XenApp 6.5 on Server 2008 R2 does not allow RDP Connections after a Hard Reboot

I recently observed some strange behavior on a Citrix XenApp 6.5 application server. After some piece of software crashed on this server (still working on this, perhaps csrss.exe contention), I was not able to establish an RDP session to this box. While looking at this server from the Citrix AppCenter, I saw that all 35 sessions were listed as DISCONNECTED. I could not connect from the console or RDP, just the command line. Instead of trying to kill these existing disconnected sessions from the command line, I hard-rebooted this server.

This was a mistake. When the server came back up I could now connect at the console and with SCCM, however I could not RDP to the server. Every time I started an RDP session to the server, the mstsc client would authenticate then immediately close out. It would flash a correctly-sized RDP window momentarily than just disappear and close out.

After troubleshooting for a few hours, I noticed the output of the qwinsta command:

C:\Users\msp>qwinsta /counter
 SESSIONNAME       USERNAME                 ID  STATE   TYPE        DEVICE
 services                                    0  Disc
 console                                     1  Conn
 ica-tcp                                 65536  Listen
 rdp-tcp                                 65537  Listen
Total sessions created: 1
Total sessions disconnected: 6
Total sessions reconnected: 0

The “Total sessions disconnected” counter would increment every time I attempted to connect. At least now I knew the RDS services were not crashing, and were actually servicing my requests. I was also seeing various eventlog errors about Citrix HealthMon not allowing this server to accept new connections:

windows event vwr log showing citrix health mon errorAfter doing some more digging, I found this excellent article here. It looks like similar issues, which lead to me finding the Citrix ICA Session registry key (HKLM\Software\Citrix\ICA\Session):

regedit opened to citrx ICA Session keyFrom here, I could see all the disconnected sessions that existed on the server before it was hard-rebooted. Citrix did not have a chance to clean this up. I deleted and recreated the Session key. Make sure to re-add permissions for the NT SERVICE\TermService account to read and write to this key. After doing this, I was immediately able to RDP back into this server. It seems as though something in Citrix was still looking at this key to determine either some kind of load balancing or licensing and causing the sessions to disconnect. I believe that if I was able to manually force a high session number I would’ve been able to create a new RDP session.

Powershell for Parsing Logon and Logoff events from Windows Security Logs

$outputfile = @()
$ID = 4624,4634
Get-ChildItem -include *Security*.evtx, Archive*.evt, Archive*.evtx -Path C:\Windows\System32\winevt\Logs -recurse |
ForEach-Object {
"Parsing $($_.fullname)`r`n" >> .\Logging.txt
Try
{
Get-WinEvent -FilterHashtable @{path=$_.fullname;logname='Security';ID=$ID; data='S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXX'; ProviderName='Microsoft-Windows-Security-Auditing';} -EA Stop >> .\Logging.txt
}
Catch [System.Exception]
{
"No logon events in current log" >> .\Logging.txt
}
}

The code above will run through Windows Log directory (C:\Windows\System32\WinEvt\Logs\) and search Security logs for any Logon and Logoff Event IDs. This can easily be modified to search other evtx logs for any ID, just edit as necessary.

Precise Radio Scheduling with DD WRT

As many people know, the DD WRT firmware can turn your standard Linksys/Buffalo router into a powerful networking device. One of the advantages of running a Linux based firmware on your device is the ability to take advantage of the many programs that are provided in a Linux environment. The cron service will allow you to schedule the operation of the wireless radio with more options than the effective yet limited GUI system. The GUI system only allows you to turn the radio on and off on the hour, rather than 15 minutes to, or 10 minutes after. We can use the cron service to make up for this lack of granularity:

Step 1: Disable the web GUI’s radio scheduling (Wireless -> Advanced Settings -> Radio Time Restrictions)

wireless

Step 2: Next, move over to the Administration -> Commands tab, and paste your cron schedule into the text box. This configuration creates a schedule that turns the radio on and off at different times depending on the day of the week. From Monday to Thursday, the radio is active from 9:30AM to 8:45PM. On Fridays, it is active from 9:30AM to 5:45PM, on Saturdays it is active from 9:30AM to 4:45PM; it remains off on Sundays. This is useful for a public hotspot that you would like to restrict access to off hours. Note, this command ‘echoes’ the actual cron table into the cron directory. You must click the “Save Startup” button so these commands run everytime your router boots, otherwise the /tmp/ directory will be cleared out on every reboot and no crontab will exist.

echo '30 09 * * 1-4 root /usr/sbin/wl radio on' > /tmp/cron.d/wlanonoff
echo '45 20 * * 1-4 root /usr/sbin/wl radio off' >> /tmp/cron.d/wlanonoff
echo '30 09 * * 5 root /usr/sbin/wl radio on' >> /tmp/cron.d/wlanonoff
echo '45 17 * * 5 root /usr/sbin/wl radio off' >> /tmp/cron.d/wlanonoff
echo '30 09 * * 6 root /usr/sbin/wl radio on' >> /tmp/cron.d/wlanonoff
echo '45 16 * * 6 root /usr/sbin/wl radio off' >> /tmp/cron.d/wlanonoff

It seems necessary to power off the router for about 30 seconds and then reboot it, otherwise unexpected results may occur.

For more information on Cron and the DDWRT firmware, check out the DDWRT wiki’s cron article. For a list of available wireless radio commands, look here.

Enable GDM on OpenSUSE VNC

OpenSuSE as viewed from a Vista box
OpenSuSE as viewed from a Vista box

OpenSUSE is a different beast than the FreeBSD I know and love. It seems that in order to run the Desktop Environment of your choice, you do not edit the /home/.vnc/xstartup file. That would be too easy… It seems that Gnome runs its own implementation of VNC; it uses vino-server for remote desktop services. This is evident if you run a netstat -ap – check it out:

Vino-server/Xvnc
Vino-server/Xvnc

Anywho, it seems that the easiest way to configure this is to utilize the “Remote Desktop” applet included in SUSE’s application browser and Control Center. This will allow you to run a GDM desktop over VNC. It seems that this vino-server takes control over the gnome-session manager, and will not let other programs execute it. Good luck!

Finalizing BASH install on FreeBSD

So you’ve installed the BASH binaries, and set your shell to /usr/local/bin/bash, but still can’t seem to find the rc files for your beloved shell? If you are setting up a user to use the BASH shell, it will start up with default settings. You must:

  • Copy the .bashrc, .bash_profile, and .bash_logout files from /usr/compat/linux/etc/skel/ to the user’s home directory.
  • The skeleton .bashrc file looks for the bashrc script in /etc. You can copy a skeleton bashrc script from /usr/linux/compat/ to /etc, or wherever your heart desires, just make sure you modify the .bashrc script to look in the correct location!

Have fun!

Arbornet.org

After recently playing around with dial modem access, I came across the http://arbornet.org/ website. This website offers free UNIX shell accounts, which is nice, as you can play around with a real production UNIX system. Registration is simple; and breaking out of the menu system into a shell is easy as pie. The one thing I noticed is that a lot of users have not locked down their home directories, allowing almost anyone to read and execute the contents. Note the directory listings in the following picture:

arbor2Granted, most people wont be storing anything important on these accounts, and anyone with root access (which could be anyone) has your files. However, why risk it? Remember to run chmod 0700 on your home dir!

Final Rack Installation

Here are some pictures of the final rack installation. It took all of 12 hours to complete; we only ran into one problem – a switching loop due to a cable that was accidentally plugged in when it shouldn’t have been. It was lots of fun dealing with the deficient existing tangled cable installation, but everything is online and operational.

The whole project was a lot of fun, despite it taking a lot longer than I thought it would. Overall it was a success in that it did help clean up the equipment area. I still have to re-cut and replace some of the extra long cabling in the rack, I also have to label some. It’s not as neat as I would like it, but it’s getting there.

Dial-Up Fax over Verizon FiOS Using Vista x64

Using Windows Vista x64, a US Robotics Dial/Fax modem, and a Verizon FiOS connection, I was able to dial up over the FiOS connection and send a fax. I was also able to call my phone from the modem and speak through the modem’s speaker. This is an interesting feat, as Verizon uses a SIP enabled ONT on the premises to connect to a Nortel switch down the line to offer a ‘voice over fiber’ service. Whatever encapsulation that is being used preserves the ability to send out old-school analog data. Great, now I can send faxes! TO set this up I used a US Robotics external modem with the following settings enabled on the rear DIP switch:

1. DTR override

2. Verbal Result Codes

3. Display Result Codes

4. Echo offline commands

5. Auto-answer off

6. CD Normal

7. Load NVRAM defaults

8. Smart Mode

I then hooked this up to my PC’s serial port. I know, a serial port is a rare commodity on PCs these days – I needed to purchase a PCI card serial port for my GPS. I can attest that this Startech unit works under Vista x64. I used the generic Windows US Robotics 56k driver, put in a phone number, and viola, it all worked. Not that there are many places you can dial up to anymore – but faxing is useful and works flawlessly.

Kendall Howard 41U Knockdown Rack

When cable and space management become  a priority, a rack infrastructure becomes a tempting solution. We recently purchased a Kendall Howard Knockdown Rack, this product appealed to us because it could be broken down and moved around. We don’t plan on breaking it down and running around with it, but the fact that it can be taken apart is nice because it makes for cheap (read: free) shipping, as opposed to the $300 + shipping charges for pre-build 4 post racks and cabinets. The assembly of the rack took about 40 minutes, the only problem I had was when it was all tightened and assembled, the rack was slightly out of square. No problem though, I just stood it on its bottom (I had been assembling it on its side) and loosened the corner bolts, let it settle, then re-tightened everything. After that it sat square. A nice product that has quality accessories made by the same company. Here are some pictures from the assembly: