Skip to content

Removal of Citrix XenDesktop / XenApp 7.x VDA fails with InstallFailure 1603

Some of you might have seen the following problem – the removal of the VDA failed:
vda_removal_error_01

If you check the details you get some more information’s – e.g. the removal of the Citrix Profile Management failed.
vda_removal_error_02

Removal of MSI Product ‘profilemgt_x64.msi’ (‘{9321930C-A53F-452C-80D5-AE1A8D69D9C0}’) failed with code ‘InstallFailure’ (1603).

Or the VdaMonitorPlugin_x64.MSI cannot be removed.
vda_removal_error_03

Well – but there is no solution shown how to fix it nor you can find a documentation from Citrix to solve the problem. You can’t just start the removal from the Control Panel – they are not shown under Programs.

Luckily Microsoft has published a really helpful Tool that helps to remove “problematic” Applications. After downloading open the Tool and press Next.
vda_removal_error_04

Now select Uninstalling.
vda_removal_error_05

You now get a much bigger list (compared to the one under Programs) – here you can see all Programs and their “Sub-Programs”. Now select your faulting part of the VDA – e.g. Citrix Profile Management.
vda_removal_error_06

Select Yes, try uninstall to start the removal.
vda_removal_error_07

The Tool now tries to remove the selected package….
vda_removal_error_08

… and resolves problems found during the removal.
vda_removal_error_09

After some time you should see the following dialog:
vda_removal_error_10
The problematic VDA-Component is now removed.

You can now restart the VDA removal like before – if another failing component is shown – just repeat the steps above.

Configuring a Nvidia Tesla M60 under Citrix XenServer (and assign a vGPU to a VM)

In this blog post I would like to show you how to configure a Nvidia Tesla M60 under a XenServer and deploy a VM with a vGPU assigned. There are a lot of good documentations from Nvidia for the different steps – but I didn’t find one complete for the whole process after putting the Tesla into the physical Server and installing XenServer.

In this post I will cover the following areas:
Installing the XenServer Nvidia vGPU Supplemental pack
Changing the Tesla M60 from Compute to Graphics Mode
Installing and Configuring the Nvidia Licensing Service
Configure a VM with a vGPU and assign a license

Installing the XenServer Nvidia vGPU Supplemental Pack

After the installation of the XenServer (I am not going to cover that here – there are enough other resources describing this) the necessary Nvidia supplemental pack is not available. You can see the installed packs in the XenCenter under the Server General Properties => Updates.
nvidia_tesla_m60_xen_01

To download the necessary package you need an Nvidia Portal Account. Interestingly at the moment there is no Register-Button on the Login-Page. You can register on this page. The problem only is that you require either a valid Key or a Demo-Key. It’s not possible to get one here. So you need to contact an Nvidia Sales Guy to get a Demo key. After registering and logging in you have the area Product Download available. Here you can download the necessary extensions for XenServer, ESX and so on. Download the package corresponding to your XenServer version (currently 6.2, 6.5 and 7).
nvidia_tesla_m60_xen_02
The download is a zip file containing different documentations, packs and applications. First of all you only need the following file:
NVIDIA-vGPU-xenserver-VERSION-NUMBER.x86_64.iso

To install the supplemental pack open the XenCenter and navigate to Tools => Install Update…
nvidia_tesla_m60_xen_03

Confirm the Starting guide with Next.
nvidia_tesla_m60_xen_04

Now you have to select the ISO file lower area Select update or supplemental pack from disk.
Important:
There are different supplemental packs for the different Nvidia vGPU cards available. One is for K1/K2 – the other for Tesla cards. The name of the package is different:
K1/K2: Contains the word Keplar
Tesla: without Keplar (see screenshot).
At the moment it is not supported to run cards of both types in the same server (thanks @Rachel Berry for the information).
Furthermore it is currently not possible to remove an installed pack – so if you have a Tesla card and accidentally installed the Keplar pack you have to reinstall your XenServer.
nvidia_tesla_m60_xen_05

