will result in poor system performance as the speed of disk is much slower than that of RAM.

5.       Never stripe paging files (you can have more than one) across multiple volumes on the same physical disk. This can lead to performance issues.

6.       Splitting a page file across multiple physical disks will increase performance.

7.       “To optimally size your paging file you should start all the applications you run at the same time, load typical data sets, and then note the commit charge peak (or look at this value after a period of time where you know maximum load was attained). Set the paging file minimum to be that value minus the amount of RAM in your system (if the value is negative, pick a minimum size to permit the kind of crash dump you are configured for). If you want to have some breathing room for potentially large commit demands, set the maximum to double that number.” –Mark Russinovich

Understanding Virtual Memory:
http://technet.microsoft.com/en-us/magazine/ff382717.aspx
(Not for the timid) http://blogs.technet.com/b/markrussinovich/archive/2008/11/17/3155406.aspx

Hidden Devices Causing you the Blues?

When using Citrix PVS (or often when changing hardware on virtual machines) you may often run into instances where you need to remove phantom devices. But how do you know these exist? Device Manager doesn't show them by default. Microsoft outlines how to do this in an old support article.

1. Launch a command prompt with elevated permissions. 
2. At the command prompt, type the following lines, pressing ENTER after each line
   set devmgr_show_nonpresent_devices=1
   cd\%SystemRoot%\System32
   start devmgmt.msc
3. In the Device Manager View Menu, select Show Hidden Devices

Reference: KB241257

Need Windows Search with PVS?

By default the optimization wizard for imaging XenApp/XenDesktop server and desktop operating systems disables Windows Search features. This is a best practice from Citrix. In some cases users may need this functionality. If you need to turn it on, be sure to utilize the group policy below to adjust the scanned areas and limit the scope of indexing as much as possible.

A reason why you may need to enable search? Disabling Windows Search will disable search features in Outlook 2013.

Keep in mind that the Windows Search feature works with the Indexing Service, which is also disabled.

For details on both of these services and their impact, review the Optimization Guide linked below.

Group Policy for Windows Search

Optimization Guide

Renaming a Reverse-Imaged Operating System

Often times after reverse-imaging a PVS-based member-server's *.vhd back to a "physical" disk there might be the desire to change the computer's name or domain membership.

I have seen on a few occassions that the ability to do this is compromised. Usually both the Computer name and the  Member of fields are greyed out when one of the issues outlined below is encountered. Additionally, the device may or may not let your add or remove features via either the GUI or PowerShell's Add-WindowsFeature cmdlet. You may also not be able to run SysPrep due to a "fatal error." In each instance, the host operating system may state that a reboot is pending - even after one has just completed!

Sample where the domain/workgroup affiliation cannot be changed.

Before panicking and rebuilding your image from scratch - run through these items to see if there are errors on any. Any one of these could halt your ability to rename the workstation.

1. Do you have appropriate permissions to modify these settings?
• Are you an administrator on the server? Are policies preventing this action? Try as the local device administrator - if you see the same issues here you most likely can continue.
2. Is the Workstation service running? 
• This service is required to communicate with the domain and if it is not running you will have a bad time.
3. On the device's network interface, is Client for Microsoft Networks in use?
• You will again have issues if there is a problem with this component. If it is not attached to your controller, add it. If it is, try uninstalling it (requires reboot) and reinstalling it once the server is back up.
4. Is the device "stuck" mid-rename? 
• This is a little bit trickier but still in the end fairly straight forward. When at the logon screen, if you use the local machine login characters (.\) does the machine name you see match the one in the Computer name/Domain changes GUI? If you open the CLI and type set (cmd) or $env:computername (PS) does the computername variable match both of these? If any of these are a mismatch, check out the keys in:
  HKLM//System/CurrentControlSet/Control/ComputerName
  If the values in ActiveComputerName and ComputerName do not match, the server thinks there is a pending reboot for a server name change. If a reboot has not set them to be identical, change them to match and reboot again.

Depending on the nature of failure that caused the server to not allow modifications to the Computer name/Domain changes GUI, one of these items should be the culprit. 

Just remember to keep in mind, if this is a XenApp server, if you had run the image prep tool previously, the next time IMA runs it will join the farm and you cannot simply rename a XenApp server that is joined to a farm without properly preparing it. If after you run the image prep tool you disable the IMA service so it does not run, you do not have to worry about this biting you. Just set the service back to automatic and reboot to have your renamed machine join the farm again. 

Finally, depending what you are trying to accomplish and what software is installed, don't forget about security identifiers and the need to properly prepare an image (SysPrep).