Internet explorer 7 wont launch
Had a weird one over the weekend. A colleague of mine accidentally approved Internet Explorer 8 to all servers in our domain via wsus and it left our Citrix servers in a bit of a sad state. We set about removing it as soon as possible but after the uninstall / restart we were faced with this very strange problem. When we double clicked internet explorer on the desktop, the application wouldnt launch and a new shortcut to Internet Explorer would be created on the desktop.
We also had these logged every thirty minutes or so in the event logs:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1041
Date: 06/09/2009
Time: 21:50:38
User: NT AUTHORITY\SYSTEM
Computer: LPGPCTXXA0008
Description:
Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
And:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1041
Date: 06/09/2009
Time: 21:50:38
User: NT AUTHORITY\SYSTEM
Computer: LPGPCTXXA0008
Description:
Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
If you face the above problems, delete the following registry keys and open internet explorer as an administrator:
“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}” /f
“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}” /f
“HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage” /v legacydisable /f
That should fix that!
Enabling RDP on a server remotely.
There’s very litte more annoying in a windows environment than having to go to a console of a server because some idiot has disabled remote administration on a server 2003/2000 server. I was in this situation recently and decided not to go to the console out of principle.
I wrote the following program in order to get around this issue. Its called RDPon.exe and you can get it here:
With this you can:
- Query RDP status
- Enable RDP
- Disable RDP
I have sealed it as an exe so that you can right click it and choose run as to get at your admin account easily.
Determining if a number is odd or even using a batch file
Our challenge recently was seperating the reboots of our citrix servers to ensure that half of our farm is always available. This is particularly useful if you are a 24/7 house and need to know exactly what servers restart and when they restart.
So to begin, our server names consist of “servername00xx” where xx is the number of the server, the task at hand was to ensure that 0001, 0003, 0005 etc restarted on one night and 0002, 0004, 0006 etc restarted the second night. To do this i needed to use the system variable “hostname” and read the last digit in the name to determine if the number was odd or even.
To get determine whether a number is odd or even i used the following logic. If you divide an even number by 2 then multiply it by two you will get the same number back, e.g. 8/2 = 4, 4*2 = 8, 8 is equal to 8 .
An odd number in batch is treated as follows 9/2=4, 4*2=8 ,9 is NOT equal to 8.
Rem Begining Logic Check for even or odd server
for /f “tokens=1-2 delims=00″ %%a in (‘hostname’) do set compnumber=%%b
set /a divnumber=%compnumber%/2
set /a sum=%divnumber%*2
With the above excerpt, i set three variables, %compnumber% (which is the number after the 00), divnumber (a variable for the result of the computernumber divided by two) and sum, which is the resulting divnumber * 2.
This divides compnumber by 2 and multiplys divnumber by 2 setting the resulting number to sum.
Rem Running if checks
if %compnumber% NEQ %sum% goto odds
if %compnumber% EQU %sum% goto evens
This next step is our determiner:
If the number divided by two and multiplied by two is not the same as the original number, the number is odd, the if statement then sends the script to the odds labeled portion of our script.
If the number divided by two and multiplied by two is the same as the original number, well you get the idea, its even and jumps down.
dds
<—Do something for odd servers here—>
exit
:evens
<—Do something for even servers here—>
exit
Forcing a printer online using a script:
Recently while installing Zetafax 11, we noticed that some of our maintenance scripts on our XenApp servers were causing the zetafax printer to fall offline on reboot. Below is a simple to use (built in to server 2003) script that can be used to force a printer online.
The Following will force “Printer Name” to work online:
cscript C:\WINDOWS\system32\prncnfg.vbs -t -p “Printer Name” -workoffline
As an extra function, the below will rename a local printer:
Cscript %windir%\system32\Prncnfg.vbs -x -p “old printer name” -z newprintername
Restarting a server at a certain time from accross the LAN.
Just a quick entry as i got an email requesting this today, “How can i schedule a restart on a remote server to run out of hours?”