After choosing the ISO select on which XenServers you would like to install the pack.
nvidia_tesla_m60_xen_06

The pack will be uploaded to the XenServer.
nvidia_tesla_m60_xen_07

After installing the updates some tasks have to be done (e.g. rebooting) – you can either let that happen automatically (from the XenCenter) or do that manual (like you know from every other update).
nvidia_tesla_m60_xen_08

The installation starts, VMs (if there are any) are migrated off the XenServer and it is rebooted (if you selected automatically before Winking smile).
nvidia_tesla_m60_xen_09

After the reboot the Maintenance mode is quite and some checks are done.
nvidia_tesla_m60_xen_10

If you now check the Updates section again you should see the NVIDIA vGPU package.
nvidia_tesla_m60_xen_11

Moreover you can run the following command on the console to check if the pack is correctly installed:

lsmod | grep nvidia

If everything is correct the output should look like this.
nvidia_tesla_m60_xen_13

When you now open the GPU area of the XenServer it might be possible that still no vGPU Profiles are shown on the right side – also the Tesla Card is correctly detected. The reason for this is that the Tesla card is often shipped in Compute mode and not in Graphics mode.
nvidia_tesla_m60_xen_14

Changing the Tesla M60 from Compute to Graphics Mode

To check in which mode the Tesla card is running open the XenCenter Console. Now enter the following command:

lspci -n | grep 10de

The red marked area shows the mode:
0302: Compute
0300: Graphics
nvidia_tesla_m60_xen_15

To switch the mode, you need an Utility from Nvidia. You can either Download this from the Product Download page (after logging in) or under the Nvidia support download for the Tesla cards.
nvidia_tesla_m60_xen_16

The downloaded Zip-Files contains the following files. There are different options how to change the GPU mode (e.g. install Linux) – to make it easy we will integrate the utility in the XenServer. Thus we only need the file gpumodeswitch.
Important: Not the file with the extension exe – the file without an extension (the first in the screenshot).
nvidia_tesla_m60_xen_17

To copy the file to your XenServer you need to start WinSCP. Select SFTP, enter the XenServer IP-Address as the Host name. Username is root with the same password you use in the XenCenter.
nvidia_tesla_m60_xen_18

Confirm the Warning.
nvidia_tesla_m60_xen_19

Now copy the gpumodeswitch file to a temporary folder (e.g. tmp) on the XenServer.
nvidia_tesla_m60_xen_20

Switch to the command line from the XenServer and navigate to the tmp folder. To show the current GPU mode enter the following command:

./gpumodeswitch –listgpumodes

But what’s that – the permission is denied.
nvidia_tesla_m60_xen_21

To allow the execution of the file you have to modify the file permission. Enter the following command:

chmod 700 gpumodeswitch

Now you should be able to execute the gpumodeswtich utility. After the execution you get another warning that first the NVIDIA kernel driver has to be unloaded.
nvidia_tesla_m60_xen_22

Before you can remove the driver first stop the xcp-rrdd-gpumon service:

service xcp-rrdd-gpumon stop

Now remove the unload the NVIDIA driver.

rmmod nvidia

nvidia_tesla_m60_xen_23

You can now change the graphics mode with this command:

./gpumodeswitch –gpumode graphics

The mode change needs to be confirmed with Y.
nvidia_tesla_m60_xen_24

The Tesla cards now receive the graphics mode firmware.
nvidia_tesla_m60_xen_25

After the update finished you can again check if the graphics mode is now active.

lspci –n | grep 10de

In the red marked area you now see a 300 for all Tesla cards – the Graphics mode is now active.
nvidia_tesla_m60_xen_26

If you switch to the GPU area from the XenServer the different vGPUs are shown.
nvidia_tesla_m60_xen_27

Installing and Configuring the Nvidia Licensing Service

The next step is to install and configure the Nvidia Licensing service. The necessary downloads are also available in the Nvidia portal under Product Download.

