Base Image Script Framework (BIS-F) 6.1.0 BETA available

Updated, 19.10.2017 Matthias Schlimm

Hi Folks,

after some long weeks with the BIS-F 6.1.0 TEST build 03.x and very great feedback from the community, we are happy to release the BETA 6.1.0 build 02.x today. Many new features in this release , please read and download below

What’s new in BIS-F 6.1.0

 

Version 6.1.0 build 02.103 — 19.10.2017 12:13:13 :
19.10.2017 MS: Bugifx: defrag select the the right vDisk on the custom UNC-Path or the direct convertion
19.10.2017 MS: MSMQ show in Console Front instead SubMsg
———————————
Version 6.1.0 build 02.102 — 19.10.2017 09:03:00 :
17.10.2017 MS: Feature Add Offline VHD Defrag on custom unc path, thx to Dennis Span
17.10.2017 MS: Bugfix Running Office ream first and second OS rerarm, thx to Bernd Baedermann
17.10.2017 MS: Feature: ADMX change RES to ivanti Automation, thx to Chris Twiest
17.10.2017 MS: Feature: ADM extension PVS Target Device: select vDisk Type VHDX/VHD that can be using for P2PVS only, thx to Christian Schuessler
16.10.2017 MS: Bugfix Errorhandling – script will stop now after -Type E for Write-BISFLog
16.10.2017 MS: Bugfix Applayering, check if the Layer finalize is allowed before continue, thx to Brandon Mitchell
16.10.2017 MS: Bugfix OS rearm never run, path to slmgr.vbs must be entered before, thx to Bernd Baedermann
16.10.2017 MS: Bugfix detecting wrong POSH Version if running BIS-F remotly, using $PSVersionTable.PSVersion.Major, thx to Fabian Danner
15.10.2017 MS: Feature – AV-SEP.ps1: VIETool – using custom searchfolder from ADMX if enabled
03.10.2017 MS: Bugfix 214: SCOM Preparation – Test path if $OpsStateDirOrigin before delete, instead of complete C: content if if $OpsStateDirOrigin is not available
03.10.2017 MS: Bugfix 215: Personalization – writing wrong PersState to registry, preparation does not run in that case, thx to Ewald Bracko

