Monthly archives: januari, 2019

Why does Teams not install for my users?

Microsoft released in October last year a MSI-installation package of Teams, making it easy to deploy Teams to computers in your organization. As you know Teams (for some unknown reason) installs directly into your profile. I suspect they have designed it this way to make sure everyone can install the application, even if you’re not an local administrator on your computer, you do have sufficient rights to your profile to perform a installation of Microsoft Teams.

Since I work primarily with Citrix, and could see the that Microsoft Teams is growing in popularity, I started to investigate if I could make it to work in a Citrix environment. But that is another story, you can read my blog post on how I installed Teams in our Citrix environment here!

Teams is supposed to install when a user logs on to the server, it will automatically install the latest Teams available to your profile and then start it. But in some cases I have seen an issue after installing the Teams wide Installer, the users simply does not get anything installed. A function this installer has is that it checks your profile for traces of Teams, if it detects part of Teams it will not try to install it again (if it’s not an update that is), and if the user uninstalled Teams it will still detect some left-overs and will therefore not install Teams again. With that said, you need to make sure your profile is clean from Teams. Unfortunately this was not the case here. It simply did not install!

To understand why this might happened you need to know how some multi-user environments are designed, from a security perspective!

If you are like us, security oriented, you might have disabled Run and Run Once witch is used by some applications to auto-start, or to continue a installation after a restart, and is unfortunately very popular place to auto-start viruses and other malware. It is then common to disable this.

This is exactly the place Microsoft Teams specify the value that starts the Teams installation for a user, if its disabled, nothing will ever happened!

There is however a really easy way around this:

You probably already thought about this by now but there is a tiny detail that will make it work exactly as it was supposed to:

  1. Create a Shortcut – Name it Install Teams (or something else if you like)
  2. Target the Teams.exe file with this specific argument: ”C:\Program Files (x86)\Teams Installer\Teams.exe” –checkInstall –source=default
  3. Save it, and place it in the Startup folder in the Start Menu.

The last argument in the Target path (–CheckInstall –source=default) is the reason Teams knows if you have it installed and keeps it updated.

I hope this easy little trick has been helpful, please make a comment if you feel like it or have some questions!



Move Software Updates to Intune with Co-management

To move on with the transition towards Modern Management we can use Co-management in SCCM to decide where settings are coming from. In this specific scenario we will do a switch from Software Updates via SCCM to Intune controlled Software Updates for one test client. I will show you the following steps.

  1. How to setup the Co-management connection in SCCM
  2. How to configure the Co-management connection to be able to switch Software updates from SCCM to a pilot Intune group
  3. How to configure a Windows 10 Update Ring in Intune and assign to a group
  4. How to verify that the client are getting the correct settings

Prerequisites for this scenario:

  • A test client (in my case running 1809)
  • SCCM environment (in my case running 1810)
  • Intune environment
  • Hybrid Azure AD Joined device
  • An Intune group with the test client as a member
  • Company Portal installed on a client

Step 1 and 2 – This step in done in SCCM console

\Administration\Overview\Cloud Services\Co-management

1.Co-management > Configure Co-management

2. Next

3. Sign in

4. Logon with an Intune Administrator (Global administrator in my case)

5. Next

6. Automatic enrollment in Intune > Pilot

7. Next

8. Workloads > Switch Windows Updates policies to Pilot Intune

9. Pilot collection > Choose a collection with your test client

10. Next

11. Done

 

Step 3 – This step is done in Intune

https://devicemanagement.portal.azure.com

1. Software updates

2. Windows 10 Update Rings

3. Create

4. Name: SU-Windows 10-Test

5. Description: Software Update – Test group

6. Settings
Below are an example, please configure it so it fits your environment

7. Assignments

8. Select groups to include > Group with test client

9. Save

 

Step 4 – This step is done on the test client

1. Open Company Portal

2. Settings > Sync

3. Run > control update

4. View configured update polices

5. Look under Policies set on your device – here we want to see that settings are coming from Mobile Device Management as below

6. Be sure to turn off any GPO:s that might turn off access to Windows Updates

7. Done

This is how you make the switch over to Intune and as you can see it doesn’t require that much.

If you have any questions, feel free to email me at tobias.sandberg@xenit.se or comment down below. I will try to answer you as soon as possible.

 



PVS-Accelerator

Introduction

PVS-Accelerator is a feature for Citrix Hypervisor (previously named XenServer). The feature utilizes the local storage and RAM on Dom0 on each Citrix Hypervisor and caches read requests from a provisioned target device. It saves network, CPU and Provisioning host disk I/O resources, effectively improving performance. Overall your storage and network should see an improvement if they are under heavy load today. [1]

Network Bandwidth Utilization
Network Bandwidth Utilization [2]

PVS-Accelerator helps with improved end-user experience, accelerated VM boots and boot storm, simplified scale-out by adding more hypervisor hosts and fewer provisioning servers are needed.

Prerequisites

  • XenServer PVS-Accelerator feature is only available in Citrix Hypervisor 7.1 and Provisioning 7.13 or later
  • PVS-Accelerator is available for customer with XenServer Enterprise Edition or if you have XenDesktop/XenApp licenses
  • If you have a Citrix Hypervisor 7.1 <, Provisioning 7.13 < and XenApp/XenDesktop you should be able to utilize the feature without any extra license or upgrades in considerations [3]

Considerations

There is no need to reboot XS host to enable PVS-accelerator. Unless you have less than 4 GB on Dom0, which is required to enable the feature. Also notice that the recommended Cache Size on storage repository is 5 GB for every vDisk version actively provisioned.

PVS-Acceleration configuration
PVS-Acceleration configuration
  • PVS-Accelerator only caches reads from vDisk, but not writes or reads from a write cache. Support is for vDisks with any non-persistent write cache type, but not “Cache on Server, Persistent” or “Cache on device hard disk persisted” write cache type
  • If you have more than one virtual network interface (VIF), make sure that the first VIF of a VM is used for connecting to the Provisioning Server
  • If you have multiple Provisioning servers that are deployed with HA and the same VHD, but have different file system timestamps, data may be cached multiple times. Due to this limitation, Citrix recommends using VHDX format, rather than VHD for vDisks
  • If you are running a 10 GBe network or just a few streamed VMs you will probably not notice a big difference

Advantages

  • Lower network utilization
  • Faster VM Boot time (Around 60%)
  • Higher Provisioning server density
  • Improved logon time
  • Helps with a saturated network or branch office
Average VM Boot Time
Average VM Boot Time
Source: Virtualfeller.com [4]

How to install

Installation is pretty straight-forward. You can download the PVS-Accelerator Supplemental Pack at https://download.citrix.com (requires Citrix account).

  • Path: Downloads / Citrix Hypervisor (XenServer) / XenServer 7.1 LTSR or above (Any Edition) / Optional Components / PVS Accelerator Supplemental Pack
  • Download and install the .iso file from XenCenter
XenCenter - Install Update
XenCenter – Install Update
XenServer - Select updatre
XenServer – Select Update

A new tab will appear in XenCenter console. Select your Hypervisor pool and click the PVS tab. Configure the PVS-Accelerator by naming your site and cache configuration. [5]

Configure PVS Accelerator
Configure PVS-Accelerator

Next step is to go back to the Provisioning Console and create your VMs with PVS-Accelerator. You do this by right-clicking on your site and running the Setup Wizard. You cannot do this on your existing provisioned targets. The short explanation is that PVS-Accelerated VMs is tied to Provisioning servers with a UUID on the XenServer.

Note: If you were to re-install the XenServer where PVS-Accelerated VMs was enabled, Provisioning Services will become out of sync and you will need to delete previously configured VMs associated with the cache configuration, including host. And reconfigure PVS-Accelerator and setup the cache again. [6]

Provisioning Console - Streamed VM Setup Wizard
Provisioning Console – Streamed VM Setup Wizard

Be sure to select ”Enable PVS-Accelerator for all Virtual Machines” when configuring the number of VMs and their resources.

Provisioning Console - Enable PVS-Accelerator
Provisioning Console – Enable PVS-Accelerator
Provisioning Console - Streamed VM Wizard
Provisioning Console – Streamed VM Wizard

Verify that the PVS-Accelerator status is Caching your VMs from the XenCenter > Pool > PVS tab.

XenCenter - PVS Tab
XenCenter – PVS Tab

References

[1] https://docs.citrix.com/en-us/xenserver/current-release/storage/pvs.html

[2] https://www.youtube.com/watch?v=l_vhMf3SFks

[3] https://support.citrix.com/article/CTX220746″>

[4] https://virtualfeller.com/2017/03/07/provisioning-services-accelerator

[5] https://support.citrix.com/article/CTX220735

[6] https://docs.citrix.com/en-us/provisioning/7-15/install/configure-accelerator.html