Monthly Archives: June 2013

Azure Pack configuration for Windows Server 2012 R2

So Microsoft has released the new wave of products into preview, including the next version of Katal (Azure Services) for Microsoft, called Azure Pack. This pack transforms your datacenter into Azure allowing users to sign up using plans and be able to use your infrastructure into a IaaS platform.

You can download the trial for Azure Pack here –>

Now there are some prerequisites for using this pack.
You can read more about them here –>

But in order to integrate Azure pack with your on-premise solution it uses Service Provider Foundation (Which is included in the Orchestrator installation media)


Not that this requires the installation of SCVMM 2012 R2 Console on the same machine as SPF since it uses the VMM APIs to communicate with it.

It also requires some other prerequisites such as


WCF Data Services 5.0 can be found here –>

.NET features 4.5 WCF is a part of .Net 4.5 which can be installed from Server Manager

Management ODATA IIS is also a part of 2012 R2 installation media

ASP.NET MVC 4 can be downloaded from here –>

Next we configure a database for use for SPF


In this database the SPF stores information such as
Usage Records
Gallery Items
And Tenants Stamps

Next we choose where to deploy the SPF files and what certificate we want to use.
In my case for this demo I used a self-signed certificate.


Next we define credentials for the admin web service


NOTE: If you choose Network Service here you need to make sure that the machine account is a VMM administrator

In my case I choose a Service Account and entered a domain user.
After that you are done with SPF


Next we move on to the Azure Pack installation
You can download the pack from here –>

All it does is download a profile which uses webdeploy.


Now by default it will install all the web roles on the same servere


Click I accept (ill come back to what the different roles do)
And Note this installing part may take some time.

After that is done, press Continue and ill will start the Service Management Configuration site.


It will open a browser window on the localhost on port 30101, and again we will have to define a Database and server for the Azure Pack.

Here you have the option to use a Windows user or a regular SQL user.
Remember that you have to enable Mixed Mode on the SQL server in order to use regular SQL users.


Make sure that you write down the passphrase. If you forget or lose this passphrase, there is no way to recover it. This is used to encrypt and decrypt the Configuration Store..

Next we define a FQDN for the host


After this is done it will start configuring the different roles on the Server


After that is done we continue on with the configuration


NOTE: You may need to log out of your system and log back in before you can access the management portal for administrators. This is due to Windows authentication and the need to add the security group to your security token.

If you continue to see an access denied error, even after logging back in, close all Internet Explorer windows, and run Internet Explorer as an administrator.

Now the setup will open a browser on port 30091 which is the default port for the management portal for administrators



Now you can see the difference between “Katal” and Azure Pack

Katal (The old version)


(Azure Pack the New one)


New stuff is including
Reporting provider (This is also a feature that is on the Orchestrator installation media)
Service Bus Clouds (Read more about setting up service bus here –> )
Automation (This requires Service Management Automation web service)

So in my case I define the Service Provider Foundation endpoint for Azure Pack
And then Go to VM Clouds and connect to my VMM Management Server.

Add some bugs when connecting to my cloud but after a IISreset it worked just fine


This gets the cloud container from VMM, from here I can view resources in my cloud


Now for the end-user I can sign up using the tenant portal.
Which is on the same server you installed Azure Pack only on port 30081 remember thou that you need to create a plan and publish it in order for users to subscribe to that plan.

Here I signed up with a regular user account


Choose Add Plan and select a public plan which was created on the management portal.
Note thou that here we have external users created we can also use AD authentication

For the tenant portal you can configure this using ADFS here –>

Note when you sign up for a plan you need to go back to the administration portal and approve the subscription.

Now If I want to automate a task associated with VM create I can do this in the management portal


All for this time, all dive in a bit more when I got the time Smilefjes 
Stay tuned

XenDesktop 7 setup and AppController setup

So the big day is here, XenDesktop 7 is released from Citrix and with it ends the old XenApp architecture.
Support for Server based session hosts is still there but the architecture is merged into XenDesktop.

Other features include:
App-V integration
License console integrated into Studio
Storefront administration also from the same console.
The list goes on and pictures say more than a thousand words.

(Can also say that Citrix also released a new version of the Receiver platform for both Mac and Windows today, which includes support for XenDesktop 7 and Storefront.

