How to manually crash your VM on a XenServer

Sometimes you need to simulate or provoke a crash on a Virtual Machine to either verify a problem or get a Memory Dump to have a closer look at whats is happening with the Virtual Machine. The thing is, its quite tricky to do that manually. Lucky for you there is a quite simple way to achieve this on a XenServer and I will show every step of the way.

When your Virtual Machine (VM) is at the desired state you should do the following steps:

  1. Find out the VM ID the XenServer has provided the VM, this changes when rebooted so you need to make sure every time you do this, you cannot use the same ID again. First make note of the Virtual Machine UUID, you can find it under ”General” for the specific VM.

2. Now we need to find out the ID the XenServer provided for this specific VM. Go the the XenServer Console (the host of the VM) and type the following: list_domains 

As you can see it lists all the VM on this XenServer, and you will also see the ID provided correlated to the UUID. Make sure you have the correct ID and type the following: xen-hvmcrash <ID> (without the brackets). 

Congratulations, You have now successfully crashed the Virtual Machine!



Manage your corporate devices using Citrix Endpoint Management

Let’s say you’ve bought in 50 new iPad devices that you want to deploy to your users, and you have acquired a new mobile application that you want your users to start using on these devices. This is a fairly common scenario for businesses and companies. But how do you do this in a fast and secure way?

By using Mobile Device Management (MDM), Mobile Application Management (MAM) and Citrix Endpoint Management (formerly XenMobile Services) in this case, we can configure these devices to fit our needs, without any end user interaction whatsoever.

For this scenario, we want the iPads configured in the following way:

  1. Automatically download and install the business application
  2. Restrictions, WiFi and application layout of the start screen configured
  3. Deployed into the system automatically

These requirements are easily configured using Endpoint Management. By using using polices and synchronization to Apples services we create a seamless experience for the end user.

1. Automatically download and install the business applications

First off, we need to do some configuration to get the application out to our devices. Using the Apple Volume Purchase Program (VPP), we can automatically install applications without any user interaction or Apple ID login. You enroll to the program on Apples web page, where you after enrollment download a token and upload it to your Endpoint Management console. It then automatically syncs down any applications you buy from the App Store into your Endpoint environment, ready to be pushed out to any devices automatically. So when the application is in your system and set as required, it automatically gets intalled on the devices. More information on Apples VPP program can be found here.

2. Configure the devices using device policies

With the use of Endpoint Management policies, we can configure the devices the way we want them. By creating a restriction policy and applying it to the devices, we can control what is and what isn’t allowed to do on the device. We can for example not allow applications to be downloaded, camera used or Siri activated, as shown in the screenshot below. There are many, many more restrictions that can be made. This is a good feature to use, when you don’t want the end users changing configuration and settings on the devices.

Restriction Policy

To get the devices automatically connected to the network, we make use of a WiFi policy. We pre-configure the device to automatically connect to a specific SSID using the configured WPA2 key:

WiFi Policy

By configuring a Home Screen Layout layout policy, we can control where the applications get placed on the device, as well as create folders for specifics applications to be placed in. This can be handy if we want the same look and layout on all the devices:

Layout Policy

3. Deployment

To enroll a large number of iOS devices, you can use Apples Device Enrollment Program (DEP). You submit the serial number of the devices purchased from Apple or an authorized seller to DEP to configure and enroll the devices. They are then automatically enrolled into your Endpoint Management and users can start using them right out of the box. More information on Apples DEP program can be found here

When the users now start the device for the first time, all the configurations and policies applied to the device will be configured automatically without any configuration requirements. By using MDM, MAM and Endpoint Management, we can really simplify the challenges that comes with administering mobile devices.



How to handle pinned start menu apps in Windows 10

As I have been working with customizing Windows 10 for a while now, it has never worked against me this much. However, sometimes Windows do have its ways of working against you. With challenges like these you get the opportunity to spend a lot of time coming up with a solution. So this blog post is about my battle with the start menu of Windows 10 Professional. If you are here for the quick solution, skip to the bottom and the TL;DR section.

The Problem:

I have been able to customize the start menu of Windows 10 with ease since version 1511 with the Export / Import-StartLayout cmdlet. But this time I got a request to remove all the pinned apps on the right side of the start menu. A colleague discussed this and he told me he had done a similar solution inside a Citrix Virtual Desktop, and he spent quite the amount of time with this, I thought this would be much easier than it turned out to be. So the requested start menu should at the end look something like this upcoming picture, with the following demands:

  • No pinned apps on the right box or the start menu
  • In the task bar, have Chrome & Explorer pinned. 