nvidia_tesla_m60_xen_28

The package contains a setup.exe and two documents. Start the installation with the setup.exe
nvidia_tesla_m60_xen_29

If you haven’t read the requirements you might have missed that the service requires a Java 32Bit installation.
nvidia_tesla_m60_xen_30

So first install Java….
nvidia_tesla_m60_xen_31

And then start the setup again.
nvidia_tesla_m60_xen_32

Accept the license agreement for the Nvidia software.
nvidia_tesla_m60_xen_33

And also accept the license for Apache – an Apache Tomcat is used for the license service.
nvidia_tesla_m60_xen_34

You can now change the installation path (if you like).
nvidia_tesla_m60_xen_35

The default setting is to configure the Windows Firewall to only allow connections to the license service itself – not to the management website. If you want to access the website not only from the license server itself (and the Windows Firewall is active) you need to activate the Management interface as well.
nvidia_tesla_m60_xen_36

A summary shows the installation path and the required disk space.
nvidia_tesla_m60_xen_37

The license service (including Apache Tomcat) is now installed.
nvidia_tesla_m60_xen_38

Finish the installation with Done.
nvidia_tesla_m60_xen_39

The first check is now if the tomcat is running. Open a browser on the server and open http://localhost:8080 – you should now see the Tomcat welcome page if everything is running correctly.
nvidia_tesla_m60_xen_40

To open the Nvidia license server enter http://localhost/8080/licserver
The first things shown are the Licensed Clients – of course there is no client shown until now because we didn’t configure a client or install a license.
nvidia_tesla_m60_xen_41

The licenses are managed under License Management. As you can see you need to upload a license file.
nvidia_tesla_m60_xen_42

To get the license file browse again to the Nvidia portal and switch do License History. Here you can see all of your licenses. Select the licenses you would like to assign.
nvidia_tesla_m60_xen_43

For assigning the licenses you need the MAC address of the license server.
nvidia_tesla_m60_xen_44

To get the MAC open a Command prompt or a Windows PowerShell on the licensing server. Enter the following command:

ipconfig /all

Search for the Ethernet-Connection you plan to use and note the Physical Address.
nvidia_tesla_m60_xen_45

Enter the Physical Address in the MAC address field (without any signs like “-“ or “:”). Add a free choose able Alias and Site Name.
nvidia_tesla_m60_xen_46

The server is now created – but no licenses are assigned. Choose Map Add-Ons to add a license.
nvidia_tesla_m60_xen_47

Press Search to view your current licenses. Enter the Qty to Add of the licenses you want to assign and press Map Add-Ons.
nvidia_tesla_m60_xen_48

Now the licenses are mapped to the server. Select Download License File to download the license BIN file.
nvidia_tesla_m60_xen_49

Put the downloaded BIN file on a folder on the license server.
nvidia_tesla_m60_xen_50

Now open again the license management console and go to License Management.
nvidia_tesla_m60_xen_51

Select the downloaded BIN file and press Upload.
nvidia_tesla_m60_xen_52

A sucessful upload is confirmed with Successfully applied license file to license server.
nvidia_tesla_m60_xen_53

Go to License Feature Usage to show the currently available licenses.
nvidia_tesla_m60_xen_54

Configure a VM with a vGPU and assign a license

The last configuration step is to assign a vGPU and install the Nvidia Drivers inside the VM.

Open the properties of a VM (I am not going to cover how to create a VM and install Windows on the VM) and switch to GPU.
Now you have to select the vGPU-Profile.
Depending on the profile you need a different license. The profiles are split into the following licenses:
A: Grid Virtual Applications
B: Grid Virtual PC
C: Grid Virtual Workstation

You can find a good comparison of the types in this blog post from Richard Hoffman.
nvidia_tesla_m60_xen_55

When you now start the VM and check the Device Manager you will still only see a Default VGA Graphics Card. To change that the necessary drivers need to be installed.
nvidia_tesla_m60_xen_56

Copy the ones for your OS to the VM.
nvidia_tesla_m60_xen_57

Start the setup and confirm the Windows UAC Message with yes.
nvidia_tesla_m60_xen_58

