Force specific IP traffic through a network interface [Windows 8+]

In a case where you have two network interfaces, eg: 4G data card and local ethernet card connect to your device and you would like traffic to a specific destination to go via a preferred network interface, PS code below could guide you through it.

E.g ps code below shows the route to 200.200.200.200 to go through interface 4, this is done by setting a lower route metric than the other interface card.

# you can determine your adapters with Get-NetAdapter
Get-NetAdapter -IncludeHidden
# then you can see what routes are associated with what adapter interface (lets assume your wifi interface is 4 and your loopback is 1)
Get-NetRoute -AddressFamily IPv4
# you will get your specific interface index, destination prefix, nexthop and the routemetric
# you can then set a specific route policy using:
New-NetRoute -DestinationPrefix "200.200.200.200/32" -InterfaceIndex 1 -RouteMetric 256
New-NetRoute -DestinationPrefix "200.200.200.200/32" -InterfaceIndex 4 -NextHop10.1.1.1 -RouteMetric 0
# you can modify the configuration with:
Set-NetRoute -DestinationPrefix "200.200.200.200/32" -InterfaceIndex 4 -NextHop192.168.10.1 -RouteMetric 0
# finally, you can remove the specific route or all the routes with:
Remove-NetRoute -DestinationPrefix "200.200.200.200/32" -InterfaceIndex 1 -Confirm:$false
Remove-NetRoute -DestinationPrefix "200.200.200.200/32" -Confirm:$false

Credit to Brandon Records

Handle Netscaler AAA > "Target URL not found for redirection" after login

Citrix published a solution for this [CTX224908]; saying hit the LB first and have it populate “NSC_TASS” cookie. That might not work for all audiences.
Users tend to bookmark the login page. Which happens to be AAA page. When they go back to their bookmark they hit the AAA page directly with out the “NSC_TASS” cookie to redirect the user after successful authentication. Hence they see “Target URL not found for redirection”
In this post, I will go over how I handled this.
Prereq: NetScaler version 11.0 build 64.34 or later. [ref > CTX201949]
Setup: LB VIP and AAA VIP behind Content Switch [single URL]
Build CS VIP, LB VIP and AAA VIP per CTX201949; Add global responder policy to automatically redirect to hostname when NSC_TASS does not exist in the HTTP REQ
AAATM-OneURL

add responder policy res_pol_redirect_hostname "HTTP.REQ.URL.PATH_AND_QUERY.CONTAINS(\"/vpn/tmindex.html\") && http.REQ.HEADER(\"Cookie\").CONTAINS(\"NSC_TASS\").NOT" res_redirect_hostname -comment "handle no target resource after AAA Auth"
add responder action res_redirect_hostname redirect "\"https://\" + http.REQ.HOSTNAME" -responseStatusCode 302
bind responder global res_pol_redirect_hostname 100 END -type REQ_DEFAULT

Extract HDX/ICA Connection info from Citrix Monitoring Database

Follow OData Connection to Citrix Delivery Controller to create a connection to Citrix monitoring data.
for XenDestkop version 7.0 – 7.5 use http://{ddc-host}/Citrix/Monitor/OData/v1/Data
for XenDestkop version 7.6 and 7.7 use http://{ddc-host}/Citrix/Monitor/OData/v2/Data
for XenDestkop 7.8 and above use http://{ddc-host}/Citrix/Monitor/OData/v3/Data

/*Report HDX/ICA connection information for User: mulpurus and DesktopGroup: Win10-Standard for the May 31 - Jun 17
 Extract UserFullName, DesktopGroupName, StartTime, EndTime, ClientName and Client IP Address */
//Start Date
String Date = "05/31/2017";
//Converting string to date
DateTime StartDate = Convert.ToDateTime(Date);
//EndDate - Adding 18 days to startdate
DateTime EndDate = StartDate.AddDays(18);
Console.WriteLine("Report Generated From {0} to {1}",StartDate,EndDate);
//LINQ query returns UTC, will be using this TimeZoneInfo estZone obj to convert to EST.
//Tweak this to your desired Timezone
TimeZoneInfo estZone = TimeZoneInfo.FindSystemTimeZoneById("Eastern Standard Time");
//Connection varible to hold the query result, for each session
var Connection = from C in Sessions
 //filters - Start Date and EndDate, UserName and DeliveryGroup
 where (C.StartDate &gt;= StartDate &amp;&amp; C.StartDate < EndDate &amp;&amp; C.User.UserName == "mulpurus" &amp;&amp; C.Machine.DesktopGroup.Name == "Win10-Standard" &amp;&amp; C.EndDate != null)
 //Sort by StartDate
 orderby C.StartDate
 //Extract UserName, FullName, DesktopGroup, StartDateTime, EndDateTime, ClientName, ClientAddress
 select new {C.User.UserName,C.User.FullName, DesktopGroup = C.Machine.DesktopGroup.Name,StartDateTime = TimeZoneInfo.ConvertTimeFromUtc(C.StartDate.Value, estZone), EndDateTime = TimeZoneInfo.ConvertTimeFromUtc(C.EndDate.Value, estZone), C.CurrentConnection.ClientName,C.CurrentConnection.ClientAddress };
//Display the query result
Console.WriteLine(Connection.ToList().GroupBy(u=&gt;u.DesktopGroup));

Output

OData-May2017Win10ConnectionInfo-for-mulpurus

Use-Cases

  1. Usage trends
  2. Capacity planning
  3. Auditing

Citrix PVS Server Tweaks

  • Streaming Port re-configured from 6910 to 6968 (default 6910 – 6930).
  • Threads per port set to match the vCPU number.
    VM level set virtual sockets to vCPU number and the cores per socket to one.
  • Leave the rest advanced options to be unchanged.

Ref:

  1. https://www.citrix.com/blogs/2016/03/30/updated-guidance-on-pvs-ports-and-threads/
  2. https://blogs.vmware.com/vsphere/2013/10/does-corespersocket-affect-performance.html

 

Delay VDA registration for XenDestop/Xenapp

Step 1: Disable BrokerAgent Service from services.msc on the worker VM.
Step 2: Create schedule task for enabling BrokerAgent and starting the service after 15 mins of system start on the worker VM.
VDA-DelayRegistrationTrigger-Taskschd
VDA-DelayRegistrationAction-Taskschd
Note: Use system account to run this task.
Step 3: Increase the RegistrationDelay timeout on the DDC/Brokers to 30 mins (Default: 20 mins)
HKEY_LOCAL_MACHINE\Software\Citrix\DesktopServer\MaxRegistrationDelayMin DWORD 30

Period after which a power-managed VM started by the broker service, but which does not subsequently register with a DDC, is shutdown.

Reboot Wyse ThinOS device outside WDM

Step 1: Enable SNMP via Global INI

Service=snmpd disable=no
community=public

Note: Reboot the wyse client after the ini is set.

Step 2: Send reboot command via snmpset

snmpset.exe -r:10.20.30.15 -c:"public" -o:.1.3.6.1.4.1.714.1.2.6.1.1.0 -val:0 -tp:int

for snmpset please visit https://syslogwatcher.com/cmd-tools/snmp-set/

Reboot immediately -val:0 

Reboot with a minute delay -val:1

Parameters

-r:host Name or network address (IPv4/IPv6) of remote host.
-c:community SNMP community string for SNMP v1/v2c. Default: private
-o:var_oid Object ID (OID) of SNMP variable to SET.
-val:value Variable value to SET.
-tp:type Type of variable to SET. Supported: int,uint,str,hex,oid,ip.
Default: str

Works on ThinOS 8.4

VMware View Reset DesktopVM via Powershell

Problem: Can’t reset multiple VMs at one time via admin portal​ page based on session duration.
View PowerCLI snippt to reset non responding machines what are stuck in disconnected state for more than a 24 hrs

Get-RemoteSession -State Disconnected | ? {$_.duration -like &quot;*day*&quot;} | % {Get-DesktopVM -Name $_.DNSName.Split(&quot;.&quot;)[0] | Send-VMReset}

View PowerCLI snippt to reset non responding machines what are stuck in disconnected state for more than a 9 hrs

Get-RemoteSession -State Disconnected | ? {$_.duration -like &quot;*hours*&quot;} | ? {([int]$_.duration.split(&quot;hours&quot;)[0].trim() -gt 9) } | % {Get-DesktopVM -Name $_.DNSName.Split(&quot;.&quot;)[0] | Send-VMReset}

vSphere Export VMName and MacAddress

Get VMs begining with DC2-GEN-V62 and use Get-NetworkAdapter for MAC address with powershell expression

connect-viserver vsphere01
get-vm DC2-GEN-V62* | Select @{Expression={$_.Name};Label=&quot;VM Name&quot;},@{Expression={$(Get-NetworkAdapter -VM $_.Name).MacAddress};Label=&quot;Mac Address&quot;} | Export-csv c:\tmp\DC2-GEN-V62_MACs.csv

Just display with out export to CSV

connect-viserver vsphere01
get-vm DC2-GEN-V62* | Select @{Expression={$_.Name};Label=&quot;VM Name&quot;},@{Expression={$(Get-NetworkAdapter -VM $_.Name).MacAddress};Label=&quot;Mac Address&quot;}

Publish Outlook 2016 in XenApp

Download Office 2016 Administrative Template files and import ADML and ADMX files to C:\windows\PolicyDefinitions
GPO settings below are just a recommendation, Please review and pick  ones that apply to you.

  1. Computer Configuration/Administrative Templates/Microsoft Office 2016 (Machine)/Updates
    Enable Automatic Updates > Disable
  2. User Configuration/Administrative Templates/Microsoft Office 2016/First Run
    Disable First Run Movie > Enable
    Disable Office First Run on application boot > Enable
  3. User Configuration/Administrative Templates/Microsoft Office 2016/Miscellaneous
    Block signing into Office > Enabled
    Do not use hardware graphics acceleration > Enabled
    Show OneDrive Sign In > Disabled
    Suppress recommended settings dialog > Enabled
  4. User Configuration/Administrative Templates/Microsoft Office 2016/Privacy/Trust Center
    Allow including screenshot with Office Feedback > Disabled
    Automatically receive small updates to improve reliability > Disabled
    Disable Opt-in Wizard on first run > Enabled
    Enable Customer Experience Improvement Program > Disabled
    Send Office Feedback > Disabled
    Send personal information > Disabled
  5. User Configuration/Administrative Templates/Microsoft Office 2016/Security Settings/Trust Center/Trusted Catalogs
    Block the Office Store > Enabled
  6. User Configuration/Administrative Templates/Microsoft Outlook 2016/Account Settings/Exchange
    Automatically configure profile based on Active Directory Primary SMTP address > Enabled
  7. User Configuration/Administrative Templates/Microsoft Outlook 2016/Account Settings/Exchange/Cached Exchange Mode
    Use Cached Exchange Mode for new and existing Outlook profiles > Disabled
  8. User Configuration/Administrative Templates/Microsoft Outlook 2016/Outlook Options/Other
    Hide the Office Store button > Enabled
  9. User Configuration/Administrative Templates/Microsoft Outlook 2016/Outlook Options/Preferences/Search Options
    Prevent installation prompts when Windows Desktop Search component is not present > Enabled
  10. GPO Reg preferences (Optional), this hides the search disabled warning
    HKCU:\Software\Microsoft\Office\16.0\Outlook\Options\General
    PONT_STRING=53,

Stop the install prompts when loading outlook
Office2016-InstallPrompts-onLaunch

  1. Add-WindowsFeature -Name Search-Service
  2. Stop-Service -Name WSEARCH
  3. Set-Service -Name WSearch -StartupType Disabled