Cupfighter.net

Recently we started evaluating Citrix Edgesight, on a enviroment we are currently building, consisting of XenApp5 2008 x64 and XenDesktop 4 Farms.

After the installation of the EdgeSight agent, suddenly a bunch of applications running within a Java Virtual machine stopped functioning. Throwing the “Could not launch the java virtual machine” error.
These Java apps tried allocating quite some memory using these java arguments (eg: XX:MinHeapFreeRatio=20 -XX:MaxHeapFreeRatio=35 -XX:NewRatio=2″   initial-heap-size=”32m” max-heap-size=”1024m”)

After some investigation a colleague (Hugo Trippaers) found out that there was only 0,9 GB of memory allocatable on our Citrix XenApp machines using the memtest32.exe tool. While our other servers happily reported 1,5 GB of allocatable memory (Within WOW64). (Physical Machine = HP DL380G6 with 48 GB of memory, uh should be enough?)

After some deeper digging using memalloc.exe, I discover some substantial differences in memory allocation between our XenApp Servers with the edgesight agent installed and servers without the EdgeSight agent.

XenApp servers with Edgesight Agent 5.2 SP1 x64: memalloc.exe with edgesight
XenApp Servers without edgesight: memalloc.exe – without edgesight

The main difference here is all the Citrix hooks being loaded, see below.
This apparently consumes so much memory that it was not possible for java to allocate enough memory.

For more insights on WOW64 look here:  http://blogs.msdn.com/gauravseth/archive/2006/04/26/583963.aspx

By default 32bit applications within WOW64 can leverage the full 4 GB of memory availlable, which is not possible on a native 32 bit system because of the separation of kernel and user space.
Applications need to be compiled with /largaddressaware (Visual Studio : http://msdn.microsoft.com/en-us/library/wz223b1z(VS.80).aspx) or patched using editbin (http://bilbroblog.com/wow64/hidden-secrets-of-w0w64-ndash-large-address-space/), to fully use the 4 GB availlable otherwise they can only allocate 1,6 GB of memory.

We will open a case with Citrix on this; to be continued.

Citrix hooks being loaded when edgesight is installed:
Read more…

We are currently implementing a XenDesktop 3.0 environment on vSphere 4.

Today I started to lock down the permissions the Xen Desktop Delivery Controllers (DDC) have on vCenter. There is not much documentation on this. Except for the kb article on VMWare Infrastructure 3 and XenDesktop which is lean and mean. But then i stumbled on this great blog post: http://theether.net/kb/100114

Which describes the solution to the error “This virtual machine could not be retrieved from the hosting infrastructure”
The solution basicly describes the proper permissioning for the accunts which access Virtual Center from the DDC and this even works for vCenter 4!

In VirtualCenter:

- Select View | Administration

- Click Add Role
- Enter the name XenDesktopGlobal
- Check Global | Manage Custom Attributes
- Click OK

- Click Add Role
- Enter the name XenDesktopDataCentre
- Check Datastore | Browse Datastore
- Check Virtual Machine | Inventory | Create
- Check Virtual Machine | Provisioning | Deploy Template
- Check Resource | Assign Virtual Machine to Resource Pool
- Click OK

- Click Add Role
- Enter the name XenDesktop
- Check Global | Set Custom Attribute
- Check Virtual Machine | Interaction | Power On
- Check Virtual Machine | Interaction | Power Off
- Check Virtual Machine | Interaction | Suspend
- Check Virtual Machine | Interaction | Reset
- Click OK

- Select View | Inventory | Hosts And Clusters

- Select Hosts & Clusters
- Select the Permissions tab
- Right click and select Add Permission from the context menu
- Select XenDesktopGlobal for Assigned Role
- Click Add
- Select the account used in the Logon Information properties of the Desktop Group
- Click OK
- Click OK

- Select the Datacentre that contains the virtual desktops
- Select the Permissions tab
- Right click and select Add Permission from the context menu
- Select XenDesktopDataCentre for Assigned Role
- Click Add
- Select the account used in the Logon Information properties of the Desktop Group
- Click OK
- Click OK

- Select the Cluster or Resource Pool that contains the virtual desktops
- Select the Permissions tab
- Right click and select Add Permission from the context menu
- Select XenDesktop for Assigned Role
- Click Add
- Select the account used in the Logon Information properties of the Desktop Group
- Click OK
- Click OK

Source: http://theether.net/kb/100114

Citrix recently released a webinar by Derek Thorslund on Citrix Flash HDX, check it out here: http://www.citrix.com/tv/#video/635

I was pretty impressed when trialling Flash HDX myselfs… seeing is believing The movies below are not mine, but linked from youtube.com. It’s worth trialling yourselfs, you won’t be disappointed.

Flash HDX Demo on XenApp

Flash HDX Demo on XenDesktop 3 (vs VMWare view 3)

Download the Technology preview of Citrix HDX Mediastream for Flash here.

Check comments below for a solution to this issue! Thanks to Daniel Verbruggen!