  • select vDisk Format (vdh or vhdx) 
    • With PVS LTSR 7.6 you can only use vhd format, this can be selected in the ADMX for the Citrix PVS Traget Device. NOTE: vhd/vhdx can only be used with P2PVS, with ImagingWizard using vhdx only and ignore the ADMX settings
  • Offline VHD(X) Defragmention
    • If Custom UNC Path for PVS vDisk is selected, the vhd(x) will be mounted after convertion (with cvhdmount.exe),defrag it and unmount it (defrrag must be enabled in ADMX first)
  • edocs online:
    • with Version 6.1.0 we has removed the inline PDF Admin Guide, the complete Documentation is available in the future through http://edocs.eucweb.com.  Please Note: In the next weeks we prepare the documentation for the new release, this will be available with the BIS-F 6.1.0 PROD 01.x Release (planned end of october), in the meanwhile the online documentation is password protected and not public available.
  • Citrix AppLayering Support
    • BIS-F detect the different Layer like OS Layer and Application/Platform Layer and do sometimes different based on Layers.
    • General: with AppLayering the redirection to the WriteCacheDisk will be skipped, also the PVS ImagingWizard / P2PVS.
    • OS-Layer: Windows Update Service enabled only on this layer
  • Create PVS vDisk on UNC-Path
    • ADMX Computer Configuration > Administrative Tools > Base Image Script Framework (BIS-F) > Citrix > Configure Citrix PVS Target Device > Enable P2V Custom UNC-Path and enter it below (the path must be exist and accessible, BIS-F does not create the folder)
  • Windows Defender Support
    • Detect Windows Defender and running FullScan
  • F-Secure Support
    • Detect F-Secure AntiVirus and running FullScan
  • Citrix PVS: redirect and clear all Eventlogs
    • on preparation and personalization all Windows Eventlogs will be redirected to the PVS WriteCacheDisk, during preparation only the Eventlogs will b cleared
  • UEFI and Legacy Support
    • in the ADMX Computer Configuration > Administrative Tools > Base Image Script Framework (BIS-F) > Citrix > Configure Citrix PVS Target Device > P2P Tool
      • you can select ImagingWizard or P2PVS. If you has P2PVS selected and running UEFI an automatic failover to ImagingWizard will be executed from BIS-F
      • GPT Support for WriteCacheDisk
  • Citrix WEM AgentCache Refresh on startup
    • on personalization, the netlogon and WEM service will be stopped and the WEM AgentCache refresh runs, after that the Netlogon and WEM Agent service starts
  • PrinterLogic Support
    • Delete PrinterInstaller Logfile in path C:\Windows\Temp\PPP on preparation
  • vmOSOT – select Template
    • ADMX Computer Configuration > Administrative Tools > Base Image Script Framework (BIS-F) > 3rd Party Tools > VMware OS Optimization Tool.
      • Custom Search Folder: You can also enter an custom searchfolder, e.g. c:\windows\system32, if you do not configured or disable the custom searchfolder option, the standard BIS-F Folders will be used.
      • Template Name: Enter the complete path to the the Template that would be used during optimization, e.g. c:\temp\mytemplate.xml, if nothing is specified the template for the running OS will be used.
  • Citrix Optimizer Support.
    • ADMX Computer Configuration > Administrative Tools > Base Image Script Framework (BIS-F) > Citrix >Configure Citrix System Optimizer (CTXOE).
      • Optional you can define the name of a template that should be used during execution. If there is no template specified, BIS-F will search for an OS-specific default template. If there is no appropriate template available, the execution of CTXOE will be skipped.
        It is also possible to define a list of GroupIDs (defined in the template) of setting groups that should be executed. The value must be a comma-separated string; e.g. “DisableServices,OptionalServices”. If there are no GroupIDs specified, CTXOE will execute all available setting groups.
        To run CTXOE in analyze-only mode, check “Mode: Analyze only”.
      • Prerequisites: CTXOE must be installed on the Base Image first (BIS-F will check the following locations: C:\Program Files, C:\Program Files (x86), C:\Windows\system32) or you can enable and define an custom searchfolder within this policy.
  •  Log Retention period
    • ADMX Computer Configuration > Administrative Tools > Base Image Script Framework (BIS-F) > Global > Configue Logging.
      • You can select the log retention period (default: keep the last 5 logs)
  • Delete or display Ghost devices
    • ADMX Computer Configuration > Administrative Tools > Base Image Script Framework (BIS-F) > Microsoft > Ghost Devices (you will find 3 policies to configure)
      • Operations Mode: Defines how the ghost device feature will operate, this policy has three operation modes:
        • Remove ghost devices
        • List all devices without removal
        • List only ghost devices without removal
      • Remove ghost devices:
        • This option will enable the feature to execute device removal.  This function can be modified by enabling and configuring the two filter group policy options.  Enabling and configuring filtering by class or friendly name will exclude devices in those lists from being removed.
      • List all devices without removal:
        • This option will output all devices detected into the log without removing any devices.
      • List only ghost devices without removal:
        • This option will output ghost devices detected into the log without removing any devices.   .
  • Citrix Broker Service Delay
    • ADMX Computer Configuration > Administrative Tools > Base Image Script Framework (BIS-F) > Citrix >VDA Configuration
      • enable Delay Citrix Desktop Service: The Citrix Desktop Service controls the registration state through the Citrix Controller. In some circumstances, this service has successfull registered the VM and the user can logged on to this, through Receiver/StoreFront. In the Backend some depend actions like Workspace Environment Agent, Group Policies, App-V Client and someone else are not completed with their own task. If you enable this policy the Citrix Desktop Service will be started first, if the BIS-F personalization is finished.Note: If you has the Device personalization configured to skip it on all DiskModes or on private Mode only, the Citrix Desktop Service would also be started.
  • Personalization based on DiskMode
    • ADMX Computer Configuration > Administrative Tools > Base Image Script Framework (BIS-F) > Global > Configure Personalization
      • Skip Personalization based on DiskMode, you can select a DiskMode to skip the Device Personalization on computer startup.
        > None – never skip the Device Personalization
        > ReadWrite – if the Image is in Private Mode (PVS or MCS) skip the Device Personalization
        > All – ignore all DiskMode’s and skip the Device Personalization
  • 3rd Party Tools, custom install path
    • ADMX Computer Configuration > Administrative Tools > Base Image Script Framework (BIS-F) > 3rd Party Tools
      • enable and enter the custom install path, where the 3rd Party Tool is installed, you can configure individual for each 3rd Party Tool
  • Configure Folders
    • ADMX Computer Configuration > Administrative Tools > Base Image Script Framework (BIS-F) > Global > Configure Folders
      • You can enter a custom foldername for the redirection of the EventLogs and Spool, this will be happen, if the Citrix PVS Target Device Driver is installed and the redirection through BIS-F is active.
  • Shared Configuration
    • ADMX Computer Configuration > Administrative Tools > Base Image Script Framework (BIS-F) > Global >Shared Configuration
      • Export the BISF CLI commands, that would be set from the complete BIS-F policy to an xml file. This can be used for compiuters that’s running in workergroup (like Citrix AppLayering) or you have no access to modify the Active Directory Group Policies.You can enter an UNC or local path, that can be accessed from the computer (if it’s running in workgroup mode and you have entered an UNC-Path, please set NTFS Rights to Everyone Read to get the xml file without prompt)1. Running Powershell with administrative privileges
        2. cd <BIS-F Installation folder>\Framework
        3. .\PrepBISF_Start.ps1 -ExportSharedConfiguration
        4. the xml files would be created, in the path that you’ve entered in this policy
        5. Copy BISFSharedConfig.xml to the <BIS-F Installation folder>
        6. If BIS-F is running, it reads the XML BISFSharedConfig.xml and get the path to the shared configuration, import these settings into the local policy and load the values into BIS-F.
  • RES Automation Agent Service
    • ADMX Computer Configuration > Administrative Tools > Base Image Script Framework (BIS-F) > RES > Disable RES ONE Automation Agent Service
      • In preparation if BIS-F is executed from RES Automation Agent it’s not possible to stop the service itself, with this ADMX setting you can control the service during preparation

 

[Download not found]

 

Image Optimization Analysis – Citrix XenApp

Citrix Upgrade Process 7.9 to 7.x

Before you upgrading your Site from 7.9 to 7.x, we found the following needful things, they are necessary in our environments. These three  environments have been created according to the TAP model, so everything is identical.

Before you think of an update, you should make a snapshot of all participating machines!

We have unpacked the ISO file from XenDesktop 7.x, into any TMP directory and starting Autorun.exe with administrative rights. Always!

It is important to make previously thought, perhaps it is even necessary to upgrade split up over several days.

An example of an upgrade process:

  • Day 1: Upgrade license server and PVS
  • Day 2: Upgrade Storefront, Delivery Controller, and Site DB over the studio which has also been upgraded.
  • Day 3: Upgrade Director
  • Day 3: Upgrade VDA on the Master Image

At first, the license server should get an upgrade. This only realizable if we had the Powershell Licensing Admin Powershell Snapin x64 package install before we start, otherwise the upgrade will be failed.

If PVS is used in your environment, it start’s with the PVS Servers. This is also because the PVS only makes the provision of the vDisk power and self-sufficient.
Therefore, it makes sense to do this immediately, the upgrade takes about 20 minutes per machine.

Upgrade the Storefront Server!

If you use MS SCOM for monitoring, please stop the MS SCOM MP Agent Storefront “ComTrade.MP.Storefront.Service.exe” process in Task Manager.
If it does not work yet, you should end all Citrix services.

