Cheat Sheet – VMware-Citrix- Symantec-Microsoft

This is a quick reference guide/cheat sheet of links and commands every Cheat Sheet – VMware-Citrix- Symantec-Microsoft engineer should know about. I will remove stuff that gets deprecated so the page doesn’t get too cluttered.

Citrix living CTXs
These are critical parts of Citrix infrastructure and you always have to keep up with the latest news on these:

  1. http://support.citrix.com/article/CTX139331 – Citrix Virtual Desktop Handbook 7.x
  2. http://support.citrix.com/article/CTX127939 – XenDesktop 7.x SQL Database Sizing and Mirroring Practices
  3. http://support.citrix.com/article/CTX131239 – XenDesktop and PVS Hypervisor support
  4. http://support.citrix.com/article/CTX127030 & http://blogs.citrix.com/2013/09/22/citrix-consolidated-list-of-antivirus-exclusions/ – Citrix & Antivirus settings
  5. http://support.citrix.com/article/ctx129229 – Recommended Hotfixes for XenApp 6.x on Windows Server 2008 R2
  6. http://www.citrix.com/events/citrix-user-group.html – Upcoming Citrix User Group meeting in your city
  7. http://discussions.citrix.com/topic/357800-template-exchange-studio-templates-%E2%80%93-help-needed-out-of-the-box-configuration-sconmsg -d current -g pol_hitsfor-xendesktop-and-xenapp/ – XenDesktop/XenApp 7.6 Citrix Studio Template Exchange

 

VMware living KBs
These are critical parts of VMware vSphere infrastructure and you always have to keep up with the latest news on these:

  1. http://www.vmware.com/resources/compatibility/search.php – VMware Compatibility Guide (host server, guest OS, storage, etc.)
  2. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2100429 – Host operating system support information
  3. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2009918 – Rebuilding indexes to improve the performance of SQL Server and Oracle vCenter Server databases
  4. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1007453 – Reducing the size of the vCenter Server database when the rollup scripts take a long time to run

 

Microsoft living KBs

  1. http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx – Microsoft Anti-Virus Exclusion List (very important for Citrix as well. Things like MMC, Powershell, DAT files, etc. should be excluded or apps like Citrix Studio that are heavily dependent on these will be extremely slow. Symantec Anti-virus (SAV) or Symantec Endpoint Protection (SEP) for example will rtvscan.exe or ccSvcHost.exe on each and every user .dat file when opening Citrix Studio.)

 

AppSense DesktopNow

  1. https://www.myappsense.com/Knowledgebase/TN-150728.aspx – Recommended AppSense DesktopNow anti-virus exclusions (login required)

 

Citrix XenDesktop and XenApp Powershell cmdlets:

  1. Enable Citrix powershell snap-ins for XenDesktop/XenApp 7.6:
    Add-PSSnapin Citrix.*.Admin.V*
  2. Enable Citrix powershell snap-ins for XenApp 6.5:
    Add-PSSnapIn citrix.xenapp.commands
    Add-PSSnapIn citrix.common.Commands
    Add-PSSnapIn citrix.common.groupPolicy
  3. To get a listing of all your XenApp 6.5 servers:
    get-xaserver | select servername > c:tempXenApp_VM_list.txt
  4. To get a listing of XenDesktop logged in users:
    get-brokersession | select UserName > c:templogged_in_users.txt
  5. To get a listing of ALL XenDesktop/XenApp 7.6 VMs:
    get-brokermachine -maxrecordcount 2000 | select machinename > c:tempVM_list.txt
  6. To send a reboot notification message to a specific desktop group on XenDesktop/XenApp 7.6:
    Add-PSSnapin citrix*
    $sessions = Get-BrokerSession -MaxRecordCount 5000 | Where {$_.desktopgroupname -match "Virtual Desktop Group 1"}
    Send-BrokerSessionMessage $sessions -MessageStyle "Information" -Title "REMINDER: Virtual Desktop Reboot @ 11 PM" -Text "REMINDER: Virtual Desktops will be rebooted Saturdays @ 11 PM. Please save your work and logoff prior to this when you go home for the day. If you work from home you will be logged off at 11 PM but can immediately log back in after the 11 PM reboot."

 

Citrix NetScaler commands:

  1. Generate an SSL key and csr from a conf file for an SSL SAN certificate:
    cd /nsconfig/ssl
    followed by:
    openssl req -new -newkey rsa:2048 -keyout 2015_KEY_yourdomain.key -out 2015_CSR_yourdomain.csr -config 2015_REQ_yourSANcert.conf
  2. Convert a .cer SSL cert and SSL key to .pfx format:
    openssl pkcs12 -export -out 2015_CER_yourdomain.pfx -inkey 2015_KEY_yourdomain.key -in 2015_CER_yourdomain.cer
  3. Convert a .pfx (SSL cert and SSL key) to .pem format:
    openssl pkcs12 -in 2015_CER_yourdomain.pfx -out 2015_CER_yourdomain.pem
  4. Watch NetScaler Gateway logins in realtime (AAA debugging) and log to a file:
    shell
    followed by:
    cat /tmp/aaad.debug | tee /tmp/aaa-log-mm-dd-yyyy.log
    **TIP: I absolutely LOVE to useThis is a quick reference guide/cheat sheet of links and commands every Citrix or VMware engineer should know about. I will remove stuff that gets deprecated so the page doesn’t get too cluttered.