Select a folder to extract the driver files.
nvidia_tesla_m60_xen_59

Now the actual setup starts. Agree to the licenses,
nvidia_tesla_m60_xen_60

Either choose Express or Custom installation.
nvidia_tesla_m60_xen_61

There is no difference between the installation except that in a Custom installation you can see which components are installed and it’s possible to Perform a clean installation if you had problems with the currently installed driver.
nvidia_tesla_m60_xen_62

The installation starts.
nvidia_tesla_m60_xen_63

After the installation is finished a reboot is necessary.
nvidia_tesla_m60_xen_64

If you now open the Device Manager again and check the Graphics Card you will see a NVIDIA GRID card – here you can also see which vGPU-Type is assigned.
nvidia_tesla_m60_xen_65

The last step is to assign a license to the VM. Open the Control Panel and search for Nvidia.
nvidia_tesla_m60_xen_66

Open the Nvidia Control Panel.
nvidia_tesla_m60_xen_67

Now select License management. Here you can enter License Server FQDN and the configured Port (default: 7070).
nvidia_tesla_m60_xen_68

After entering the information’s press Apply to assign a license.
nvidia_tesla_m60_xen_69

If everything is working correctly the license is now applied.
nvidia_tesla_m60_xen_70

If you now open the License Server Management Interface again you will find the client under Licensed Clients.
nvidia_tesla_m60_xen_71

For each client you can also open get detailed information’s.
nvidia_tesla_m60_xen_72

That’s it. Now you can continue with everything else (e.g. Citrix XenDesktop HDX 3D Pro VDA). Hope the article helped some of you Smile

Update to Exchange 2016 CU1 fails with WMSVC error

During the last days I had to update a few Exchange 2016 servers to CU1. Unfortunately the update failed with the following error:

Error:
The following error was generated when "$error.Clear();
          $keyPath = "HKLM:\Software\Microsoft\WebManagement\Server";
          if (!(Get-Item $keyPath -ErrorAction SilentlyContinue))
          {
            New-Item $keyPath -Force
          }
          Set-ItemProperty -path $keyPath -name "EnableRemoteManagement" -value 0x1 -Type DWORD -Force;

          if (Get-Service WMSVC* | ?{$_.Name -eq ‘WMSVC’})
          {
            Set-Service WMSVC -StartupType Automatic
            Stop-SetupService -ServiceName WMSVC;
            Start-SetupService -ServiceName WMSVC
          }
        " was run: "Microsoft.Exchange.Configuration.Tasks.ServiceDidNotReachStatusException: Service ‘WMSVC’ failed to reach status ‘Running’ on this server.
   at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
   at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
   at Microsoft.Exchange.Management.Tasks.ManageSetupService.WaitForServiceStatus(ServiceController serviceController, ServiceControllerStatus status, Unlimited`1 maximumWaitTime, Boolean ignoreFailures, Boolean sendWatsonReportForHungService)
   at Microsoft.Exchange.Management.Tasks.ManageSetupService.StartService(ServiceController serviceController, Boolean ignoreServiceStartTimeout, Boolean failIfServiceNotInstalled, Unlimited`1 maximumWaitTime, String[] serviceParameters)
   at Microsoft.Exchange.Management.Tasks.ManageSetupService.StartService(String serviceName, Boolean ignoreServiceStartTimeout, Boolean failIfServiceNotInstalled, Unlimited`1 maximumWaitTime, String[] serviceParameters)
   at Microsoft.Exchange.Management.Tasks.StartSetupService.InternalProcessRecord()
   at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
   at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".

setup_error

One part of the error message was really important:
Service ‘WMSVC’ failed to reach status ‘Running’

So i opened the services console and tried to start the service Web Management Service (WMSVC) manual – which also failed. In the event log the following two errors were logged when I tried to start the service:

Log Name:      Application
Source:        Microsoft-Windows-IIS-IISManager
Date:          23.06.2016 10:17:52
Event ID:      1007
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      dedam-excsv1000.corp.grimme.com
Description:
IISWMSVC_STARTUP_UNABLE_TO_READ_CERTIFICATE

Unable to read the certificate with thumbprint ‘29827623d1eec8d17743d4bca2beb9cbcb2027d8’.  Please make sure the SSL certificate exists and that is correctly configured in the Management Service page.
wmsvc_error_1

Log Name:      System
Source:        Service Control Manager
Date:          23.06.2016 10:17:52
Event ID:      7024
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      dedam-excsv1000.corp.grimme.com
Description:
The Web Management Service service terminated with the following service-specific error:
Unspecified error

wmsvc_error_2

The first error shows quite clear what the problem is:
Unable to read the certificate

To check the certificate for the Web Management Service you have to open the IIS Manager, select the current server and switch to the Features View. Now open Management Service.
iss_console_1

As you can see here there is no SSL certificate selected.
iss_console_2

Select a (valid) certificate and apply the settings.
iss_console_3

After that you should be able to start the WMSVC service again and the Exchange setup should continue. The reason that the problem happened is that the local certificate was renewed a few days before. In the default IIS configuration renewed certificates are not automatically rebound. To fix this open: IIS Manager => Server => Feature View => Server Certificates
Now switch the setting on the right side and enable Automatic Rebind of Renewed Certificate.
iis_console_ssl

That’s it Smile

No vGPU is available with NVIDIA Tesla M60 on Citrix Xenserver

During the last days I had to invest an interesting problem. On a XenServer there were no vGPUs available on a Tesla M60 from NVIDIA. Only GPU Pass-through was available.
gpu_pass-through

Ok – time to check if the necessary supplemental pack is installed:
supplemental_packs

As you can see this was installed – so maybe the Tesla is running in Compute-Mode instead of Graphics-Mode. To check this, connect to the console of the XenServer and login. Now run the following command:

lspci -n | grep 10de

This will show you all available cards with their current configuration (compute or gpu):
graphics_mode
If the marked value is 0300 everything is fine and the card is in graphics mode. If it’s 0302 it’s in compute mode and you have to change it to graphics mode.

So it looks everything correct – but vGPUs are still not available. Possible it’s just a problem with the NVIDIA vGPU pack – let’s reinstall it with the XenCenter.
Tools => Install Update
Choose “Select update or supplement pack from disk” and browse to the vGPU Iso from the Nvidia Driver Download Package.
install_supplemental_pack

Continue with the installation – but what’s that:
xencenter_supplemental-pack_error
The installation fails (without a detailed information why).

So time for the manual way– copy the vGPU rpm File to the XenServer with WinSCP.
vgpu-rpm_winscp

And start the installation with the following command (after browsing to the correct folder):

rpm -Uv NVIDIA-vGPU-xenserver-7.0-361.45.09.x86_64.rpm

But guess what happened again? The installation failed with the following messages:

Preparing packages…
file /usr/share/doc/NVIDIA_VGX/LICENSE from install of NVIDIA-vGPU-xenserver-7.0-361.45.09.x86_64 conflicts with file from package NVIDIA-vGPU-kepler-xenserver-7.0-361.45.09.x86_64
file /usr/share/hwdata/pci.ids.d/nvidia.ids from install of NVIDIA-vGPU-xenserver-7.0-361.45.09.x86_64 conflicts with file from package NVIDIA-vGPU-kepler-xenserver-7.0-361.45.09.x86_64
file /usr/share/nvidia/monitoring.conf from install of NVIDIA-vGPU-xenserver-7.0-361.45.09.x86_64 conflicts with file from package NVIDIA-vGPU-kepler-xenserver-7.0-361.45.09.x86_64
file /usr/share/nvidia/vgpu/vgpuConfig.xml from install of NVIDIA-vGPU-xenserver-7.0-361.45.09.x86_64 conflicts with file from package NVIDIA-vGPU-kepler-xenserver-7.0-361.45.09.x86_64

console_supplemental-pack_error

Luckily this time the error message is much more helpful – it tells that there is a conflict with the NVIDIA-vGPU-kepler-xenserver-7.0-361.45.09.x86_64 file.