Powershell to stop all Citrix services:

Get-Service Citrix* | Stop-Service -Force

>>Then it works, the upgrade can take about 30-45min !!

The DDCs did not cause any problems with us. If the upgrade might be failed, then also stop all Citrix services  and start the Upgrade again. The upgrade can take about 30-45min. take.

At this point, it’s just simple and a step away from a successful upgrade.

As soon as you start Citrix Studio you will find that it has no content and the site symbol in the upper left of the tree is marked with an orange triangle.
Note that Studio is not compatible with this version (newer version). Therefore you have to close the studio again and upgrade. When you open the Studio, it automatically requests a site upgrade on the DB. This can be done, if we have all the data needed to connect to the database.

This only takes a few minutes depending on the size of the site DB and all the entries appear as before.

Now you can contact the Citrix Director and start the upgrade. Here, in one of the environments, it was necessary to uninstall the old Director and then install the new one.

Because what does the Director, he got all the information available on the monitoring database about the way the delivery controller is stored on the database.

Upgrade VDA Agent on the Master Image, has always been without problems. Create a new version of the MasterImage, upgrade the MasterImage as descriptive, and then finish the upgrade and then shut down the MasterImage again.

 

Citrix Upgrade 7.9 to .7.xx process Picture

 

Close PowerShell Session with a keyboard shortcut

I love to work with shortcuts and to “TAB” my way through programs. So it always bothers me that I couldn’t close my PowerShell Console with a keyboard shortcut…

But thanks to a suggestion by Jason Stangroome and Bartek Bielawski (see here) this isn’t a problem anymore.

So I just added this line of code to my PowerShell (Console) Profile Script:

Set-PSReadlineKeyHandler -Chord Ctrl+D -Function DeleteCharOrExit

And now I can close my console window by hitting Ctrl and D. Of course, you could also use Alt + F4 or any other combination you like 😉

 

BTW: there are many more options for -Function besides DeleteCharOrExit – check it out by using TAB or Ctrl and Space.

Webinar 21.09.2017: Master Image optimieren, neutralisieren und personalisieren mit dem Base Image Script Framework (BIS-F)

Die Neuinstallation oder die Aktualisierung von Master Images ist ein ständiger Prozess in der heutigen IT-Infrastruktur. Doch bevor das Master Images verteilt werden kann, müssen unzählige Optimierungen vorgenommen werden, Anti-Virus Agents, ESD Agents und viele weitere installiere Agenten neutralisiert und auf dem Ziel-Image personalisiert werden. Doch wie wird der Administrator dieser  Anforderung gerecht ?

 Wir zeigen Ihnen welche einfache Möglichkeiten unser kostenlosen Tool „Base Image Script Framework (BIS-F)“ für Sie bietet um den oben beschriebenen Anforderungen gerecht zu werden.

 

Inhalte des Webinars:

• Notwendige Vorbereitungsmaßnahmen am Master Image für das Image Deployment

• Einsatz von BIS-F

• Konfiguration von BIS-F über ADMX

• Ablauf Image Vorbereitung / Image Personalisierung

• Neuigkeiten im kommenden Release 6.1.0 mit Support für Citrix AppLayering

• Troubleshooting

• Fragen & Antworten

Anmeldung: https://register.gotowebinar.com/register/6207319667799633153

 

Base Image Script Framework (BIS-F) 6.1.0 TEST – Release

(Updated 06.092017 | BIS-F 6.10 TEST build 03.102We are now entered the Testing Stage for the well known Base Image Script Framework (BIS-F). The DEV build is closed now after some weeks of development and crazy nights, Remote Sessions to get the right solution. But now have a deeper look into:

 

With this Update we have added “Enable Custom Arguments” in the PVS Target Device Configuration (ADMX)

If you enable this policy, depends on the PVS Target Configuration in this Policy you can enter custom arguments, like C: only, for example: If you choosing P2PVS als the P2V Tool, the default arguments would be set to C: /Autofit /L , with the custom arguments you overwritten this arguments and using C: only

NOTE: If you entered incorrect arguments, the convertion of the PVS vDisk might be failed !

If you do not enable, the default arguments inside BIS-F would be used.

In Addition we have created an MaxExecutionTime for all processes that be running with the PowerShell Progressbar, if not specified the default value with 60 minutes would be set, after ths execution of this time, the process would be aborted.

The BIS-F Admin Guide in the Installationfolder would replaced with the online documentation, you can get it in the future -> check out http://edocs.eucweb.com

————

Citrix AppLayering:
You can run BIS-F on each Layer, the Layer would automatically detected between OS-Layer and Platform/Application layer and do the right sealing steps. You do no longer need “Shutdown for Finalize” inside the VM created from ELM.

  • In OS-Layer only, the Windows Update Service would be started, not in other Layers.
  • IF AppLayering and PVS Target Driver is installed (or not) a complex Matrix would developed to redirect event-logs and other stuff, like WEM Agent Cache, etc.
  • Skipping PVS Convert if AppLayering agent is installed
  • If you create a new OS or Application Layer the VM is starting in Workgroup Mode, for BIS-F you can easily export the ADMX Configuration to an local XML File to use them instead of GPO.   You must enter an valid UNC or local Path (that must be exists) in the ADMX in Computerconfiguration > Administrative Templates > Base Image Script Framework > Silent Configuration > Global > Shared Configuration. After you have configured that,  you must export the configuration from a valid Computer where the registry values are set from the ADMX.
  1. Running Powershell with administrative privileges
  2. cd <BIS-F Installation folder>\Framework
  3. .\PrepBISF_Start.ps1 -ExportSharedConfiguration
  4. The xml files would be created, in the path that you’ve entered in the policy (Shared Configuration)
  5. Copy BISFSharedConfig.xml to the <BIS-F Installation folder>
  6. If BIS-F is running, it reads the XML BISFSharedConfig.xml and get the path to the shared configuration, import these settings into the local policy and load the values into BIS-F.

We are refer to 4.x Layering Best Practices if you are using AppLayering with PVS Target Device Driver

–snip–
If you need to attach extra disks to your Platform Layer for your Provisioning System – for instance, Cache disks or a BDM in PVS – attach them and let Windows detect them and reboot as necessary. When you are ready to Finalize the layer, double-click on the Shutdown for Finalize icon.  When the machine is off, remove the extra disks.  The Finalize operation from the ELM will fail if there are extra disks on the VM.  But don’t remove them until Windows is completely shutdown and you are ready to finalize the layer.
—snap—

We have included several additional features and enhacements like:

  • CTXOE Support,
  • vmOSOT custom Template Path in ADMX
  • Custom Path in ADMX for all 3rd Paty Tools
  • Citrix PVS: Select ImagingWizard or P2PVS in ADMX and custom UNC Path for vdhx to create
  • Custom Path for Spool and Eventlogs
  • Redirect all Eventlogs
  • Cleanup temp directory
  • Refresh WEM Agent Cache on system startup
  • Support for GPT Disk
  • Support for Windows Defender
  • Support for F-Secure Anti-Virus
  • skip Personalization based on DiskMode in ADMX
  • Remove Ghost Devices
  • Configure Logging retention period

Please find below the complete Release Notes since we have started the BIS-F 6.1.0 DEV Release, all this changes are now a part of the Test Releases

06.09.2017 MS: Feature 204 – replacing AdminGuide.pdf with Online eDocs http://edocs.eucweb.com
06.09.2017 MS: Feature 203 – ADMX – Custom Arguments for P2PVS / ImagingWizard
05.09.2017 TT: bugfix 201 – enable maximumExecutionTime in Write-BISFProgressBar, if not specified the default value of 60 minutes would be set
04.09.2017 MS: bugfix – Eventlogs would be moved for both States (Prep and Pers) now, after changing it in V6.1.0 build 03.101
31.08.2017 MS: POSH Progressbar, sleep time during preparation only, change it from 10 to 5 seconds
31.08.2017 MS: change sleep timer from 60 to 5 seconds after time sync on startup
———————————
Version 6.1.0 build 03.101 — 31.08.2017 19:00:00 :
31.08.2017 MS: Bugfix – Eventlogs would be moved during Preparation only, this saved time during personalization
31.08.2017 MS: Clear all Eventlogs
25.08.2017 MS: Bugfix – P2V with UNC Path failed with space is in UNC Path
25.08.2017 MS: Bugfix – VHDX on UNC-Path would be created with double .vdhx extension
———————————
Version 6.1.0 build 03.100 — 24.08.2017 13:55:53 :
24.08.2017 MS: If AppLayering is installed and running not inside ELM, the VM is build first time, run defrag on systemdrive
24.08.2017 MS: if OS and Platform/Appliaction Layer not detected, VM is not running inside ELM, give back $GLobal:CTXAppLayerName=”No-ELM”
24.08.2017 MS: Bugfix: after restart WEM Agentservice, Netlogon must be started also
23.08.2017 JP: Fixed typos in the ADMX/AMDL file, optimized folder structure, removed duplicated definition (WindowsVista)
22.08.2017 MS: Feature Request – 97_PrepBISF_PRE_BaseImage.ps1 – cleanup various directories, like temp, thx to Trentent Tye
22.08.2017 MS: BugFix – create or update BIS-F schedule Task to run with highest privileges
22.08.2017 MS: If defrag not run, write-out the DiskMode to the BIS-F log for further anlaysis if possible to run
———————————
Version 6.1.0 build 04.113 — 18.08.2017 16:38:46 :
18.08.2017 FF: (PERS Sophos) Use $ServiceNameS instead of $ServiceName for first Test-BISFService
18.08.2017 FF: Fix for Bug 200: Popup shouldn’t show up if Central Logshare is enabled OR disabled
17.08.2017 FF: Program is named “Windows Defender”, not “Microsoft Windows Defender”, fixed typos
———————————
Version 6.1.0 build 04.112 — 16.08.2017 13:47:45 :
Last Change: 16.08.2017 MS: Skip Device Personalization, based on Diskmode selected in ADMX
Last Change: 15.08.2017 MS: Feature – DiskMode: extend Diskmode with AppLayering, ReadOnlyAppLayering, ReadWriteAppLayering, etc.
Last Change: 15.08.2017 MS: Bugfix – Personalization: If Citrix AppLayering is installed, skip reboot
Last Change: 15.08.2017 MS: move all BIS-F logs to the BISF logfolder, local and UNC-Path, previous only personalization logs would be moved to the UNC-Path
Last Change: 06.08.2017 MS: from every P2V convertion, the logfile would be included into the BIS-F log, instead of error only
Last Change: 06.08.2017 MS: Bugfix – ADMX: in some textbox fields, they starting with empty spaces
Last Change: 06.08.2017 MS: Bugfix – if Custom UNC-Path in ADMX is enabled, during “Personalization” the wrong $returnvalue like MCSPrivate is given back, instead of “UNC-Path”
———————————
Version 6.1.0 build 04.111 — 04.08.2017 21:23:17 :
04.08.2017 MS: Feature Request 150 : – Function Get-BISFDiskMode: If Custom UNC-Path in ADMX is enabled, get back ‘UNC-Path’ as $returnvalue
03.08.2017 MS: Change BIS-F Icon on Admin Desktop, thx to Marco Zimmermann
03.08.2017 MS: Feature – P2V : Get-BISFBootMode get back UEFI or Legacy to using different command line switches for ImagingWizard or P2PVS
03.08.2017 MS: Feature – P2V : Automatic fallback to ImagingWizard with UEFI BootMode, if P2PVS in ADMX is selected
02.08.2017 MS: Feature – System Startup : In AppLayering OS-Layer only, do not Resync Time with Domain and do not Reapply Computer GPO, Computer is mostly not domain joined
02.08.2017 MS: Feature – System Startup : With DiskMode AppLayering in OS-Layer the WSUS Update Service would be start
02.08.2017 MS: Feature Request 150 : IF ADMX for custom VHDX UNC-Path is enabled, Defrag can’t performed
02.08.2017 MS: Feature Request 150 : IF ADMX for custom VHDX UNC-Path is enabled, the arguments for the P2V Tool must be changed, this vDisk Mode must not being checked
02.08.2017 MS: Feature – Removing XenConvert completly and using settings from new ADMX to choose ImagingWizard or P2PVS
02.08.2017 MS: Feature Request 152 : ADMX – Set Logfile Retention via ADMX
02.08.2017 MS: Feature Request 193 : ADMX – Eventlog and Log Configuration, change POSH Code to use new reg values
02.08.2017 MS: Feature Request 196 : ADMX – delprof2 edit custom arguments
02.08.2017 MS: Feature : change ADMX to new structure, each vendor has his own folder
02.08.2017 MS: Bugfix – Windows Defender Script: to much ” at the end of Line 44, breaks defender script to fail
———————————
Version 6.1.0 build 04.110 — 01.08.2017 19:13:38 :
01.08.2017 MS: Feature Request 197 : add Progressbar for .NET Optimization
01.08.2017 MS: Feature Request 159 : ADMX – specifiy VMware OS Optimization Template
01.08.2017 MS: Feature Request 196 : ADMX – specifiy custom searchfolder for Citrix System Optimizer (CTXOE)
01.08.2017 MS: Feature Request 196 : ADMX – specifiy custom searchfolder for each 3rd Party Tool
01.08.2017 MS: Feature Request 193 : ADMX – specifiy custom eventlog and spool foldername
01.08.2017 JP: Fix some typos
———————————
Version 6.1.0 build 04.109 — 01.08.2017 05:38:40 :
01.08.2017 MS: Bugfix Test-AppLayeringSoftware, to much more bracket.. complete execution of BISF failed !
———————————
Version 6.1.0 build 04.108 — 31.07.2017 20:10:25 :
31.07.2017 MS: Bugfix: if Citirx PVS Target Device Driver and Citrix AppLayering is installed, PostCommand would not executed
31.07.2017 MS: Bugfix: If Citrix AppLayering is installed, in the Platform Layer the wrong Driveletter would give it back.
31.07.2017 MS: Bugfix: 10_PrepBISF_AV-SEP.ps1 – typo in search folders for the SEP vietool.exe
31.07.2017 MS: Show ConsoleMessage during prepare Citrix AppLayering if installed
———————————
Version 6.1.0 build 04.107:
29.07.2017 MS: add schedule Task “ServerCeipAssistant” to disable, thx to Trentent Tye
29.07.2017 MS: Feature Request 173: add Support for F-Secure Anti-Virus, thx to Thorsten Witsch
29.07.2017 MS: Feature Request 174: on systemstartup with MCS/PVS and installed WEM Agent – refresh WEM Cache
29.07.2017 MS: Feature Request 168: add Support for PrinterLogic PrinterInstaller Client to remove all files in C:\Windows\Temp\PPP
29.07.2017 MS: Feature Request 179: Enable all Eventlog and move Eventlogs to the PVS WriteCacheDisk if Redirection is enabled in function Use-BISFPVSConfig , thx to Bernd Braun
29.07.2017 MS: Bugfix 187: Wrong search folders for the SEP vietool.exe
29.07.2017 MS: Feature Request 192: support GPT WriteCacheDisk
———————————
Version 6.1.0 build 04.106:
28.07.2017 MS: Bugfix 195: If Citrix AppLayerLayering is installed get back DiskMode $returnValue = “AppLayering”
———————————
Version 6.1.0 build 04.105:
27.07.2017 MS: If Citrix AppLayering and PVS Target Device Driver installed, skip vDisk Operations
27.07.2017 MS: replace redirection of spool and evt-logs with central function Use-BISFPVSConfig, if using Citrix AppLayering with PVS it’s a complex matrix to redirect or not.
27.07.2017 MS: add new Function Use-BISFPVSConfig for Checking Redirection of Files is needed in combination with PVS and Citrix AppLayering
26.07.2017 MS: Bugfix Citrix Applayering: check Universervice ProcessID instead of ProcessName
———————————
Version 6.1.0 build 04.104:
25.07.2017 MS: Bugfix: Create central Function Test-BISFAppLayeringSoftware to give back $Global:CTXAppLayeringSW true or false value
25.07.2017 MS: Feature Request: with new Installerbuild (incremental version) in each DTAP Stage the build number also written to the log and the Windows Title, replace the manual change of the $ReleaseType in BISF.psm1
———————————
Version 6.1.0 DEV:
12.07.2017 FF: Prep_Altiris: Create $RegKeys as an array (was a hashtable before)
12.07.2017 FF: Prep_RES: BugFix for Redirecting RES Cache (Setting Cache Path to WCD)
03.07.2017 FF: CTXOE can be executed on every device (if “installed” + not disabled by GPO/skipped by user)
01.07.2017 MS: add Script to remove ghost devices, thx to Trentent Tye
28.06.2017 MS: Feature Request 169 – add AppLayering Support in PrepBISF_CTX.ps1
16.06.2017 FF: Feature Request 181 – add support for Citrix System Optimizer Engine (CTXOE)
28.06.2017 MS: Bugfix 186 – AppSense Product Path – thx to Matthias Kowalkowski
14.06.2017 MS: Feature Request 176 – Running ImagingWizard instead of P2PVS to support UEFI Boot on Hyper-V
14.06.2017 MS: Feature Request 172 – Stopping Shell Hardware Detection Service before ImagingWizard/XenConvert is starting, messagebox to format the disk supressed now
01.06.2017 FF: Feature Request 182 – Add 10_PrepBISF_AV-WindowsDefender.ps1 to support Windows Defender

 

Happy Test and Sealing… let us anything know

[Download not found]

Base Image Script Framework (BIS-F) 6.1.0 build 04.113

Update 18.August 2017 –  The BIS-F Version 6.1.0 build 04.113 Release is available now! Key features are some enhacements for Citrix AppLayering, ADMX Changes, Support for GPT WriteCacheDisk, F-Secure AntiVirus, Support for PrinterLogic PrinterInstaller Client Launcher, Refresh WEM Agent Cache on system startup.

Detail description and screenshots from the ADMX Changes, can be found here http://eucweb.com/2017/08/02/base-image-script-framework-bis-f-an-deep-look-into-the-next-release/

NOTE: This an early Developer Release for testing purposes only and it shows some notes during execution, this is NOT an production Release.  As usual other 3rd Party Tools (like cmtrace.exe, nvpsbind.exe, delprof2.exe, sdelete.exe….) are not included.

With the latest Version we have also created an DTAP Stage on each build, with the buildnumber you can easily identify which DTAP Stage you’re running.

Build 04.* = DEVELOP (D)
Build 03.* = Test (T)
Build 02.* = ACCEPTANCE (A)
Build 01.* = PROD (P)

This build included all previous changes from other builds, see below:

Version 6.1.0 build 04.113 — 18.08.2017 16:38:46 :
18.08.2017 FF: (PERS Sophos) Use $ServiceNameS instead of $ServiceName for first Test-BISFService
18.08.2017 FF: Fix for Bug 200: Popup shouldn’t show up if Central Logshare is enabled OR disabled
17.08.2017 FF: Program is named “Windows Defender”, not “Microsoft Windows Defender”, fixed typos
———————————
Version 6.1.0 build 04.112 — 16.08.2017 13:47:45 :
Last Change: 16.08.2017 MS: Skip Device Personalization, based on Diskmode selected in ADMX
Last Change: 15.08.2017 MS: Feature – DiskMode: extend Diskmode with AppLayering, ReadOnlyAppLayering, ReadWriteAppLayering, etc.
Last Change: 15.08.2017 MS: Bugfix – Personalization: If Citrix AppLayering is installed, skip reboot
Last Change: 15.08.2017 MS: move all BIS-F logs to the BISF logfolder, local and UNC-Path, previous only personalization logs would be moved to the UNC-Path
Last Change: 06.08.2017 MS: from every P2V convertion, the logfile would be included into the BIS-F log, instead of error only
Last Change: 06.08.2017 MS: Bugfix – ADMX: in some textbox fields, they starting with empty spaces
Last Change: 06.08.2017 MS: Bugfix – if Custom UNC-Path in ADMX is enabled, during “Personalization” the wrong $returnvalue like MCSPrivate is given back, instead of “UNC-Path”
———————————
Version 6.1.0 build 04.111 — 04.08.2017 21:23:17 :
04.08.2017 MS: Feature Request 150 : – Function Get-BISFDiskMode: If Custom UNC-Path in ADMX is enabled, get back ‘UNC-Path’ as $returnvalue
03.08.2017 MS: Change BIS-F Icon on Admin Desktop, thx to Marco Zimmermann
03.08.2017 MS: Feature – P2V : Get-BISFBootMode get back UEFI or Legacy to using different command line switches for ImagingWizard or P2PVS
03.08.2017 MS: Feature – P2V : Automatic fallback to ImagingWizard with UEFI BootMode, if P2PVS in ADMX is selected
02.08.2017 MS: Feature – System Startup : In AppLayering OS-Layer only, do not Resync Time with Domain and do not Reapply Computer GPO, Computer is mostly not domain joined
02.08.2017 MS: Feature – System Startup : With DiskMode AppLayering in OS-Layer the WSUS Update Service would be start
02.08.2017 MS: Feature Request 150 : IF ADMX for custom VHDX UNC-Path is enabled, Defrag can’t performed
02.08.2017 MS: Feature Request 150 : IF ADMX for custom VHDX UNC-Path is enabled, the arguments for the P2V Tool must be changed, this vDisk Mode must not being checked
02.08.2017 MS: Feature – Removing XenConvert completly and using settings from new ADMX to choose ImagingWizard or P2PVS
02.08.2017 MS: Feature Request 152 : ADMX – Set Logfile Retention via ADMX
02.08.2017 MS: Feature Request 193 : ADMX – Eventlog and Log Configuration, change POSH Code to use new reg values
02.08.2017 MS: Feature Request 196 : ADMX – delprof2 edit custom arguments
02.08.2017 MS: Feature : change ADMX to new structure, each vendor has his own folder
02.08.2017 MS: Bugfix – Windos Defender Script: to much ” at the end of Line 44, breaks defender script to fail
———————————
Version 6.1.0 build 04.110 — 01.08.2017 19:13:38 :
01.08.2017 MS: Feature Request 197 : add Progressbar for .NET Optimization
01.08.2017 MS: Feature Request 159 : ADMX – specifiy VMware OS Optimization Template
01.08.2017 MS: Feature Request 196 : ADMX – specifiy custom searchfolder for Citrix System Optimizer (CTXOE)
01.08.2017 MS: Feature Request 196 : ADMX – specifiy custom searchfolder for each 3rd Party Tool
01.08.2017 MS: Feature Request 193 : ADMX – specifiy custom eventlog and spool foldername
01.08.2017 JP: Fix some typos
———————————
Version 6.1.0 build 04.109 — 01.08.2017 05:38:40 :
01.08.2017 MS: Bugfix Test-AppLayeringSoftware, to much more bracket.. complete execution of BISF failed !
———————————
Version 6.1.0 build 04.108 — 31.07.2017 20:10:25 :
31.07.2017 MS: Bugfix: if Citirx PVS Target Device Driver and Citrix AppLayering is installed, PostCommand would not executed
31.07.2017 MS: Bugfix: If Citrix AppLayering is installed, in the Platform Layer the wrong Driveletter would give it back.
31.07.2017 MS: Bugfix: 10_PrepBISF_AV-SEP.ps1 – typo in search folders for the SEP vietool.exe
31.07.2017 MS: Show ConsoleMessage during prepare Citrix AppLayering if installed
———————————
Version 6.1.0 build 04.107:
29.07.2017 MS: add schedule Task “ServerCeipAssistant” to disable, thx to Trentent Tye
29.07.2017 MS: Feature Request 173: add Support for F-Secure Anti-Virus, thx to Thorsten Witsch
29.07.2017 MS: Feature Request 174: on systemstartup with MCS/PVS and installed WEM Agent – refresh WEM Cache
29.07.2017 MS: Feature Request 168: add Support for PrinterLogic PrinterInstaller Client to remove all files in C:\Windows\Temp\PPP
29.07.2017 MS: Feature Request 179: Enable all Eventlog and move Eventlogs to the PVS WriteCacheDisk if Redirection is enabled in function Use-BISFPVSConfig , thx to Bernd Braun
29.07.2017 MS: Bugfix 187: Wrong search folders for the SEP vietool.exe
29.07.2017 MS: Feature Request 192: support GPT WriteCacheDisk
———————————
Version 6.1.0 build 04.106:
28.07.2017 MS: Bugfix 195: If Citrix AppLayerLayering is installed get back DiskMode $returnValue = “AppLayering”
———————————
Version 6.1.0 build 04.105:
27.07.2017 MS: If Citrix AppLayering and PVS Target Device Driver installed, skip vDisk Operations
27.07.2017 MS: replace redirection of spool and evt-logs with central function Use-BISFPVSConfig, if using Citrix AppLayering with PVS it’s a complex matrix to redirect or not.
27.07.2017 MS: add new Function Use-BISFPVSConfig for Checking Redirection of Files is needed in combination with PVS and Citrix AppLayering
26.07.2017 MS: Bugfix Citrix Applayering: check Universervice ProcessID instead of ProcessName
———————————
Version 6.1.0 build 04.104:
25.07.2017 MS: Bugfix: Create central Function Test-BISFAppLayeringSoftware to give back $Global:CTXAppLayeringSW true or false value
25.07.2017 MS: Feature Request: with new Installerbuild (incremental version) in each DTAP Stage the build number also written to the log and the Windows Title, replace the manual change of the $ReleaseType in BISF.psm1
———————————
Version 6.1.0 DEV:
12.07.2017 FF: Prep_Altiris: Create $RegKeys as an array (was a hashtable before)
12.07.2017 FF: Prep_RES: BugFix for Redirecting RES Cache (Setting Cache Path to WCD)
03.07.2017 FF: CTXOE can be executed on every device (if “installed” + not disabled by GPO/skipped by user)
01.07.2017 MS: add Script to remove ghost devices, thx to Trentent Tye
28.06.2017 MS: Feature Request 169 – add AppLayering Support in PrepBISF_CTX.ps1
16.06.2017 FF: Feature Request 181 – add support for Citrix System Optimizer Engine (CTXOE)
28.06.2017 MS: Bugfix 186 – AppSense Product Path – thx to Matthias Kowalkowski
14.06.2017 MS: Feature Request 176 – Running ImagingWizard instead of P2PVS to support UEFI Boot on Hyper-V
14.06.2017 MS: Feature Request 172 – Stopping Shell Hardware Detection Service before ImagingWizard/XenConvert is starting, messagebox to format the disk supressed now
01.06.2017 FF: Feature Request 182 – Add 10_PrepBISF_AV-WindowsDefender.ps1 to support Windows Defender

If you have any questions regarding BIS-F, feel free and drop a comment below. If you find any bugs or have a feature request please use our BIS-F Form on this blog.

[Download not found]

Happy sealing!

Kerberos Ticket Caching with XenApp 6.5

In my last Citrix Project with Netscaler (SAML SP) with IBM TFIM (SAML IDP), StoreFront 3.9 and XenApp 6.5 HF 7 we has some issues with the Kerberos Ticket Caching, default is 15 minutes.

 

Failure

On Customer side,  in the external portal we have one link, for each publish application, if the user clicks to one of this link, the AD Group Membership was changed to the Application behind the link, the SAML Authentication works well but storefront does not shown the right application, it’s shown the old Application before the Group Membership was changed, what the hell !

I stumble over this Article “How to Configure User SID Enumeration in the XML Service“, this is more XenDesktop 4 and 5, but this old XenDesktop Version are IMA based, same as XenApp 6.x

I have set this Keys on the XML Brokers, restart XML and StoreFront servers, but it doesn’t help

Hive:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\XMLService
Name:  EnableSIDEnumeration
Type:  DWORD
Value:  1

Hive:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Name:  S4UTicketLifetime
Type: DWORD
Value: 0

Hive:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Name:  CacheS4UTickets
Type: DWORD
Value: 0

I’m also set this values without the EnableSIDEnumeration on both StoreFront Servers, but same issue. In Addition I’m also tested with the Values 1 on both, but the issue still exist. We opened up an Citrix and an Microsoft Case with the Customer together and after 2 days we had the solution running.

Solution:

On the StoreFront Servers, we are set this to Registry Keys, resolve the issue

Hive:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Name:  S4UTicketLifetime
Type: DWORD
Value: 5

Hive:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Name:  CacheS4UTickets
Type: DWORD
Value: 0

We does not find any public article about the Value 5 for  S4UTicketLifetime,seemingly Microsoft internal only. I have a look to the RFC https://tools.ietf.org/html/rfc1510#section-9.2 and see a minimum lifetime of 5 minutes.

For now it’s important to have a look to the Domain Controllers, to see if the have more CPU and RAM Usage, the Kerberos Caching is now turned-off.

Base Image Script Framework (BIS-F) – an deep look into the next Release

With the next Big Release of our well known Base Image Script Framework (BIS-F), we have some great enhacements under the hood and for you in the front.

First of all, thanks to all our Tester’s around the globe and for the very good feedback, to make this free community tool better and better.

Let’s go, and have a look what happens:

Citrix AppLayering:

In the current DEV Release Citrix AppLayering is now included, we can also detect the Layer between OS and Platform/Application layer, and can do different at a later time if possible. If the PS Target Device Driver and Citrix AppLayering is installed, we have created an matrix for our own, to check if it’s possible to redirect the files to the WriteCacheDisk or not.

In BIS-F LogFile you can also see an entry with a ReturnCode, example: “Redirection is disabled with Code “PVS-AppLay-Prep-BI”. This Code is  based of the matrix above, you can see in the last column.

BIS-F running also the AppLayering commands, same as “Shutdown for Finalize“, the shutdown would be performed through BIS-F at the end.

  • Prepare AppLayering – List and remove unused network devices
  • Prepare AppLayering – Check System Layer integrity

 

ADMX Changes:

The ADMX Folders would split into the different vendors and you must enable the Silent Configuration, otherwise the ADMX settings would be ignored. Why do we implement this ?

With this setting you can easily switch between automation (recommended) and manual running, this is more Administrative friendly. Other, with this setting allows us to test the BIS-F ADMX Version you’re running, to prevent of failure execution 🙂

The settings for the Ghost Devices can be found now under the Global Section. Folder and Log Configuration are new.

Log Configuration:

The Log Share Configuration is now moved to this ADMX Settings, you can also specified the Log Retention, the numbers of log files to being kept (default = 5)

Folder Configuration:

This is complete new and first time included in DEV Release 6.10. build 04.110 but in different config items.  You can specifiy the Foldername for Eventlog and Spool if they redirected to the WriteCacheDisk, otherwise the systemstandard would be used if not redirected.

3rd Party Tools:

In all 3rd Party Tools you can enter an custom Searchfolder, where the tools can be found.

For delprof2 you can enter the arguments to use in addition

For the VMware OS Optimization Tool the VM Template can be edit.

Citrix PVS:

All PVS Target Device relevant settings are now included in one configuration item. As before you can choose the WCD Driveletter. 2 new options here:

  1. P2V Tool: You can Choose between ImgingWizard or P2PVS
  2. Enable and Enter P2V Custom UNC Path, this written the content of the Systemdrive with the selected P2V Tool to the entered UNC-Path (like your PVS Store). For this is not needed to attach an vDisk to the Base Image with PVS first. The name of the vDisk that would created is unique %COMPUTERNAME%-Date-Time, for example: VM-Master01-020817-1045.vhdx.

After successful created the vDisk you can import them into the PVS

The latest DEV Release can be found here http://eucweb.com/2017/08/01/base-image-script-framework-bis-f-6-1-0-dev/

All this Topics above can be found in one of the next DEV Releases. If you have any questions to BIS-F you can leave a comment on this post or send us an message trough the BIS-F Form here in the menu.

Get to know: Citrix Optimizer

As mentioned on this blog (here and here), last week Citrix released the beta(!) version of a new tool, called “Citrix Optimizer” (or “Citrix System Optimizer Engine” – CTXOE). By the way: CTXOE is already supported by BIS-F 😉

But what is the purpose of this tool? If you are familiar with tools like “VMware OS Optimization Tool” you might have a pretty good idea what this tool is doing. But let’s quote Citrix: “[Citrix Optimizer] optimize[s] various components in their environment, most notably operating system with Virtual Delivery Agent (VDA).” It is PowerShell based (yeah!) but offers also an GUI.

CTXOE is using simple XML files (“Templates”) that hold the desired configuration of Services, Scheduled Tasks, Built-in Applications and other OS components. CTXOE is either setting up or only analyzing a system based on this template.

 As you can see the settings are arranged in “Groups”. Every group contains at least one “Entry”. An entry describes an action – which is the actual configuration that should be applied/checked. What the action is capable of is defined in a “plugin”. There are several plugins available:

  • Services
  • SchTasks (Scheduled Tasks)
  • UWP (Universal Windows Platform -> Apps)
  • Registry (let you define a simple Registry value)

But, enough theory…let’s check it out.

Graphical User Interface

We start with the GUI by using the CitrixOptimizer.exe in the UI folder. You can use one of the provided templates or open of your own.

Regardless of your choice you can disable actions from the template before you either analyze only (no changes) your local system or execute the changes as defined in the template. You can also save your changes as a template.

Commandline

We all like to automate stuff (right?). So Citrix offers also a commandline interface or to make it clear a PowerShell script CtxOptimizerEngine.ps1 to execute CTXOE.

The script has only one mandatory parameter: Source. This parameter describes the template that is used. You only need to enter the name of the template (without .xml) if the template is located in the “Templates” folder. Otherwise you have to enter a full path.

By default CTXOE is running in execution mode. That means the settings from the template will be applied. To change this you can use two other modes by using the “Mode” parameter. “Analyze” will not apply any changes and “Rollback” will revert the changes from a previous run.

It is also possible to enter a list of “Groups” that should be executed. If this parameter is omitted CTXOE will execute all groups from the template. Caution: If you use the Groups parameter you have to use the ID of the group (see the Template xml file; no spaces!) and enter multiple groups separated by a comma; like this: “DisableServices,OptionalServices”.

To get a full overview of all parameters run Get-Help .\CtxOptimizerEngine.ps1.

BIS-F integration (beginning with 6.0.3)

Thanks to Martin Zugec from Citrix, the BIS-F team get the chance to support CTXOE very early. As mentioned here BIS-F in the current beta version 6.0.3 can execute CTXOE. The link also describes the requirements and how you can configure it by GPO.