This was the requested layout

To begin with, I created an XML file with just Chrome & Explorer pinned in the task bar, and having set the <DefaultLayoutOverride LayoutCustomizationRestrictionType=”OnlySpecifiedGroups”> . My thought was that this would give me a clean start menu, but this was my first failed attempt. The colleague of mine who preciously had a similar issue in a Citrix environment had during his research time come across this post containing a script called ”Pin-Apps”. This script contained a Unpin function which turned out to be very helpful. So I started adapting my work after this script. But this is where I came across my second setback. First, I was not able to have this script and the Import-StartLayout-script in the same logon script, nor having one script on startup, and one on login, so I had to think of a way configure this in my isolated lab environment.

Luckily, I’ve been working a lot with OS-deployment, so I created a Task Sequence containing the Import-StartLayout-script, which managed to run successfully together with my login-script containing the Pin-Apps script. But here I came across my third setback, which by far had the most impact and was the one I spent the most time struggling with. For some reason I was not able to remove bloatware, such as Candy Crush, Minecraft etc. The script ran successfully, but every time, the outcome looked like this

Some applications would not be removed

I could not understand why these applications would not be removed. I have had to deal with bloat ware before, but then it was just to remove them with Appx-cmdlets. I checked Get-AppxPackage & Get-AppxProvisionedPackage, and ran Remove-AppxPackage and Remove-AppxProvisionedPackage several times, but these apps were not removable and did not show up until I manually selected them, and they started downloading (as shown on the application in the top right corner on the picture). So apparently they were either links or shortcuts to the Windows Store. This is works if you are using Windows 10 Enterprise. 

This is where I started going deep. The apps were all published in the Windows AppStore, so I started looking for any kind of possibilities, with help from Powershell, to by force download all apps in the Windows Store. I spent a lot of time with this, but without any success. So I had to rethink my plan. There was no way to have the bloat ware-applications to be downloaded by force, there was no way to remove them by removing them with Appx-cmdlets, and there was no way to have a clean start menu with a XML-file. This gave me the idea. If you can’t beat them, join them. There was no way to actively remove all the applications from the start menu of a Windows 10 Professional, but replacing them worked.

The solution:

As I have yet to find any other way of removing the superfluous applications, creating a new XML replacing the start menu with some random default applications was the only successful way for me. To list these applications, go to Shell:AppsFolder or shell:::{4234d49b-0245-)4df3-b780-3893943456e1} in file explorer.

Applications can be found here

I just chose to pin some of the applications which were default on my start menu, that I knew was very much removable, exported these to a new XML which turned out to it look like this:

From here I had to modify the Pin-Apps script to make it more suitable for a Swedish operating system, and added a register key so it would not run more than once on each user. If you want to lock down the right side of the start menu, you just set or create the LockedStartLayout registry key, located under both HKEY_Local_Machine & HKEY_Current_User\Software\Policies\Microsoft\Windows\Explorer, to 1

If you are running another OS language than Swedish or English, to find the verb for unpin, simply save an application name to the variable $appname (as an example I will use Windows Powershell) and run the following part: 

This will give you all the verbs which are applied to this application. In this case ”Unpin from Start” is present.

After modifying the necessary bits I added it to a PowerShell logon script GPO with the parameter -UnpinAll, with the .ps1 file located inside the GPO repository, making sure it’s accessible for everyone.

 

TL;DR: 

If you are running Windows 10 Professional, you need to replace applications in the start menu before removing them, as a suggestion running in a Task Sequence of some kind setting the default start menu layout and then have a GPO to run the PowerShell script stated above.

If you are running Windows 10 Enterprise, just use the Logon script GPO and you will be fine. If you still have some unwanted applications, run a script removing built-in apps (for example this Invoke-RemoveBuiltinApps )

If you have any questions or thoughts about this post, feel free to email me at johan.nilsson@xenit.se



Create Threat Exceptions for specific traffic

At some point you might encounter a false-positive threat that you want to make an exception for. If you know a file is safe if its downloaded from a specific place but you don’t want other files classified with the same threat ID/name to be whitelisted, you can create a separate security profile.