    Citrix living CTXs
    These are critical parts of Citrix infrastructure and you always have to keep up with the latest news on these:

    1. http://support.citrix.com/article/CTX139331 – Citrix Virtual Desktop Handbook 7.x
    2. http://support.citrix.com/article/CTX127939 – XenDesktop 7.x SQL Database Sizing and Mirroring Practices
    3. http://support.citrix.com/article/CTX131239 – XenDesktop and PVS Hypervisor support
    4. http://support.citrix.com/article/CTX127030 & http://blogs.citrix.com/2013/09/22/citrix-consolidated-list-of-antivirus-exclusions/ – Citrix & Antivirus settings
    5. http://support.citrix.com/article/ctx129229 – Recommended Hotfixes for XenApp 6.x on Windows Server 2008 R2
    6. http://www.citrix.com/events/citrix-user-group.html – Upcoming Citrix User Group meeting in your city
    7. http://discussions.citrix.com/topic/357800-template-exchange-studio-templates-%E2%80%93-help-needed-out-of-the-box-configuration-sconmsg -d current -g pol_hitsfor-xendesktop-and-xenapp/ – XenDesktop/XenApp 7.6 Citrix Studio Template Exchange

     

    VMware living KBs
    These are critical parts of VMware vSphere infrastructure and you always have to keep up with the latest news on these:

    1. http://www.vmware.com/resources/compatibility/search.php – VMware Compatibility Guide (host server, guest OS, storage, etc.)
    2. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2100429 – Host operating system support information
    3. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2009918 – Rebuilding indexes to improve the performance of SQL Server and Oracle vCenter Server databases
    4. http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1007453 – Reducing the size of the vCenter Server database when the rollup scripts take a long time to run

     

    Microsoft living KBs

    1. http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx – Microsoft Anti-Virus Exclusion List (very important for Citrix as well. Things like MMC, Powershell, DAT files, etc. should be excluded or apps like Citrix Studio that are heavily dependent on these will be extremely slow. Symantec Anti-virus (SAV) or Symantec Endpoint Protection (SEP) for example will rtvscan.exe or ccSvcHost.exe on each and every user .dat file when opening Citrix Studio.)

     

    AppSense DesktopNow

    1. https://www.myappsense.com/Knowledgebase/TN-150728.aspx – Recommended AppSense DesktopNow anti-virus exclusions (login required)

     

    Citrix XenDesktop and XenApp Powershell cmdlets:

    1. Enable Citrix powershell snap-ins for XenDesktop/XenApp 7.6:
      Add-PSSnapin Citrix.*.Admin.V*
    2. Enable Citrix powershell snap-ins for XenApp 6.5:
      Add-PSSnapIn citrix.xenapp.commands
      Add-PSSnapIn citrix.common.Commands
      Add-PSSnapIn citrix.common.groupPolicy
    3. To get a listing of all your XenApp 6.5 servers:
      get-xaserver | select servername > c:tempXenApp_VM_list.txt
    4. To get a listing of XenDesktop logged in users:
      get-brokersession | select UserName > c:templogged_in_users.txt
    5. To get a listing of ALL XenDesktop/XenApp 7.6 VMs:
      get-brokermachine -maxrecordcount 2000 | select machinename > c:tempVM_list.txt
    6. To send a reboot notification message to a specific desktop group on XenDesktop/XenApp 7.6:
      Add-PSSnapin citrix*
      $sessions = Get-BrokerSession -MaxRecordCount 5000 | Where {$_.desktopgroupname -match "Virtual Desktop Group 1"}
      Send-BrokerSessionMessage $sessions -MessageStyle "Information" -Title "REMINDER: Virtual Desktop Reboot @ 11 PM" -Text "REMINDER: Virtual Desktops will be rebooted Saturdays @ 11 PM. Please save your work and logoff prior to this when you go home for the day. If you work from home you will be logged off at 11 PM but can immediately log back in after the 11 PM reboot."