XenDesktop 7 can be downloaded from à

Now the installation is pretty straight forward just choose Standard delivery controller install and it will include all of the needed components. After they are installed we need to create a deployment.
When you start Desktop Studio we choose create new deployment.

So we create a new site.

Choose a new database (if we have a SQL server we choose that) (Itworks with SQL server 2012)
Next we define license settings, we can add licenses directly. This can be altered either by PowerShell or in the GUI afterwards.

Next we add some virtual infrastructure, this can either be System Center 2012, XenServer og vSphere.
NOTE: That even thou you can connect to a System Center 2012 R2 SCVMM it will not function properly.

I could even fetch info about my virtual network running on the 2012 R2 Preview.

It will also get any active storage clusters from SCVMM

Next we define if you have an app-v infrastructure. (Note that this does not include System Center integrated )
After that is done we will have an “site”

Next we create a machine catalog. This catalog contains physical and virtual machines (that are either server os or client oses) or Remote PC.
In my case I just have one windows server OS RDS which has the VDA agent installed.

Next we choose HOW this infrastructure is going to be built.
Either MCS, PVS or other tools such as VMM VM deployment with VDA agent installed.

For my case I choose another service or technology and I add a local VM

and I choose that this catalog should include this VM. After that is done we are completed with creating a machine catalog.
Next we have to create a delivery group. This group binds a user/group to destkops/apps.

Choose a type of delivery

Add users

Add a storefront server which this delivery controller will speak to.

After that is done we have a fully functional XenDesktop site and catalog.
We also have to install a VDA agent on an RDS server.

Choose enable connections to this server, then add a desktop controller.

Click next, next then finish.
The VDA agent will install and do a couple of reboots.

If we head back to the console we can now see that we have the option to change the URL of the Storefront deployment from the Storefront console, this was previously only available from PowerShell

Now in order to add AppController to the mix we have a certificate installed on both StoreFront and AppCtontroller, then go into Stores à and choose Manage Deliver controllers.
Then you chosoe Add, type AppController and enter the FQDN of the Appcontroller.

Then press OK, you must also log into Trust Settings of the AppController deployment to change authentication change this to StoreFront.
NOTE: This has to be in form of HTTPS:

Then we can create some web applications in the Apps & Docs part of AppController and next time we log into Citrix Receiver Web Store we can see that Apps from AppController appears.
Users also have the ability to restart their own sessions or VM’s from the web receiver

Here is the AppController application.
Now a couple of things that I would like to take note about.
Powershell support is included for pretty much everything. When I run a command in the GUI I actually run a PowerShell command in the back.
However, when I launch PowerShell from the console It does not include most of the PowerShell modules.

Therefore I’m including the path and the modules here à

‘C:Program FilescitrixStudioAppVIntegrationSnapInCitrix.AppV.Admin.V1Citrix.VirtApp.PowerShellSnapIn.dll’

‘C:Program FilesCitrixStudioAppVIntegrationSnapInCitrix.AppV.Admin.V1Citrix.GroupPolicy.PowerShellProvider.dll’

‘C:Program FilescitrixBrokerSnapinv2BrokerSnapin.dll’

‘C:Program FilescitrixLicensingSnapInCitrix.Licensing.Admin.V1Citrix.LicensingAdmin.PowerShellSnapIn.dll’

‘C:Program FilesCitrixMachineCreationSnapInCitrix.MachineCreation.Admin.V2Citrix.MachineCreation.PowerShellSnapIn.dll’

‘C:Program FilesCitrixStorefrontSnapInCitrix.Storefront.Admin.V1Citrix.Storefront.PowerShellSnapIn.dll’

Import these modules in PowerShell ISE and you can automate and configure most of your deployment from here.
For instance, I can make use of these in for instance Orchestrator, automate a new user process, and create a new VM for that user.
(ill come back to that in another post J

I recently had a speak event for the Norwegian Citrix User Group where I spoke about automation with XenDesktop 7 and Orchestrator, but that is another story.

But back to storefront, you now have the option to add web links directly from there as well à
You have the option to choose HTML5 client as a fallback if local clients does not install properly.

So when I choose, use HTML5 as fallback Storefront will create local folder containing HTML5 client

And some other resources for XenDesktop 7:

deprecated features:
Unattended installation XenDestkop 7
XenDesktop 7 edocs (How do I….