Start by identifying the traffic and where it’s blocked. In this example the file got blocked by the vulnerability protection-profile.

Click on the magnifying class to see more detailed information and find the threat ID.

If we look in the detailed section we can see that the threat ID is 39040 for this threat-name.

Go to Objects > Security Profile > Vulnerability Protection. Since we want to specify what traffic this is whitelisted on we need to create a separate profile so the current security policys is unaffected.

Clone the profile that are currently used for this kind of traffic and rename it properly. Go to the exceptions-tab and select ”Show all signatures”. Type the threat ID, press enter and enable the signature.
Press on the current action (default (alert)) and change it to allow or leave it at default. In this example I will select default (alert) since I still want it to be logged.

When this is done we can either add it to a new Security Profile Group or add it directly to a new Security Policy. Here we will add it directly to a security policy.

Create a new Security Policy above the one that blocked the file.

Specify you source adress and destination.
In the actions-tab, select Profile Type: Profiles and under Vulnerability Protection: <The profile you created>

Commit and verify that the traffic hits the correct Security Policy and is logged with alert.

Be very cautious when you create exceptions and always make sure you only allow the traffic you intended. Always make sure you look at alternative ways before creating an exception.

The same method can be applied on different security profiles.

 



Teams is replacing Skype for Business – how does it (really) work for the user?

Most of us know Teams is replacing Skype for Business in Office 365. There is no official end date but we see indications. Microsoft is no longer adding Skype for Business for new tenants with less than 500 users and they say Teams is now complete. Yesterday we also saw the first indication that Microsoft is starting to switch active tenants to Teams – so you better be ready!

Looking at the official Microsoft documentation, all is green and good. Just switch and you will experience all the goodness of Teams. But how does it really work and look for the end user? I assume you already know how Teams works and looks and the way to migrate – this blog post is just how it works for the end-user when it comes to interoperability with Skype for Business.

Important note: This might change on short bases and here is the Microsoft official documentation on interoperability.

So assume you’re in a all SfB environment and considering using Teams. You verify you are in Coexistance mode: Islands which means users are able to use both Skype for Business and Teams simultaneously:

You decide to switch one of your users (let’s call him Ben) to TeamsOnly mode – that’s what we did and the rest of the users are still in SfB, but remember, there is nothing stopping all the other users to start using Teams, they just have to go to https://teams.microsoft.com and they can use SfB and Teams at the same time.

Internal communication within tenant

First if Ben tries to start the SfB client, he will get:

But we shouldn’t uninstall the SfB client – keep on reading…

  • If both users are in Teams (in case some other users have found out they can use Teams) you will get the full experience so I will not go into details there.
  • Ben will be able to receive and reply to messages received from Sfb users within the Teams client.
  • Screen sharing and file transfer is not supported between Teams and Skype for Business – you need to create a meeting for that.

There is one caveat here, if the other user has ever started Teams weeks/months ago, they are considered to be ”activated in Teams” which means Ben no longer can initiate a new SfB conversation with that user. Ben can only initiate a new conversation with the other user in Teams and if that user is no longer using Teams (for example if they decided they didn’t like it), they will not receive it. However, if the other users initiates chat from SfB to Ben, Ben will be able to reply to SfB.

And the absolutely best feature is that you have persistent chat experience over all devices so you can initiate a chat session in a web browser on your laptop, continue in the fat client on your desktop and keep the whole thread in your mobile device.

So in short, we would recommend to keep interoperability period as short as possible because some of the confusion it creates…

External communication

So imagine all your users are in Teams. But you will see that many other organizations are still in SfB in Office 365 or even SfB on-premises which means they will ”never” get Teams – how do you communicate with them?

  • Again, if both users are in Teams you will get the full experience so I will not go into details there.
  • Ben will be able to both initiate, receive and reply to SfB chat sessions.
  • Ben can’t initiate screen sharing nor file transfers to SfB users – a meeting is required for that.
  • Ben can still join SfB meetings, that’s what the SfB client is used for – or, of course, he could use the SfB Web App. So we don’t see that going away very soon.
  • If the other user (still on SfB) initiates a screen sharing or file transfer to Ben, it is not supported and the official answer is that the user should receive the following message so a meeting is required. We have found that the message is actually received in Ben’s SfB client if he has it logged in and active in the background and he will actually be able to receive the file and see the screen sharing session. YMMV.

Ben will also realize that as long as his Office 365 ProPlus is updated, the New Skype Meeting choice will be removed and New Teams Meeting will be the only choice.

This is just one part of the story, the big difference is the way that Teams can be more than what SfB was when it comes to collaboration. You need to develop a plan for how to communicate this to your users… You might also have other dependencies with SfB like conference room equipment like Skype Room Systems and integration with PBX.

Interoperability between SfB and Teams might not be the best in the world, but we also see Microsoft is pushing Teams and from Ignite sessions, we see that the user experience during interoperability will not change much – what we see is what we get and we better adapt and inform our users so this is clear.



Smart Check – Monitor Your Citrix Sites

Citrix Smart Check is a software and a service that installs on a Citrix Delivery Controller and collects diagnostic data, sends it to the Citrix Cloud account, where it gets analyzed and presented on the Citrix Cloud website. The information helps Citrix administrators to prevent and resolve issues before they happen or impact the users, give recommendations on fixes and to keep the Citrix environment stable.

The Smart service helps Citrix administrators that do not have their own monitoring setup or are unable to monitor their sites for other reasons and presents it on a webpage overview. The administrators can also get scheduled summarized mail reports regarding errors, warnings and information regarding the state of the different sites.

Citrix Cloud Smart Tools

Smart Check – Sites Overview

What Smart Check provides

  • Overview of the Citrix sites and products used, site-by-site
  • An extensive diagnostic and health checks for the different sites and services
  • Scheduled health controls of Delivery Groups, StoreFronts, Delivery Controllers, Machine Catalogs, Provisioning and License Servers
  • Give recommendations what administrators should do with the site to keep it up-to-date and stable
  • Help with simplified troubleshooting and pin down where the issue may be impacting users
  • Upload diagnostic data to Citrix Insight Services (CIS)

Smart Check - Overview

Smart Check – Overview

How to get started

First, you need a Citrix Cloud account. Register an account at https://smart.cloud.com. After you have created an account you can login, click Add Site and download the Smart Check software. The software should be installed on a Delivery Controller on the site and comes with a one-time signed JSON Web Token (JWT) that is used to connect your site to the Citrix Cloud – Smart Tools service.

Smart Tools - Add Site

Smart Check – Steps to take

Add Site - CitrixSmartToolsagent.exe

Add Site – CitrixSmartToolsagent.exe

Once the Smart Check agent is installed it will show up on the Citrix Cloud – Smart Check webpage as Site Discovered. You will need to click on Complete Setup and provide a domain user account that is a member of the local Administrator group of the Delivery Controller and full administrator role in Citrix Studio. PowerShell 3.0 or greater needs to be installed on the Delivery Controllers and outbound internet access on port 443 enabled to be able to upload to Citrix Cloud.

Smart Check - Site Discovered

Smart Check – Site Discovered

Smart Check - Enter Credentials

Smart Check – Enter Credentials

For VDA the following must be enabled:

  • File and Printer Sharing
  • Windows Remote Management (WinRM)
  • Windows Management Instrumentation (WMI)

For a full list of requirements and supported site components, visit Citrix Product Documentation – Smart Check requirements.

Smart Checks

Below is a list of the checks that are available as of this post. There are probably more to come:

  • Site Health
  • Citrix Optimizer
  • Citrix Provisioning
  • Delivery Controller Configuration
  • License Server
  • LTSR Compliance
  • Product LifeCycle
  • StoreFront
  • VDA Health

Each category contains several checks. You can read an excerpt of the different checks performed below.

Site Health Checks

Site Health Checks provide a comprehensive evaluation of all the FMA services including their database connectivity on your Delivery Controllers. Citrix recommends you run these checks at least once daily. Site Health Checks verify the following conditions:

  • A recent site database backup exists
  • Citrix broker client is running for environment test
  • Citrix Monitor Service can access its historical database
  • Database connection of each FMA service is configured
  • Database can be reached by each FMA service
  • Database is compatible and working properly for each FMA service
  • Endpoints for each FMA service are registered in the Central Configuration service
  • Configuration Service instances match for each FMA service
  • Configuration Service instances are not missing for each FMA service
  • No extra Configuration Services instance exists for each FMA service
  • Service instance published by each FMA Service matches the service instance registered with the Configuration service
  • Database version matches the expected version for each FMA service
  • Each FMA service can connect to Configuration Logging Service
  • Each FMA service can connect to Configuration Service

Citrix Provisioning Checks

Citrix Provisioning Checks verifies Citrix Provisioning status and configuration.The following checks are performed:

  • Installation of Provisioning Server and Console
  • Inventory executable is running
  • Notifier executable is running
  • MgmtDaemon executable is running
  • StreamProcess executable is running
  • Stream service is running
  • Soap Server service is running
  • TFTP Service is running
  • PowerShell minimum version check
  • Database and Provisioning server availability
  • License Server connectivity
  • Provisioning Update Check
  • PXE service is running
  • TSB service is running

StoreFront Checks

StoreFront Check validates the services status, connectivity to Active Directory, Base URL setting, IIS Application Pool version and the SSL certificates for Storefront, and verifies the following conditions:

  • Citrix Default Domain Services is running
  • Citrix Credential Wallet services is running
  • The connectivity from the StoreFront server to port 88 of AD
  • The connectivity from the StoreFront server to port 389 of AD
  • Base URL has a valid FQDN
  • Can retrieve the correct IP address from the Base URL
  • IIS application pool is using .NET 4.0
  • Certificate is bound to the SSL port for the host URL
  • Whether or not the certificate chain is incomplete
  • Whether or not certificates have expired
  • Whether or not certificate(s) will expire within one month

VDA Health Checks

VDA Health Checks help Citrix administrators troubleshoot VDA configuration issues. This check automates a series of health checks to identify possible root causes for common VDA registration and session launch issues.

  • VDA software installation
  • VDA machine domain membership
  • VDA communication ports availability
  • VDA services status
  • VDA Windows firewall configuration
  • VDA communication with each Controller
  • VDA registration status

For Session Launch:

  • Session launch communication ports availability
  • Session launch services status
  • Session launch Windows firewall configuration
  • Validity of Remote Desktop Server Client Access License

Closing words

You can run checks manually, but it is also possible to schedule (recommended) the different health checks and get a summarized report daily or every week at designated time of day. The summary gets mailed to the registered Citrix Cloud account and to view more information you need to logon to the Smart Cloud website.

It is possible to view previous reports of the Smart Check runs and hide alerts that has been previously acknowledged:

Smart Check Health Alerts

Smart Check – Health Check Runs History

Under Site Details you can view components or add new ones. If needed it is also possible to Edit Site Credentials, Sync Site Data or Delete the Site:

Smart Check - Site Details

Smart Check – Site Details

Smart Check is supported both on-prem and in the Citrix Cloud environment.
It is easy to setup and brings a great deal of value. You should try it out! Let me know how it went in the comments down below.

Smart Tools contains Smart Checks and Smart Scale. Smart scale helps reduce your XenApp and XenDesktop on Azure Cloud resource costs. But this will be in covered another post.

Source: https://docs.citrix.com/en-us/smart-tools/whats-new.html



Netscaler: Resolve large http POST packets against AAA protected LB vServers

Recently while working with two customers and setting up load balancing and external access to some of their applications, I’ve encountered issues with large POST packets (either large form submits or file uploads in the web app) stop working when AAA is activated on the load balancing (LB) vServer. In these cases the backend web applications have all been quite old and not exactly well-written coding-wise.

By default when AAA is activated on Netscaler, any large POST packet sent to the LB vServer, and subsequently to the backend, will be split up into two packets with the first one having a Content-Length header value of 0 and the secondary packet containing the correct Content-Length header value and the actual POST body. The backend code in this case is unable to handle the initial 0 length POST packet, and therefore crashes or bugs out before processing the second, real packet. See picture below of the WireShark capture showing the two packets.

IP adress 10.200.40.159 is a SNIP and 10.200.41.131 is the backend server hosting the web application.

 

The solution is to either have the backend software rewritten to handle above case, or to run a special Netscaler command which will disable the split-post-packet-into-two-packets behaviour. Article https://support.citrix.com/article/CTX225681 contains the relevant info. To resolve this through Netscaler, run the following command in shell on Netscaler, nsapimgr_wr.sh -ys arg1=0 -ys arg2=1 -ys arg3=16 -ys call=”set_sso_post_data_handler”. You have to run the command on all Netscaler nodes (if HA/Cluster) and you also have to put this command line in the file /nsconfig/rc.netscaler, otherwise the change will be lost on the next Netscaler reboot. See https://support.citrix.com/article/CTX122271 for more info regarding the rc.netscaler file.

After the change, you can see how from below picture that only one packet is sent.

One interesting thing to note is that the article https://support.citrix.com/article/CTX225681 doesn’t mention Netscaler version 12.1 as affected, but my guess is that nothing has changes between 12.0 and 12.1 regarding above (ie you still need to run above command to resolve it).

Feel free to email me at rasmus.kindberg@xenit.se, or leave a message here on this blog post, if you have any questions or comments.



Automating delimiter selection when working with Csv cmdlets

Recently I walked passed a collegue with an error on his Powershell console which peaked my interest. He quickly noted that he had chosen the wrong delimiter for the Csv he imported which resulted in errors in the code, I then jokingly said ”Why don’t you just use the ’Get-CsvDelimiter’ cmdlet?” and we had a quick laugh.
30 minutes later the ”Get-CsvDelimiter” function was born, but first,

Let’s dive into how Import-Csv, ConvertFrom-Csv & delimiters really work

When used correctly Import-Csv & ConvertFrom-Csv creates an array object with each row as a PSCustomObject with named content based on headers.

Import-Csv has two constructors, one with Path as a required and the other with Path & Delimiter as required.
If you omit the delimiter parameter the Path constructor will be used, now this constructor has a required parameter (according to the documentation) that is auto filled. Instead of using Delimiter we can use ”UseCulture” which takes the current culture delimiter as input,

”To find the list separator for a culture, use the following command: (Get-Culture).TextInfo.ListSeparator.” –docs.microsoft

If we interpret the documentation this is a required parameter, but it is not really required, as we are able to pass only the -Path parameter and delimiter will autofill

Assume we’re using the following CSV as input ($File)

the command ”Import-Csv $File” will output a valid object. Now in my opinion it should fail. As my culture specifies semicolon (;) as the default listseparator, while forcing ”-UseCulture” can’t produce a correct csv object. This basically means that UseCulture is not a required parameter and the default unless specified is always a comma (,)

The exact same goes for ConvertFrom-Csv.

Presenting Get-CsvDelimiter

The below function will search and find the most probable delimiter used in a Csv file.

Let’s see how it works.

$File is a csv file with the below data.

If we run Import-Csv $File we’ll get a incorrect table object, every row will have a single property containing the row data.

If we instead specify a delimiter as shown below, we’ll calculate the most probable delimiter and use that to produce a correct CSV table object without having to inspect the csv culture or assume anything.

And to prove it works, the below code outputs only the Name column in the Csv

If we have a stringobject and need to convert it that is also possible.

With this method we can use virtually any delimiter we want, assuming that the Csv is formatted correctly. Again we’re using the same csv input but we change the delimiter to a ”greater than” (>) symbol and see how the function performs.

Now when we run the function standalone we’ll get a Greater than symbol as the return

And finally, when running the previous code we get the same output as when we were using a semicolon as the delimiter.

 

Get-CsvDelimiter



VDA stuck when updating

Sometimes (no idea why, seems random to me) the VDA update is stuck after prompted to reboot in the middle of the update like below.

VDA Update Stuck

After going through the logs (Get-content ”$env:LOCALAPPDATA\Temp\Citrix\XenDesktop Installer\XenDesktop Installation.log” -wait) I noticed that the VDA setup creates a RunOnce key just before the restart.

VDA Update Powershell Log

After checking the registry path ”HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce” there was indeed a key created with the name ”!XenDesktopSetup”.

VDA Update Stuck Registry

After deleting this key the update proceeded immediately.

VDA Update Proceed

I guess the registry key should delete it self after a reboot, but for whatever reason it doesn’t. This update was from 7.18 to 1808, but have happened to me in all different versions from 7.15 and later.



Mapped network printers unavailable due to SMB1 being obsolete

INTRODUCTION

As we all might be familiar with, printers are one of those little peculiar matters within IT. Implementing these in an IT-environment is self-explanatory oftentimes, but when they do not cooperate the issue itself can stem from one single obscure root cause, if not a string of these having to be checked upon.

Recently, I encountered a particular printer issue which I found interesting enough to share. The root cause here, in summary, was due to the network protocol SMB1 (Server Message Block) being obsolete in recent Windows releases.