     

    Citrix NetScaler commands:

    1. Generate an SSL key and csr from a conf file for an SSL SAN certificate:
      cd /nsconfig/ssl
      followed by:
      openssl req -new -newkey rsa:2048 -keyout 2015_KEY_yourdomain.key -out 2015_CSR_yourdomain.csr -config 2015_REQ_yourSANcert.conf
    2. Convert a .cer SSL cert and SSL key to .pfx format:
      openssl pkcs12 -export -out 2015_CER_yourdomain.pfx -inkey 2015_KEY_yourdomain.key -in 2015_CER_yourdomain.cer
    3. Convert a .pfx (SSL cert and SSL key) to .pem format:
      openssl pkcs12 -in 2015_CER_yourdomain.pfx -out 2015_CER_yourdomain.pem
    4. Watch NetScaler Gateway logins in realtime (AAA debugging) and log to a file:
      shell
      followed by:
      cat /tmp/aaad.debug | tee /tmp/aaa-log-mm-dd-yyyy.log
      **TIP: I absolutely LOVE to use CMTrace to run through these logs quickly. Will highlight rejects and errors automatically. I highly recommend this for any NetScaler engineer.
    5. See all connections to the NetScaler:
      shconnectiontable
    6. See all Established connections to the NetScaler from a certain IP and omit Monitors:
      sh connectiontable "ip == xxx.xxx.xxx.xxx && svctype != MONITOR"
    7. See all connections to the NetScaler from a certain IP and only display SSL:
      sh connectiontable "ip == xxx.xxx.xxx.xxx && state == established && svctype == SSL"
    8. See all connections to the NetScaler that are NOT Monitors or SSL:
      sh connectiontable "ip == xxx.xxx.xxx.xxx && svctype != MONITOR && svctype != SSL"
    9. Watch NetScaler policy hits in realtime:
      shell
      followed by:
      nsconmsg -d current -g pol_hits
    10. Watch latest ns.log events in realtime:
      shell
      followed by:
      tail -f /var/log/ns.log
    11. Change the NetScaler theme from a Custom theme to Default theme via CLI if after a firmware upgrade you are unable to login via GUI anymore (“Login command failed over API. Reason: Response not of type test/xml: test/html” bug). Once you’re back in you can change back to custom using the GUI. Make sure your password does not contain special characters as that can prevent login too (“/login/do_login” bug):
      set vpn parameter UITHEME DEFAULT
      save ns conf
      reboot
    12. Change the password on nsroot or other user account via command line:
      set system user nsroot MyNewPassword54321
      save ns conf

     

    Splunk syslog search filters for NetScaler:

    1. Find successful NetScaler Gateway logins with device/browser, user ID, and IP address:
      source="YourNetScalerSource" index="YourNetScalerIndex" SSLVPN LOGIN NOT (HTTPREQUEST)
    2. Find failed NetScaler Gateway logins with device/browser, user ID, and IP address:
      source="YourNetScalerSource" index="YourNetScalerIndex" AAA LOGIN
    3. Create a report of Top 20 SSL ciphers being used on a NetScaler Gateway vserver:
      source="YourNetScalerSource" index="YourNetScalerIndex" CipherSuite VserverServiceIP xxx.xxx.xxx.xxx| top limit=20 SSLCipher
      where SSLCipher is the following custom field extraction:

    4. Find NetScaler Gateway ICA launches with the name of the app/desktop, user ID, and IP address:
      source="YourNetScalerSource" index="YourNetScalerIndex" SSLVPN ICASTART

     

    Atlantis ILIO commands
    These Linux commands are useful but depend on your storage setup and if you are using ILIO Diskless or ILIO Persistent. These are commands that I personally use so modify as needed.

    1. ILIO appliance snapclone info assuming disk 1 is snapclone:
      dstat -D sdb -cdln --disk-util
    2. ILIO appliance snapclone partition info:
      dstat -D sdb2 -dsr --disk-util
    3. ILIO VM total disk usage:
      df -h /exports/ILIO_VirtualDesktops
    4. ILIO appliance VM info (network, disk, resource with resource limit on nfs stack on dom0):
      dstat -D dm-0 -ndr --nfsd3
    5. ILIO appliance VM info (time, load, network, cpu, disk, resource):
      dstat -D dm-0 -tlncdr --nfsd3
    6. ILIO appliance OS info assuming it is disk 0 (network, disk, resource on disk):
      dstat -D sda -ndr --disk-util
    7. ILIO appliance VM snapclone info assuming it is disk 1 (network, disk, resource on disk):
      dstat -D sdb -ndr --disk-util

     

    PowerShell Oneliners
    Just open a PowerShell window and drop each line in to get a result.