Monitoring Azure in System Center Operations Manager

With the release of the latest preview management pack from Microsoft it is now possible to monitor your fabric in Azure.

Even thou many setup a IPsec VPN connection and deploy SCOM agents like before to get more deep monitoring capability, it is still possible to use this management pack since it also covers other services (for instance cloud services)
Now after you have downloaded the pack you can goto administration à Import Management Packs

Select the two from the download and click install. After that is done restart the console and go back to administration, you will see a new option in the bottom.

Click Add subscription and enter the information.

The Subscription ID you can find I Azure, and if you have previously created a management certificate you can continue to use that.
If you are unsure how you can create this, I suggest to head over to my other post,

Next you define a proxy agent, this is the agent that is going to communicate with Azure.

Now after you have added the subscription go back to monitoring.

PS: It might take some time before resources start showing up in the console since the MP does a sync once a day.

We also get some new monitoring capabilities under Authoring pane.
Now by default all objects within Azure is listed as NOT MONITORED

So you would have to setup monitoring for each object you want to monitor.

So Im going to setup monitoring of my VM in Azure (and some storage blobs)

After this is done it might take some time before the objects will be listed as monitored.

Here are the monitors available for a virtual machine running in Azure, if you wish more deep monitoring you need to deploy a regular SCOM agent.

Windows Server 2012 and System Center 2012 R2 walkthrough

So I have been lucky enough to have the time to try out all the new builds from Microsoft.
Since R2 Beta builds of System Center and Server was released earlier today, and yes im a geek so this is how I spend my time J

First of if you look at my previous post you can download all the components from one place (Including Azure pack) and all of the components can the upgraded from SP1 (For System Center) Windows Server 2012 can be upgraded to the R2 Beta.
Do not expect that you can upgrade it further again when the GR comes.

Now a couple of things as well.
Virtual Machine manager and Configuration manager require the new released of ADK. (So you have to uninstall the old ADK 8 and download the new one found here à )

Most of the can be upgraded as well (Have some issues with Orchestrator) but the rest of them were easy peasy to upgrade. Except SCVMM 2012 R2, you have to uninstall the previous version before you can upgrade.

So let’s start with Windows Server 2012.
After the installation, you can see that you have the famous start button back. All this button does is bring you back to the “start menu” aka metro view.

Seach now works everywhere à

When you install roles now you can see how many of the features is already installed.

Desired State Configuration is not installed by default.

In RDS deployment, Shadow function is back o joy!!

You also have an own module for importing and exporting Start screen (For group policy deployment)

Ill come back with more here as I progress into What’s new (Much to cover) but in the meantime over to System Center 2012 R2.
Ill start with Operations Manager (Which I just upgraded from SP1 release)


Now as you can see OpsMgr now has System Center Advisor installed by default. So you have to install Identity Foundation (Which can be installed in Server Manager)

So after the installation, not much new to look at. All the agents worked as they should and all the components worked, as they should.
If you want to upgrade other System Center components as well you need to remove the MP (If you have any installed) for instance Configuration Manager MP started spamming after I upgraded CM)

(Azure is another MP and another story J

On the servers, agents are now renamed.

Now Orchestrator, on the other hand so not actually have so much new in its new build.
What is interesting here on the other hand is Service Automation Management.

ill come back to this in another post how they integrate with the new Azure Pack and SPF.

Service Manager (Not much new here either) just a more snappy Console and the Self-Service portal is now on SharePoint 2013.

Configuration Manage upgrade also went smoothly.

all the components worked after the upgrade and I could just go ahead and start working.

There are some minor changes to the GUI here. And some new features. Deployment of VPN profiles, Wi-FI and certificates and remote connections. Mostly tied up to 8.1

you also have the option to deploy a web application now

you can also see what policies apply on the client.

So far so good, ill come back tomorrow with a post on Azure Pack ontop of System Center 2012 R2 and Windows Server 2012 R2

2012 R2 Preview released!

During the night, Microsoft quietly announced its preview builds of Windows Server 2012 R2 and System Center 2012 R2.
The releases can be found here –>

Im already downloaded most of the stuff, but as always Things tend to Queue up since there are many geeks out there eager to try the software.
Windows 8.1 will come in a couple of days as well so stay tuned! 🙂

Trouble opening certsrv on ADCS Web enrollment service 2012

So I was setting up my demo environment again this week, and I figured that I needed an internal PKI for most of my services and therefore I needed the web enrollment service as well.
After I have installed ADCS and the web enrollment role on the same server, I figured I was good to go.

Not quite, when I tried to open http://localhost/certsrv and wanted to get a certificate I got the message that I needed to change to https:// in order to download certificates and that’s fine.
When I tried to open the https://localhost/certsrv It didn’t respond after a couple of minutes I found out you need to do one thing.

You need to create a self signed certificate from within IIS and this to the bindings on port 443.

After this is done, you can enter the website.    

What’s new in Windows Server 2012 R2 and System Center 2012 R2 + Intune

Wow thats a long title! But as it suggests there is a lot happening with the new releases from Microsoft, and I always find that other blogs contain just some piece of info regarding either SCVMM or Windows Server or another component. Therefore, I wanted to gather all the info from TechEd and compile a blog post containing all the new stuff that is going to be released this year.

Windows Server 2012 R2
Multiple improvements to Hyper-V:
    * Cross-version Live Migration (Live migrate from 2012 to 2012 R2)
    * Automatic Activation of VM’s
    * New generation VM (No longer running legacy components)
    * Enhanced Remote Desktop (VM connect)
    * Enhanced Hyper-V replica
    * Dynamic Memory for Linux
    * Clone a running VM
    * Live Migration Compression
    * VHD deduplication
    * Online VHDX resizing
    * Storage QoS
    * Hyper-V recovery Manager (Replicate to Azure)
    * Live Migration with RDMA
    * Shared VHDX
    * Multi-tenant VPN gateway
    * vRSS
    * Remote Live Network Monitoring

Other Enhancements to Windows Server
    * Better NIC teaming
    * Powershell 4.0
    * Better IPAM integration
    * Better Resource Metering
    * Session Shadowing
    * Workplace Join (And Workspace folders)
    * Storage Tiering (In Storage spaces)
    * Support to export Start Screen Config using PowerShell and importing it using Group Policy
    * Desired Configuration State Options
    * Extended ACLs (Statefull inspection, Port, protocol)

System Center 2012 R2
Virtual Machine Manager:
    * Better support for using all types of storage types (iSCSI, FC, SMB 3.0
    * Can manage NVGRE, PVLANs
    * All system center components available as service tempates (later this year)
    * ODX copy VM’s from library to production
    * Integrate with IPAM
    * VMM can remediate config problems on physical switches
    * New Management Pack for Operations Manager
    * More options for site-to-site VPN options for customers

Service Manager
    * Self-service portal can be used on SharePoint 2013
    * Service management automation

Operations Manager
    * Deep application monitoring into Java Applications
    * Enhanced cross-platform monitoring

Configuration Manager
    * Support for Windows 8.1 and Server 2012 R2
        * Manage Windows 8.1 using Mobile Device Agent (BYOD)
    * Workplace join 
         * Selective Wipe for IOS devices
         * Better management of Android devices
         * New Self-service Portals, native apps of IOS, Android and Windows x86
         * Support for configuring Work folders
         * Work folders integration with the Self-service portal
         * Role-based administration control (RBAC) now supports reports

Data Protection Manager
    * Online Backup Linux VM’s

Intune Wave E
    * Office 365 Cloud Connector
    * Support for Windows 8.1
    * Support for Work Folders
    * VPN and Wi-FI profile deployments
    * New Company Portal
    * Better Mobile platform support
    * Selective Wipe

What’s new at Teched 2013

A lot of new stuff was announced at TechEd by Microsoft yesterday leaving every Microsoft IT-pro happy. Like many anticipated we would see a new release of Windows Server and System Center.
So far they’ve announced a couple of things
* New release of System Center (System Center 2012 R2)
* New release of Windows Server 2012 (Windows Server 2012 R2)
* New release of Intune (Wave E)
* New release of SQL Server (SQL Server 2014)
* Some changes to Azure
    -> Billing per minute
    -> Won’t change for offline VM’s
    -> Added support for SSL on reserved Web sites.
    -> Lower costs for Azure Subscription for MSDN accounts.
    -> New DirSync tool with support for password sync (hash syncs)
    -> Access Control Lists on Endpoints

So what do we know is coming in the new releases?

* Windows Server 2012 R2
    à Storage Tiering (You can add SSD to your storage spaces solution and you can use SSD as a cache to have the most frequent used data)
    à Storage QoS (You can now define in Hyper-V how much IOPS a VM can use
    à Version 2 VM (No more legacy stuff in a VM, support for UEFI)
    à Support to export Start Screen config using Powershell and import it to a Group Policy
    à Dynamic Memory for Linux
    à Online VHDX resizing
    à Live Migration Compression
    à Automatic Guest Activation
    à VHD deduplication
    à Windows Azure Hyper-V Recovery Manager
    à Better NIC teaming algorithms
    à Virtual IP address space management (for IPAM)
    à Better resource metering options
    à PowerShell 4.0 (3000 cmdlets)
    à Desired Configuration State options
    à Workplace join and Work folders
    à Automatic VPN connection when a users click on a application that requires corporate Access.
    à Session Shadow
    à Windows Azure Pack (Next version of Katal)
* System Center 2012 R2
    à NVGRE Gateway solution is a part of a default service template (No more need for F5 gateway solution)
    à VMM to deploy a physical File Scale-out-server
ConfigMgr 2012 R2
    à Support for Windows 8.1 and Server 2012 R2
    à Manage Windows 8.1 using Mobile Device Agent (BYOD)
    à Workplace join
    à Selective Wipe for IOS devices
    à Better management of Android devices
    à New Self-service Portals, native apps of IOS, Android and Windows x86
    à Support for configuring Work folders
    à Work folders integration with the Self-service portal
    à Role-based administration control (RBAC) now supports reports

More to come!

SureBackup and Exchange U-AIR with Veeam

Veeam has a functon called SureBackup, which is used to verify that your backups are valid (or that they are functional J
SureBackup allows you to spin up a virtual lab directly in Vmware (which sits on an isolated network, separated from your production network) (Which is actually mounted up as a datastore directly from the backup)
It also (if you choose to) creates an virtual appliance proxy which is used to communicate between this virtual lab environment and the production environment in use for U-AIR wizards (I’ll come back to that later)

Then there are Application Groups (Here you can define virtual machines that are dependent of each other in order to use SureBackup) for instance Exchange, requires an active domain controller with a global catalog in order to start.
And in the Application Group we define which VMs we want in and how long time they would use in order to boot (now remember that in many cases you have VMs which are dedup and compressed and is then booted from the backup environment into the vmware environment so you need to be patient J

You can also see an interactive movie here à

(Remember that in order to use the U-AIR wizards against the lab you need to have the check box on the “Keep the application group running once the job completes)

In the SureBackup Job we define which way we can test how the backups are verified (You can define for instance heartbeat tests with Vmware integration tools, Ping tests and if you define which roles the VMs you will automatically use some predefined scripts against the VMs)

If we choose a role for a VM, Veeam has some built in scripts that are run against the VM in order to check if it is operational.

We can also define how long time the VM has to boot and how much memory it can use

So what we are going to do? Restore some objects from Exchange to our production environment,

Now when you run the surebackup job you can see in vCenter that the VM’s are started. (Remember that the domain controllers needs to be started first in order for Exchange to function)
And remember that DNS is vital here, the AD controller that you use in the application group, should be primary DNS server for your exchange servers or you need to login and change it afterwards. If not Exchange will not start properly.

There are a couple of things that you need to remember when running the U-AIR wizards, by default Exchange permissions are restricted pretty tight, you need to add a user with full admin access to all mailboxes.
This can be done in Exchange 2010 with the following PowerShell cmdlet

Get-MailboxDatabase -identity “[mailbox database name]” | Add-ADPermission -user [username] -AccessRights GenericAll

Now the U-AIR wizard (Is not the same as Exchange Explorer) and the wizard has to be pointed the CAS server (Since the U-AIR wizard) uses EWS in order to restore objects.
And the Wizard automatically knows which type of Exchange it is. The U-AIR wizard is a separate download from Veeam (Not included in the regular release of Veeam B&R)

And then the rest of the wizard is pretty simple, just define which user and which items to restore.