So why can’t I upgrade the vGPU Package? The most important part is the word KEPLER in the conflicting file. A lot of people don’t know (and it’s not well documented until now) that NVIDA deploys two different versions of the vGPU Package. One is valid for GRID K1 and K2 – the other one for the Tesla cards. So at the end you might have two packages:
K1 + K2:
NVIDIA-vGPU-kepler-xenserver-VERSION-NUMBER
Tesla:
NVIDIA-vGPU-xenserver-VERSION-NUMBER

If you now think – ok just remove the K1/K2 package – sorry that’s (still) not supported in XenServer (XenServer 7.0 – Point 7.4):

At present, uninstallation of supplemental packs is not supported. However, to ensure that it is simple to provide such a feature in the future, all RPMs that are included in supplemental packs must be able to be uninstalled cleanly (using rpm -e). This includes reverting any configuration such as firewall rules or log rotation configuration.

The only (supported) solution is to completely reinstall the XenServer. After that install the Tesla vGPU Package and you should be fine and see all the available vGPU Types:
nvidia_tesla_vgpu_types

Hope that helps some of you to know that there is a difference between the K1/K2 and Tesla package.

There are only a few questions which are still open for me at the moment:
Why is it necessary to switch from one vGPU Type (K1/K2 to Tesla) to reinstall the XenServer?
What happens if a customer would like to use a K2 and Tesla M60 in one physical Server?

Upgrading Citrix NetScaler 10.5 to 11–SharePoint Websites might fail to load

During the last weeks I was facing a really strange problem. After upgrading a NetScaler from Version 10.5 to 11 one specific SharePoint Website was not accessible any longer. Either it looked like this – so it was not completely loaded:
image
(As you can see the browser showed “ERR_CONNECTION_ABORTED”.)

Sometimes it even directly stopped when “Is loaded” was shown.
sharepoint_loading

Interestingly other websites – opened through the same NetScaler – worked without any problems. Furthermore there were no specific Actions / Policy bound to the Virtual Server – it was just a load balancer.

We tested different things and even debugged our Backend-Systems. Unfortunately we didn’t find any problems. Luckily one day I discussed the problem with a Citrix SE. He told me that he was facing the same problem when the NetScaler Insight Center (and so AppFlow) was used to monitor a Virtual Server. I checked the Insight Center and guess what – the Insight was enabled for the Website which failed to load after the NetScaler Upgrade.
netscaler insight center

So i disabled the monitoring – upgraded the NetScaler – checked the website – Problem fixed Smile
I still don’t get why AppFlow prevents loading a load balanced WebSite – but if you have problems like that just try to disable AppFlow.

Microsoft Exchange 2016 and 2010 coexistence – Outook shows login promt

During a migration from Exchange 2010 to Exchange 2016 I was facing a strange problem. Users with a Mailbox on 2016 always received a login prompt when they started Outlook.
outlook-login-prompt

The problem only happened for users that had access to public folders (still hosted on Exchange 2010) or mailboxes that also had not been migrated. If you start to google for the problem, the first hint you get is to change the Outlook Anywhere Authentication on Exchange 2016 (the default now is Negotiate) to NTLM. Ok – let’s check the current settings with PowerShell (Exchange Management Shell) for each CAS-Server:

Get-OutlookAnywhere –server SERVERNAME

Exchange 2016:
ex2016-ntlm
Already Ntlm – so let’s check 2010:
ex2010-basic
As you can see this was still Basic.

Interestingly the Exchange 2010 Shell shows the option ClientAuthenticationMethod – while the 2016 Shell shows InternalClientAuthenticationMethod AND ExternalClientAuthenticationMethod.