    This first set of one liners returns common redirected folders. If you use AppSense for example, you will likely be redirecting these folders to a file share for each user. You can use these one liners as a base for advanced scripts on reporting redirected user folders for all your users:

    1. Display the redirected Desktop folder:
      [Environment]::GetFolderPath("Desktop")
    2. Display the redirected My Documents folder:
      [Environment]::GetFolderPath("MyDocuments")
    3. Display the redirected My Music folder:
      [Environment]::GetFolderPath("MyMusic")
    4. Display the redirected My Pictures folder:
      [Environment]::GetFolderPath("MyPictures")
    5. Display the redirected My Videos folder:
      [Environment]::GetFolderPath("MyVideos")

     

    AutoHotkey Scripts

    1. Left click mouse every 2 seconds in a loop. Good foundation to do more advanced stuff with.

     

    to run through these logs quickly. Will highlight rejects and errors automatically. I highly recommend this for any NetScaler engineer.

  5. See all connections to the NetScaler:
    shconnectiontable
  6. See all Established connections to the NetScaler from a certain IP and omit Monitors:
    sh connectiontable "ip == xxx.xxx.xxx.xxx && svctype != MONITOR"
  7. See all connections to the NetScaler from a certain IP and only display SSL:
    sh connectiontable "ip == xxx.xxx.xxx.xxx && state == established && svctype == SSL"
  8. See all connections to the NetScaler that are NOT Monitors or SSL:
    sh connectiontable "ip == xxx.xxx.xxx.xxx && svctype != MONITOR && svctype != SSL"
  9. Watch NetScaler policy hits in realtime:
    shell
    followed by:
    nsconmsg -d current -g pol_hits
  10. Watch latest ns.log events in realtime:
    shell
    followed by:
    tail -f /var/log/ns.log
  11. Change the NetScaler theme from a Custom theme to Default theme via CLI if after a firmware upgrade you are unable to login via GUI anymore (“Login command failed over API. Reason: Response not of type test/xml: test/html” bug). Once you’re back in you can change back to custom using the GUI. Make sure your password does not contain special characters as that can prevent login too (“/login/do_login” bug):
    set vpn parameter UITHEME DEFAULT
    save ns conf
    reboot
  12. Change the password on nsroot or other user account via command line:
    set system user nsroot MyNewPassword54321
    save ns conf

 

Splunk syslog search filters for NetScaler:

  1. Find successful NetScaler Gateway logins with device/browser, user ID, and IP address:
    source="YourNetScalerSource" index="YourNetScalerIndex" SSLVPN LOGIN NOT (HTTPREQUEST)
  2. Find failed NetScaler Gateway logins with device/browser, user ID, and IP address:
    source="YourNetScalerSource" index="YourNetScalerIndex" AAA LOGIN
  3. Create a report of Top 20 SSL ciphers being used on a NetScaler Gateway vserver:
    source="YourNetScalerSource" index="YourNetScalerIndex" CipherSuite VserverServiceIP xxx.xxx.xxx.xxx| top limit=20 SSLCipher
    where SSLCipher is the following custom field extraction:

  4. Find NetScaler Gateway ICA launches with the name of the app/desktop, user ID, and IP address:
    source="YourNetScalerSource" index="YourNetScalerIndex" SSLVPN ICASTART

 

Atlantis ILIO commands
These Linux commands are useful but depend on your storage setup and if you are using ILIO Diskless or ILIO Persistent. These are commands that I personally use so modify as needed.

  1. ILIO appliance snapclone info assuming disk 1 is snapclone:
    dstat -D sdb -cdln --disk-util
  2. ILIO appliance snapclone partition info:
    dstat -D sdb2 -dsr --disk-util
  3. ILIO VM total disk usage:
    df -h /exports/ILIO_VirtualDesktops
  4. ILIO appliance VM info (network, disk, resource with resource limit on nfs stack on dom0):
    dstat -D dm-0 -ndr --nfsd3
  5. ILIO appliance VM info (time, load, network, cpu, disk, resource):
    dstat -D dm-0 -tlncdr --nfsd3
  6. ILIO appliance OS info assuming it is disk 0 (network, disk, resource on disk):
    dstat -D sda -ndr --disk-util
  7. ILIO appliance VM snapclone info assuming it is disk 1 (network, disk, resource on disk):
    dstat -D sdb -ndr --disk-util

 

PowerShell Oneliners
Just open a PowerShell window and drop each line in to get a result.

This first set of one liners returns common redirected folders. If you use AppSense for example, you will likely be redirecting these folders to a file share for each user. You can use these one liners as a base for advanced scripts on reporting redirected user folders for all your users:

  1. Display the redirected Desktop folder:
    [Environment]::GetFolderPath("Desktop")
  2. Display the redirected My Documents folder:
    [Environment]::GetFolderPath("MyDocuments")
  3. Display the redirected My Music folder:
    [Environment]::GetFolderPath("MyMusic")
  4. Display the redirected My Pictures folder:
    [Environment]::GetFolderPath("MyPictures")
  5. Display the redirected My Videos folder:
    [Environment]::GetFolderPath("MyVideos")

 

AutoHotkey Scripts

  1. Left click mouse every 2 seconds in a loop. Good foundation to do more advanced stuff with.