While testing the Aladdin eToken (USB form Factor Smart Card) with PKIClient 5.0 on windows 7, I discovered that the certificates are no longer published into the “Personal Certificate Store”.
Which makes the eToken quite useless for now on Windows 7. I can however logon to the Windows 7 system using the eToken. But for all other purposes like VPN, website authentication etc it cannot be used since Windows 7 does not offer you to pick an certificate to authenticate with.
The Smart Card device forwarding still works, over RDP and also within XP Mode on Windows 7.

I dropped Aladdin an email and asked them for timelines and Windows 7 support, but until now, nothing but silence. I will update this post when I know more. In the meanwhile if you’ve got a workaround… please drop a comment.

eToken and PKIClient 5.0 on Windows 7

eToken and PKIClient 5.0 on Windows 7 with XP-Mode.

Related issues:

Cisco VPN, Windows 7 and eToken
Website Authentication, Windows 7 and eToken

Interesting insights on the new Windows 7 UAC… (http://www.pretentiousname.com/misc/win7_uac_whitelist2.html)

From: http://www.pretentiousname.com/misc/win7_uac_whitelist2.html

List of binaries which are allowed “auto-elevation” :

http://www.withinwindows.com/2009/02/05/list-of-windows-7-beta-build-7000-auto-elevated-binaries/

VMware has released Labmanager for Vpshere 4. http://www.vmware.com/products/labmanager/

VMware vCenter Lab Manager is the ideal solution for IT organizations who want to provide self-service provisioning and management capabilities to internal teams. Policy-based access control reduces administrative burden for IT, lowers infrastructure management costs and empowers project teams to deliver applications more quickly and with greater agility.

Deliver Higher Service Levels and Lower Infrastructure Costs

Lab Manager offers unique capabilities to simplify management of the internal cloud for dev/test:

• Self Service Portal – Provides on-demand access to a library of virtual machine configurations for end users while eliminating time-consuming provisioning tasks for IT by 95%.
• Automated Resource Management – Allows dynamic allocation of resources in a multi-team environment, enforces quotas and access rights, and reclaims unused infrastructure services.

Enterprise Scalability – Provides long-term return on investment with a scalable architecture for worldwide deployment, best in class performance and seamless integrations with in-house and 3rd party solutions.

While checking the statistics of our blog I saw some referrals from http://community.citrix.com.
We are listed as a Citrix Community featured website! We are very happy to see this, especially because this blog is very young! The first posts are from June 2009.

We will try not to disapoint you. We have some very interesting projects comming-up which involve very mission critical XenApp and XenDesktop environments. We will post our hands-on experiences here! So stay tuned !

While doing some research found this article on the Pro’s and Con’s of stretched ESX cluster across two datacenters.

A stretched cluster is the practice of having ESX member servers in a cluster that are geographically separated.   The reason this is generally done is to provide the ability to dynamically move workloads from one datacenter to another.   Often, the customer is also considering it for disaster recovery purposes (”I’ll just VMotion in case of a disaster”).  Can this be done – ABSOLUTELY – but not considered lightly.

More here: http://virtualgeek.typepad.com/virtual_geek/2008/06/the-case-for-an.html

Some hotfixes seem to be released, check http://support.citrix.com/article/CTX121997 & http://support.citrix.com/article/CTX122057.

Haven’t tried it myselfs so i’m curious to your experiences, please leave a comment, thanks.
Overview of latest xendesktop patches here: http://support.citrix.com/product/xd/v3.0/

Citrix is working on a hotfix to have XenDesktop working with vSphere 4. Currently people are experiencing issues with the Desktop Delivery Controller (DDC) to communicate properly with the vSphere SDK webservice. Also the XenDesktop Setup Wizard, which automates creation of Virtual Desktops, seems to be broken.

A partial workaround seems to be availlable; reapply the hack to enable /SDK over plain HTTP and HTTPS.

Change “c:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\proxy.xml”

The section should look similar like this:

<e id=”1″>
<_type>vim.ProxyService.LocalServiceSpec</_type>
<serverNamespace>/sdk</serverNamespace>
<accessMode>httpAndHttps</accessMode>
<port>8085</port>
</e>

The hotfix, when availlable, will be posted here. More info can be found in this support thread of the Citrix Forums

I got this error (PKCS#11 smart card self-service control error: Invalid Signature.) while enrolling a certificate onto my Smartcard using Microsft CLM 2007 FP1.
Looks like Microsoft Certificate Lifecycle Manager FP1 is not yet compatible with Windows 7 RC1. No issue however with Vista SP2.
Only enrolling seems to be an issue, all other functionality just seems to work… if I find I solution to this then i will post it here… If you’ve got an solution? please leave a comment!

Windows XP Mode on Windows 7 could be used as workaround as well (The smart card is accessible from XP Mode!). But the following requirements must be met for this to work;

• Virtual XP Machine needs to be a domain member
• Have the CLM Client tools installed
• Have the SmartCard middleware installed.