This script uses at.exe which is soon replaced by schtasks.exe. This can only be run by an administrator of the server you wish to restart, obviously.
Rem setting vars:
set server=servertorestart
set time=05:00
REM performing check for previous file and deleting it:
if exist \\%server%\c$\rebootme.bat del \\%server%\c$\rebootme.bat
Rem Creating reboot batch file:
echo shutdown -r -t 03 >> \\%server%\c$\rebootme.bat
Rem Schedueling the job:
at \\%server% %time% c:\rebootme.bat
To Create a reuseable, error checking script with idiot proof options! save the following as a .bat file:
@echo off
cls
Rem setting vars:
set /p server=[Please enter the name of the server you wish to restart:]
cls
echo Selected server = %server%
set /p time=[Please enter the time in HH:MM format at which you wish to restart the server: e.g. 05:00]
cls
REM performing final idiot check
echo Are you absolutely sure you wish to restart %server% at %time%?
Pause
REM performing check for previous file and deleting it:
if exist \\%server%\c$\rebootme.bat del \\%server%\c$\rebootme.bat & echo deleted previous file
Rem Creating reboot batch file:
echo shutdown -r -t 03 >> \\%server%\c$\rebootme.bat
Rem Ensuring reboot file exists:
if exist \\%server%\c$\rebootme.bat echo reboot script created successfully.
if not exist \\%server%\c$\rebootme.bat goto Failed
Rem Schedueling the job:
at \\%server% %time% c:\rebootme.bat
Echo Job schedueled, Script complete.
pause
:failed
echo something failed, I’d look into that if i were you.
pause
exit
Disabling Dep with a script
We had this problem recently with our XenApp servers, as part of the latest service pack DEP (or Data Execution Protection) has now been enabled for all applications accross all platforms and this can cause havok in a terminal services environment.
The problem with Dep is simple, its not a Reg Key, its not an environment variable its a system setting loaded on startup from the boot.ini file. To make matters worse its a kinda complicated setting as it sounds opposite to what it is exactly doing.
Take this for example, this is a server with DEP enabled:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Windows Server 2003, Standard” /NoExecute=OptOut /fastdetect
What confuses me with the above statement is why Opting out means DEP is enabled? To disable DEP you need to change this switch to OptIn, which makes no sense to me at all.
To automate this change, i used a tool called RPL.exe, this is a direct translation of the Unix command/tool to replace text inside of a text file. Using RPL i could search the boot.ini for the optout statement and replace it with the optin (aka turn off Dep).
Because boot.ini is a system and read only file by default, i needed to use the attrib command so first i set about removing the read only, hidden and system file attributes on the file in order to edit it:
attrib -r -h -s c:\boot.ini
once the file was editable, i now performed the rpl command to search and replace:
rpl.exe -i /noexecute=optout /NoExecute=OptIn c:\boot.ini
Once the file had been changed if neccessary it was time to set the file back to read only, hidden and system before closing the script:
attrib +r +h +s c:\boot.ini
And voila, next reboot and Dep is gone 
How to hide a local printer on a Terminal / XenApp Server
We had a problem recently with the adobe professional suite installing a local printer on the XenApp server, this was great for users licensed to use Adobe Professional, but for users that weren’t it gave them a possibility to infringe the licensing simply by printing to this printer.
To limit the printer, you simply need to assign custom permissions to the printer. Allowing members of a group the ability to print to it (i.e. adobe professional users) and restricting everyone else. This works brilliantly as if the user has no permissions to the printer the user cant even see it!
This can be done manually if you wish, but you can also script it using SetAcl.exe.
The documentation on their website is shockingly bad for printers, so below is an example of how to remove the permissions from a local printer:
setacl.exe -on “adobe pdf” -ot prn -actn clear -clr dacl,sacl
The following will grant the “local administrators” group full control of the printer for troubleshooting:
setacl.exe -on “adobe pdf” -ot prn -actn ace -ace “n:administrators;p:full”‘
And the following will grant the domain group “apps acrobat writer” the ability to view and print to the printer
setacl.exe -on “adobe pdf” -ot prn -actn ace -ace “n:domain\Apps Acrobat Writer 9;p:print”
The whole lot together is below in Enteo scripting format:
Execute(‘.\extern$\setacl.exe -on “adobe pdf” -ot prn -actn clear -clr dacl,sacl’)/?