Time to change the Exchange 2010 CAS to NTLM Authentication:

Set-OutlookAnywhere -Identity "SERVERNAME\Rpc (Default Web Site)" -ClientAuthenticationMethod ntlm

Restart IIS to make sure the setting is applied (CMD – IISRESET):
ex2010-ntlm

Unfortunately this didn’t fix the problem Sad smile So time to look for other solutions. I then found Hotfix 2990117 from Microsoft which exactly described our problem. I downloaded the hotfix – but the installation “failed”. There was no error message nor anything else – the installation just started fine but never finished. Luckily the Hotfix also describes a workaround:

Open the IIS Manager on the 2010 CAS and go to Application Pools => DefaultAppPool and choose Advanced Settings on the right side.
iis-app-pools

Go to Identity and press “…”.
default-app-pool

Now switch the setting to NetworkService.
default-app-pool-identity

After this confirm the settings with OK (twice) and press Recycle on the right side in the IIS Console (when the Default-App-Pool is selected). To make sure everything is applied correctly I also did an IISRESET. First I only changed the setting on the 2010 CAS-Servers – than also on 2016. But guess – still the same problem:/

Time to check the information’s that I had until now. All information’s that are available point to an Authentication Problem. Mainly Exchange 2016 uses different methods compared to 2010. So it’s often suggested to change the settings to NTLM. What happens if Outlook uses Outlook Anywhere? It “opens” the RPC Website. Let’s check the Authentication settings for the RPC Website:

Open IIS Manager and go to  Sites => Default Web Site => RPC => Authentication
iis-rpc

Now select Windows Authentication =>  Providers.
iis-authentication

We can now see that Negotiate is the first configured provider. If we now remember that we had to switch our Outlook Anywhere Settings for Exchange 2016 to NTLM to make it compatible with 2010 this doesn’t sound correct.
providers_negotiate

So I moved NTLM to the top and restarted the IIS (IISRESET).
providers_ntlm

I repeated this on every other Exchange 2010 CAS-Server – and after that the login prompt didn’t occur any longer. Hopefully this blog post helped some of you to save a lot of time with troubleshooting this problem.

PS:
After switching back the App-Pool-Identity to AppliactionPoolIdentity some clients (especially Outlook 2016) again showed the login prompt – so I think it’s necessary to change both settings.

Creating a Citrix NetScaler Redirect Policy for StoreFront Web

When a user tries to access Citrix StoreFront with a Web browser he needs to know the full path to the (default) WebStore – if no redirection is configured. You can either configure this on each StoreFront Server through the IIS or on a load balancer (eg NetScaler) in front of them. Thus I would like to show you how to configure this redirection on a NetScaler:

1.Open the Load Balancing Virtual Server for StoreFront
2014-10-24 08_45_47-Citrix NetScaler VPX - Configuration - Internet Explorer

2. Under Advanced activate Policies and add one (+).
2014-10-24 08_45_57-Citrix NetScaler VPX - Configuration - Internet Explorer

3.Choose the following configuration:
Policy: Rewrite
Type: Request
2014-10-24 08_46_19-Citrix NetScaler VPX - Configuration - Internet Explorer

4.Select “+” next to “Select Policy” to add a Policy.
2016-02-17 13_15_49-Heizungsverteiler _ Heizung KNX - OneNote

5. Enter a Name for the policy and add a new Action (“+” under Action).
image

6.Enter a name for the policy and configure the following settings:
Type: REPLACE
Expression to choose target location: HTTP.REQ.URL
Expression to Replace with: “/Citrix/StoreWeb” (If you are not using the default StoreWeb Url replace this with your Url – but only the folder part).
Confirm the settings with Create.
image

7. With the Action we configured what happens – now we need to configure when the action is applied. Thus you enter the following for the Expression:
HTTP.REQ.URL.EQ(“/”)
To create the Policy with the configured action press Create.
image

8.The last step is to bind the policy to the Virtual Server (Bind). We do not have to configure anything like Priority because for this only one policy is necessary.
image

9. That’s it – the policy is now bound to the Virtual Server and users are automatically redirected to the StoreFront Website.
image

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: