Automate cleaning up RemotePC catalog

have the RemotePC catalog setup to monitor OU’s.  So as soon as the software gets installed it automatically gets added to the machine catalog.  But in XenDesktop 7.x there is no way to cleanup old machines.  I created a powershell script that will remove the machines from the machine catalog and the Desktop Group.  Both of them are named RemotePC in my environment.

If the computers have not communicated in 45 days it removes them.  If they do come back online they will get automatically added back since I am monitoring the OU’s.

asnp citrix*

$ts = New-TimeSpan -Days -400
$a = Get-Date
$b = (get-date) + $ts
$machines = Get-BrokerMachine -DesktopGroupName RemotePC
foreach($d in $machines)
if($d.LastDeregistrationTime -le $b)
$d.SID+"      "+$d.LastDeregistrationTime
write-host $d.MachineName

#comment the items out below to see how many you will delete before you run it.
$dl = $D.MachineName
$dl = Get-BrokerMachine -MachineName $d.MachineName
$dl | Set-brokermachinemaintenanceMode -MaintenanceMode $true
$dl | Remove-BrokerMachine -DesktopGroup RemotePC -Force
$dl | Remove-BrokerMachine -Force



Capture OneNote 2010 with AppSense

It was not very difficult, so I thought I would share it.

Let me share a few things about my environment first.  The OS is  2008 R2 running XenApp 6.5.  The Desktop and My Documents are redirected.  The only relevant piece is the redirection.

Many times you redirect folders to a UNC path.  But I have three different regions.  USA, Europe, and Asia and the redirected shares are all different.

On each server we create a symbolic link and point a local folder to a network share.

In this example it will be C:\Userdata –> \\ServerName\Redirected_Folders\Userdata

Under UserData is each users folder so in the users current session we can point to C:\Userdata\%username%

Now on to capturing OneNote 2010.  The idea is you would log in to your citrix session and launch OneNote and it would open right up and all of your files in your notebook would be there instantly.

First Step.

Create at Personalization Group under Windows Personalization, call it OneNote 2010


Add User Defined Setting


Click Add/Remove

Click Create Windows Setting


Type in the Registry key to capture


At his point if you log in to Citrix and launch OneNote and type in your email address to where your OneNote Notebooks is saved it will access it and you can start using OneNote. Once you log out and back in and launch OneNote again it will open right up to your Notebook again.

But the problem I have is is that I have a lot of notes saved with screen shots. So each time I logged in it would have to download all the files, pictures, screenshots, etc..

This means I had to wait for OneNote to download the data.

I wanted to be able to log in and just start working.

So I found where the files are saved and tested copying them out to a folder and logged out and logged back in. But this time I copied the files back before I launched OneNote. Now when I launched OneNote everything was there.

So for Step two I did the following.

In my configuration I added a step under Process Stopped.  I used Userinit.exe

First it checks to see if the onenoteofflinecache.onecache file exists in my Redirected folder. (remember C:\UserData is my redirected folder, you may need to change this to your redirected folder or some other UNC or drive mapping.)


If the file already exists,  then the file\folders are copied. So at login we will copy the files and folders from the redirected path to C:\Users\%UserName%\AppData\Local\Microsoft\OneNote\14.0\




The last step is step three.  Copy the files and folders at log off to a your redirected folders.

This does the same thing as in step two, just in the opposite direction.  Check and see if the file exists and if it does copy the files\folders.






AppSense EM 8.3 and Script checking User OU membership.

Problem I am having is that specific set of registry keys needs to be in place before a published app launches but the published app is launching before appsense has a chance to completely apply them.  I tried setting the key at logon but that didn’t work.

I have tried setting them when the process is launched but that didn’t work either. It sets the keys but the application has already launched and determined the settings in the key.

Don’t want to give the user’s a full desktop for a number of reasons.

So I started looking through the “AppSense Environment Manager Actions and Conditions Scripting Guide”.  Sadly they didn’t have anything in there for scripting user based actions. So I ended up getting lucky.  Well I guess it was more of a process of elimination.  AppSense documented different ways to script getting the Computer OU information but not the User.  In the document it said that the EmClient.ClientComputerOUCondition utilizes the EMComputerConditions.dll.  I saw that there was a EMUserConditions.dll in the install folder, so after several attempts I was able to make this script work.

I am just included their script with a few changes to get the User OU information.

option Explicit
Dim obj, s
Set obj = CreateObject(“EmClient.UserOUCondition”)
obj.Operator = 1 ‘ Equals
obj.Scope = 2 ‘ Subtree
If obj.Evaluate(“”) Then s = ” is ” Else s = ” is not ” End If
MsgBox “User” & s & “in the the OU”
Set obj = Nothing

After that I was able to put together a script; so when a user launches a published application from citrix, it will call this script.  The script does a quick check based on what OU they are in and then calls a .reg key and imports the key.  Waits a few seconds then launches the application.


Powershell Has Stopped Working

I recently installed windows updates on our XenApp PVS 6.1 images.  This was on Server 2008 r2, there was probably about 40 of them.  I booted the images up and over the weekend and had no issues.  Then again the number of people using it was very low.

Then comes Monday and everyone starts using the servers and the reports of the error messages start coming in.  We tried rebooting the servers and the errors would go away for about an hour and half.  Then they would start again.


What made this even more of an issue is we have a scheduled task that runs every 10 min for each user that logs in and backs up specific files to a unc path.

So now every 10 min user’s were getting this message.  It took a little while to find the issue because I was searching for a problem with windows updates.  While I’m still not sure which windows update triggered any issue with powershell I was able to find the solution based on the specific powershell error.

Solution is as follows:

Create a file “powershell.exe.config” in the C:\Windows\System32\WindowsPowerShell\v1.0

In the file include the following.  It did not require me to reboot.  Also the file did not exist for me either.  If it does exist, edit it and make sure the contents is the same.

<?xml version="1.0"?>
	<startup useLegacyV2RuntimeActivationPolicy="true">
		<supportedRuntime version="v4.0.30319"/>
		<supportedRuntime version="v2.0.50727"/>

– TG

Vsphere 5.1 and PVS 6.1 Fail with E1000

Of course after the fact I am able to find information about it but like many people our citrix pvs images had the E1000 nic drive in them.  I did not think there would be a problem updating vSphere to 5.1 from 5.  Everything worked fine with Citrix PVS 6.1 and vSphere 5.0. 

Once we upgraded cluster to 5.1 we were still fine, but we had not rebooted yet.  We reboot half our servers every day.  One group is in the worker group the other group is removed so users can drain off and the next day we reboot.  So it wasn’t until the next morning after the hosts were upgraded that the servers rebooted.  If you have vsphere 5.1 and pvs 6.1 with the E1000 driver the images will not boot up.  They just go to this beautiful black screen🙂 If you search on this you will find various articles that you can use to piece it together.

So as you can imagine it was a long weekend.  With half of all of our servers not able to boot up, all 5 of our images needed to be recaptured, E1000 driver removed and vmxnet3 nic added.

Something to keep in mind when replacing the nic.

There are many posts on recapturing images, I’ll try to add ours at some point.


Error every time IE tab is opened.

We have a program tracks what research pages you go to and automatically logs you in to them and writes data to sql server, etc.  This part works fine, as long as protected mode is not turned on in IE (as a note we are using IE8).

When protected mode is on you get the following error. “DBISAM Engine Error # 11013 Access denied to table ‘C:\Users\USERNAME\AppData\Local\Temp\8\Low\Filters.dat’


Basically with protected mode on, when IE tries to write to the following location %temp% and it doesn’t have rights.  Even though the user does have rights.  With protected mode on they can’t edit the files correctly.

Fixed this using AppSense at logs on, so no matter what server they get and no matter what their session id is it will work.

** Side note, on terminal server when you type %temp% you will see the following location C:\Users\USERNAME\Appdata\Local\Temp\SESSIONID, you can turn this off in group policy if you want.

The program we have creates the low folder and puts some files there when IE is launched, but when you try to go to an external page or open a new tab it gives the error.  So on login we create the folder %temp%\Low and then run the following script.

Set shell = CreateObject("WScript.Shell")
Const strLaunchCmd = "icacls %temp%\low
/setintegritylevel (oi)(ci)low"
Set objExec = shell.Exec(strLaunchCmd)

After we set this up, we no longer had the error message.  We were able to keep protected mode turned on for IE and didn’t have to wait on the vendor to fix the problem.


Upgrading to Citrix PVS 6.1

It’s a slow process, but that’s only because users are using the servers and I just can’t reboot them all at once.

I have 3 Images converted to the 6.1 environment.  All of the servers for the 2 of the 3 images are working.  On the 3rd image, I am just waiting for the servers to drain the users off.

The next 3 images are being worked on as we speak.  One of them is in Asia so the connection from the US is a slow but it should done with in the next several days.

Currently converting the last two images, every thing works pretty well.

The only issue I have seen and I don’t know if it is an issue.  We didn’t upgrade our servers, we built two new servers so that we could move images and servers to the new environment on our schedule.  So we have both the 5.6 and the 6.1 environment up and running at the same time. 

So I added the Boot ISO to the server for the new 6.1 environment and boot it up.  It will give a trust relationship error.  I’m guessing you can’t have two different environments (databases) talking to AD and managing the server passwords.  So only thing to keep in mind is when switching from one version to another you need to reset the active directory password in the new environment and then power it on in the new environment.