Execute(‘.\extern$\setacl.exe -on “adobe pdf” -ot prn -actn ace -ace “n:administrators;p:full”‘)/?
Execute(‘.\extern$\setacl.exe -on “adobe pdf” -ot prn -actn ace -ace “n:emea\LPGP CTX Apps Acrobat Writer 9;p:print”‘)/?
Increasing the App-V cache size with a script:
For anyone out there that wishes to increase the App-V cache beyond 10gb, this will be handy info.
Well for starters, the size of the cache is dictated by a reg key in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SoftGrid\4.5\Client\AppFS called FileSize, useless information unfortunately as changing this key makes no difference after a restart. So i did a bit of googling and found a tool called cachesizetool which boasted to do exactly what I wanted, after a quick glance at the readme I tested the command and I get stuck with a big dirty EULA prompting me to accept it… I saw this before with Pstools after they were purchased by microsoft but at least they had the decency to include a /accepteula switch, but with this tool there is no such option.
So it raises the question really, why bother your arse writing a command line tool then force the user to accept an eula? It’s mind blowing how stupid this is really. It’s like putting petrol in the car then getting the bus…
anyway to cut a long story short, accepting the eula creates a reg key, and this key can be forced in before running the command to ensure you dont get prompted…
reg add hkcu\software\microsoft\appvtools\cachesizetool /v Eulaaccepted /d 1 /t reg_dword /f’
AppVCacheSize.exe /s:20480
App-V applications hang for 30 seconds on a CMD box before opening
In our powerfuse environment we came accross this problem recently.
When we would try to launch an App-V application the following window would open and remain open for 30 + seconds before finally opening the application:
The problem we discovered was to do with file type associations inside of the RES session, App-V by default will try to associate it’s file type associations for the application being sequenced and store them in the .osd file. The problem was that PowerFuse also controls file associations and this became an issue! PowerFuse has to be associated with the app and not vice versa.
I recommend you specify the file type associations inside of powerfuse and remove the associations inside of the App-V package. To remove the associations, open the .osd file and remove anything between the <FILEEXTENSIONLIST> </FILEEXTENSION>:
After the link is an example.
Java IE add in missing when installed from MSI.
I ran into this problem recently on our Citrix environment and it really perplexed me. We install Java via Enteo, We use the msi version of the java installation and we noticed that the java console was missing from internet explorer! At first i thought it was due to installing ie7 later in the script but it turns out the MSI does not install the IE addon by default!
If you are wondering how to get an msi for java (Suns website only provides an .exe) look here: Link
The command neccessary to install java and include the IE addon is below:
java.msi IEXPLORER=1
The full command we use is:
msiexec /i java.msi /LV C:\JAVA.LOG /QB REBOOT=supress IEXPLORER=1
This will install Java write a log to c:\java.log and repress a reboot if neccessary.
Below are the rest of the undocumented switches, might save you some time
IEXPLORER=1 indicates that the JRE should be registered with the Internet Explorer browser
NETSCAPE6=1 indicates that the JRE should be registered with Netscape 6 or later browsers
MOZILLA=1 indicates that the JRE should be registered with Mozilla 1.1 and later browsers
INSTALLDIR specifies the drive and path of the installation
REBOOT=Suppress indicates that if locked files are encountered the computer should not be rebooted
JAVAUPDATE=1 indicates that Java Update feature is enabled
Remove “Combine supported files in acrobat” after installing acrobat 8
A pet peeve of mine are context menu extensions… Why software vendors decide to include completely useless context menu addons are besides me! A good example of this would be Adobe.
when right clicking on an office document Adobe decided “Combine supported files in acrobat” to be a useful function !?!
To remove this tat from your Citrix environment / Desktop simply run this command:
REGSVR32 /u “C:\Program Files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll.
If you also wish to remove the New > file type associations that Adobe decide to push in, heres a script to do so:
REG DELETE HKEY_CLASSES_ROOT\.xdp\AcroExch.XDPDoc\ShellNew /f
REG DELETE HKEY_CLASSES_ROOT\.xdp\ShellNew /f
Scripting Web interface 5.0 installation.
To auto install web interface sites, sitemgr.exe must be 
used. the below script will create a default website for XenApp services and will also create a PNAgent site.
The pre Requisits for this script are:
· Installation of IIS 6.0 +
· Installation of .net framework 3.5
· Installation of J#
· Installation of Citrix access management console framework (and web interface component).
· Installation of citrix web interface.
Configure your variables for the management servers and farm names, then save the below as a batch file:
set sitemgrdir=C:\Program Files\Citrix\Web Interface\5.0.1
set mgmtservers=server0001;server0002
set farmname=farm01
“%sitemgrdir%”\sitemgr.exe -c “WIDest=1:/Citrix/XenApp,Config=local,XMLService=%mgmtservers%,farmname=%farmname%,XMLSPort=80,WIDefaultSite=yes”‘)/?
“%sitemgrdir%”\sitemgr.exe -c “PNADest=1:/Citrix/PNAgent,Config=local,XMLService=%mgmtservers%,farmname=%farmname%,XMLSPort=80″‘)/?
The script in full can be downloaded here
How do you force citrix clients to behave?
Wondering why alt and tab is hit and miss in your citrix session? Can’t seem to figure out why it windows key and D isn’t passing through? You aren’t the first to have this problem and certainly wont be the last.
Despite what you set in the client options, on the application settings or even the web interface / PNAgent options, sometimes these settings just will not work.
If frustration is getting the best of you, setting the below in the default.ica file on the web interface or PNAgent will force the ICA client to behave itself, despite application or client settings.
The default.ica file can be found in %systemdrive%\Inetpub\wwwroot\Citrix\%sitename%\conf where sitename is the name of the site (typically XenApp/PNAgent etc).
The following entries can be added to the bottom of their prospective heading, I’ve retained the heading for each entry for ease of use:
Force keyboard mapping to the citrix session:
[WFClient]
TransparentKeyPassthrough=Remote
Force the Ica client to ignore citrix seamless settings:
[Application]
TWIMode=Off
ScreenPercent=100
A full list of ica file options can be found here.
How do you move a computer automatically from one OU to another using a script?
I was asked the following question recently when finishing our Citrix server deployment method.
We needed a script that would run on a computer as part of a sequence of scripts that would move a server from its current OU to the servers final resting place a terminal servers OU.
The below script achieved what we needed by using the computers %computername% variable to move the computer.
In our case the following apply:
· The computers name is using the variable %computername%
· The domain is domain.net
· The computers OU before the move is computers
· The OU we wish to move to is Terminal Servers
dsmove “CN=%computername%,OU=computers,DC=domain,DC=net” -d domain.net -newparent OU=”Terminal Servers”,DC=domain,DC=net
if you are unaware of the computers current OU before the move and you still wish to script the move, the following forum post will get you in the right direction.
Applications appear over the taskbar on IGel Thin Clients
This problem perplexed us recently, when launching a published desktop from a thin client (Igel in our case) microsoft office and other applications when in full screen would hide the taskbar.
This behavior was not seen on fat clients using the 10 and 11 windows ica client.
The Fix was found in the following reg key,
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\CtxHook\AppInit_Dlls\Multiple Monitor Hook
configuring this reg dword value to 0 and restarting the citrix servers fixed the problem.
Igel Database command mistake.
Despite Igels better judgement, the command they have published in their documentation to create an SQL database does not work. The command itself can be found here.
The actual working command is listed below, thanks to J Booker in Igel for the help.
CREATE DATABASE rmlogin
GO
USE rmlogin
GO
CREATE LOGIN rmlogin with PASSWORD = ‘Passw0rd’
GO
CREATE USER rmlogin with DEFAULT_SCHEMA = rmlogin
GO
CREATE SCHEMA rmlogin AUTHORIZATION rmlogin
GRANT CONTROL to rmlogin
GO
Enteo: The 10 minute rule on batch files.
Heres a tricky problem with Enteo, When executing a batch file enteo only gives a batch file 10 minutes to complete before moving on.
Generally speaking this is no problem as how many batch files do you run take over 10 minutes?
This problem came to light for us when enteo began causing our ESX servers to purple screen of death during the pe stage of the build, which resulted in us moving our virtual servers to a stable ESX while we rebuilt. The problem was that the ESX was so slow with all the added servers that our scripted citrix updates were taking over 10 minutes, the script continued, rebooted the server during the updates and low and behold a very sick citrix server.
The trick to get around this, and i recommend this for any batch file you run in enteo, is to create a looping if statement in the enteo script to check for a registry key. Once you have this key created run your updates then delete the key as the last line in your batch file. This will cause enteo to loop even after the 10 minutes leaving your critical updates to install without fear of being.
heres the idea for the enteo script:
execute %systemdrive%\longbatchfile.bat /?
:check
if exist regkey goto sleep
del %systemdrive%\longbatchfile
Exitproc
:sleep
sleep 60
goto check
And in the batchfile create the reg key, do your work then delete it:
reg add hklm\software\enteo /v checkkey
update1
update2
update3
update4
update5
reg delete hklm\software\enteo /v checkkey
what will happen is simple, even if the script times out, the script will carry on sleeping until the key is deleted, no matter how long it takes.
After the jump is an example of my code so you can see what we did to get around this
Unattended install of AppV Lightweight streaming server
I set about rolling out appv light weight streaming server recently, its the new version of app that requires no database, management server, console… nothing! Great application but the unattended install lacked documentation etc.
Below is the script i used to install the lightweight server via the command line, the %appv-dir% variable should be a network share or local drive that the server will access for the applications:
set appv-dir=\\servername\appv-production$
msiexec /i setup.msi INSTALLDIR=”C:\Program Files\Microsoft System Center App Virt Streaming Server\” ADDLOCAL=Release_SoftGrid_Lightweight_Server SWICONTENTDIR=%appv-dir% /Lv “c:\appv-install.log” /qn /norestart
Hope it speeds up somebody elses install somewhat
A simple, but effective, annoyance.
heres a funny one for you scripters out there, we had a chat in work a few weeks ago about just how effective scripting is and whether it is actually useful.
taking massive offense to this, i ofcourse decided to show said moaner just how effective batch files are!
Heres an evil one for you:
:starting
start cmd
goto starting
Thats it! watching moaners pc crease and die when i executed this in his session using psexec was my entertainment for the week.
And before you start emailing me, dont ask how i got it into his session. psexec.exe /?
Enteo: What the hell is a mscreate.dir folder?
We are using Enteo as a deployment method for our new citrix farms at present, we are having one or two bugs but over all I’m greatly impressed with this software, its like RIS but it very functional!
Our latest issue with powerfuse is that we cant redirect the users desktop, we have the home drive mapped, the user shell registry entries but poof, no desktop redirection.
During troubleshooting we noticed these mscreate.dir folders in every single folder in our mandatory profile folder and havent a clue where they came from?!? After a bit of digging around Enteo creates these files as logs for the uninstallation of software deployed through Enteo. We were using an Enteo script to copy the mandatory profile to the %systemdrive% of every citrix server allowing the manadatory profile to be loaded quickly from local disk.
Now that we know what the folders are we dont mind them too much, but if you do choose to remove them, simply open the folder you have copied down with enteo and execute this batch command to remove them:
del /s /f mscreate.dir
Nothing else to report at the moment, well lots to report but not enough time
Toodles.
