Unidesk 3.4.4 for Hyper-V · CachePoint Appliance and Layer storage tier: This tier includes the...

© 1999-2017 Citrix Systems, Inc. All rights reserved. p.1https://docs.citrix.com

Unidesk 3.4.4 for Hyper-V

Sep 08 , 2017

This pdf file includes the Unidesk 3.4.4 documentation. You can save a local copy of this file and use it offline.

Use the built-in Search and Bookmark features to find what you need. Avoid using the links in this file, as they refer back to the landing page.

Plan

Unidesk infrastructure

Unidesk appliances and disks

Unidesk 3.4 for Hyper-V platform support

Unidesk Layer storage

Deploy

About this release

Unidesk appliances

OS Layer

Create Unidesk Collect ions

Collect ions for Desktops

Collect ions for Session Hosts

Desktops and Session Hosts

Applicat ion Layers

Administer

Unidesk Management Console

Unidesk Layers

Desktops, Session Hosts, and Collect ions

Hosts and appliances

Appliance health

Brokers

Users

Troubleshoot

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/plan.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer.html


Plan

Jun 28 , 2017



Unidesk 3.4 for Hyper-V platform

support Unidesk Layer storage



Jun 28 , 2017

The Unidesk solution provides simplified management, significant storage efficiency, performance, operational agility, and

persistent personalization or customization of Unidesk Machines (Desktops or Session Hosts). The Unidesk environment

includes a collection of virtual appliances that run on your existing virtual infrastructure. These appliances work together to

dynamically composite Unidesk Machines that look and feel just like ordinary virtual machines.

The following diagram shows the logical infrastructure of the Unidesk environment. The Unidesk environment is a grid of

virtual appliances that replicate the operating system, application, and user workspace layers across an enterprise network.

This environment uses the Unidesk Composite Virtualization™ technology to synthesize the Layers into complete,

personalized Unidesk Machines.

For the latest information about what platforms Unidesk supports, see Platform Support.

Unidesk Layers

A Unidesk Machine is a composite of Layers that provide the operating system, applications, and user data. Unidesk stores

all layers as Hyper-V Virtual Hard Disk (VHDX) files in the Windows server file system. Unidesk uses the following types of

layers to create a virtual machine:


Layer Description

Operating

SystemAn Operating System Layer contains an imported copy of the operating system from a gold image.

Application An Application Layer contains one or more applications that you assign to a Unidesk Machine.

Personalization

A Layer that behaves similarly to an Application Layer. This Layer collects all of the user's changes to a Unidesk

Machine and persists those changes through restarts of the virtual machine, and changes to Application Layer and

Operating System Layer changes.

The Unidesk software creates this Layer when you create a Unidesk Machine.

Unidesk storage tiers

Unidesk stores content in tiers.

Tier Description

Boot

The Boot tier contains boot images and page files for your Unidesk Machines (Desktops or Session Hosts). The boot

image serves as the kernel for this virtual machine. Once a boot image exists for a particular machine, this tier retains the

image as a VHDX file. If a particular Unidesk Machine becomes corrupted or lost, Unidesk can simply recreate the boot

image for that machine.

The performance of this tier can affect the performance of Unidesk Machines.

CachePoint®

and Layers

he CachePoint and Layers tier contains the CachePoint Appliances as well as Operating System, Application, and

Personalization Layers for your Unidesk Machines. Each Layer exists as a discrete VHDX file. A boot image created from

the Boot tier draws Layers from this tier to finish creating a Unidesk Machine. The majority of Input/Output activities take

place on this tier.

The performance of this tier can affect the performance of Unidesk Machines.



Jun 28 , 2017

The Unidesk appliances include software for managing the Unidesk environment, master copies of all Layers, and the

configuration data for your Unidesk Machines (Desktops or Session Hosts).

Management Appliance

The Management Appliance is a virtual appliance that coordinates the communication between the Unidesk Management

Console, the CachePoint® Appliances, and the virtual infrastructure. The Management Appliance includes these

components.

Component Description

Unidesk Management

Console

The Web-based application that administrators use to manage the following components:

Unidesk Machines

Operating System Layers

Application Layers

Directory service integration points

The Unidesk infrastructure

Management

infrastructure

The software that controls the workflow required to manage virtual machines. It includes a database that

stores the following information:

Data about all of the Operating System and Application Layers that exist in the system.

All data from the Unidesk Management Console.

Schemas that implement back-end storage in the virtual infrastructure.

Master CachePoint Appliance

The first CachePoint Appliance that you provision in the Unidesk environment becomes the Master CachePoint Appliance.

This virtual appliance maintains the master copy of all of the Operating System and Application Layers in the Unidesk

environment. The Master CachePoint Appliance stores the Layers as VHDX files.

The Master CachePoint Appliance automatically replicates Operating System and Application Layers to secondary

CachePoint Appliances that manage Unidesk Machines (Desktops or Session Hosts) that use these Layers. Layer replication

to secondary CachePoint Appliances occurs only if one or more Unidesk Machines associated with a specific CachePoint

Appliance needs the Layers.

The Master CachePoint Appliance also manages the Installation Machines that you use to create and modify Operating

System and Application Layers. An Installation Machine is a special type of Unidesk Machine that you use as a staging area

for creating Application Layers or add versions to existing Operating System and Application Layers. The Master CachePoint

Appliance stores the VHDX files for Installation Machines.


Secondary CachePoint Appliance(s)

The Secondary CachePoint Appliances are responsible for:

The initial deployment of Unidesk Machines.

Deployment of Unidesk Machine configuration changes.

CachePoint Appliances maintain copies of the Layers that the Unidesk Machines need in their configured storage tiers.

They also store the VHDX files associated with the Unidesk Machines deployed in the same storage tiers. All Unidesk

Machines associated with a specific CachePoint Appliance share the same Layers.

The CachePoint file system

Each CachePoint Appliance (including the Master CachePoint Appliance) creates a folder in the selected CachePoint

storage location. That folder, which will have the same name as your CachePoint, contains the CachePoint virtual machine

and the Unidesk Layers folder.

The Unidesk Layers folder has subfolders for the Operating System Layer(s), Application Layers, and User (Personalization)

Layers for the Unidesk Machines that the CachePoint Appliance manages. Here’s a screen shot of a typical CachePoint file

system after creating an Operating System Layer (OS folder), an Application Layer (App folder), and a Desktop (User folder).

For each Desktop or Session Host, the User folder contains two VHDX files, which together make up the user's

Personalization Layer:

One for the Desktop or Session Host configuration data, for example, data for user-installed application and system

settings.

One for the user data.

The CachePoint Appliances and Unidesk Machines (Desktops or Session Hosts) operation

As long as one of the servers in a cluster has an active CachePoint Appliance on storage accessible by the whole cluster,

you can create Desktops on the other servers in the cluster. And, because the Unidesk Machine connects directly to its

Layers, the state of the CachePoint Appliance has no effect on Unidesk Machine operation. For example, you can shut

down a CachePoint Appliance without affecting active users.

To your users, Unidesk Machines appear as standard computers.


Unidesk 3.4 for Hyper-V platform support

Jun 28 , 2017

Unidesk 3.4 for Hyper-V supports the following third-party software.

Infrastructure software

Unidesk supports the following virtual infrastructure software, US-English language pack only. For the best Unidesk

experience, we recommend running the first of these configurations.

Microsoft Windows Server 2012 R2 (Standard, Datacenter) with Hyper-V role and the Remote Desktop Connection

Broker (RDCB) service enabled in the Remote Desktop Services (RDS) role

Microsoft Windows Server 2012 R2 (Standard, Datacenter) with the Hyper-V role installed

Microsoft Hyper-V Server 2012 R2 (This server does not include a graphical user interface)

Unsupported features

The "Move the virtual machine's storage" option in the Move Wizard of the Hyper-V Manager

The "Migrate Storage" option in the System Center Virtual Machine Manager (SCVMM)

Internet browser

The Unidesk Management Console (UMC) supports any standards-based browser that supports Silverlight 4.0.

Desktop operating system

Unidesk Desktops support these operating systems as Generation 1 virtual machines:

Microsoft Windows 10 64-bit (Professional, Enterprise, Education)

Windows Server 2012 R2 64-bit (Datacenter, Standard)

Microsoft Windows 8.1 Update, 64-bit (Professional, Enterprise)

Microsoft Windows 7 SP1, 64-bit (Professional, Ultimate, Enterprise)

Session host operating system

Unidesk Session Hosts support these operating systems as Generation 1 virtual machines:


Windows Server 2008 R2 64-bit (Standard, Enterprise and Datacenter)

NoteWindows Server 2008 is supported on Unidesk Session Hosts, not on Unidesk Desktops.

Directory service

Microsoft Active Directory

Virtualization connection brokers for Unidesk Desktops


The following brokers are directly integrated with Unidesk:

Remote Desktop Connection Broker (RDCB) (See Infrastructure software above.)

Citrix XenDesktop 7.6

Virtualization connection brokers for Unidesk Session Hosts


Citrix XenApp 7.6


Unidesk Layer storage

Jun 28 , 2017

Unidesk Application and Operating System Layers are stored as separate differencing disks on parent VHDX files in the

Windows server file system. Unidesk Machines (Desktops or Session Hosts) mount these differencing disks directly from the

file system in a many-to-one fashion.

Master CachePoint Appliance

The following image shows the file structure of a Master CachePoint Appliance on the disk. Note the folders for the

Application (App) Layers, Operating System (OS) Layer(s), and Users' Personalization Layers.

Each deployed Unidesk Machine also has a folder with files, which includes the VM’s XML files, boot drive VMHD, and a

differencing disk for each Layer attached to the machine. This file structure provides a great deal of information. For

example it is easy to determine the space used by a particular layer.

Each Unidesk Layer version starts as a full clone of the previous Layer. Changes are made to the Layer and saved. This

means that versions are normally larger than the base Layer.

Unidesk storage tiers

Boot drives T ier: This tier includes just the f iles required to boot the Unidesk Machine. Use any type of storage for this

tier, as speed is not an issue.

CachePoint Appliance and Layer storage tier: This tier includes the Operating System Layer(s) and Application Layers that

you can assign to your Unidesk Machines (Desktops or Session Hosts). It also includes a Personalization Layer for every

Persistent Unidesk Machine. This tier should be kept on fast storage devices.


Deploy

Jun 28 , 2017

About this release

Unidesk appliances

OS Layer

Create Unidesk Collections

Collections for Desktops

Collections for Session Hosts


Application Layers

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/about-this-release.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/unidesk-appliances.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/os-layer.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/create-unidesk-collections.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/collections-for-desktops.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/collections-for-session-hosts.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/desktops-and-session-hosts.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/application-layers.html


About this release

Sep 08 , 2017

This Unidesk release provides you with Unidesk's VDI Management product in a Microsoft Hyper-V environment.

Unidesk 3.4.4 Release Notes

Unidesk 3.4.4 Platform Support

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/about-this-release/release-notes--unidesk-3-4-for-hyper-v.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/about-this-release/unidesk-3-4-for-hyper-v-platform-support.html


Unidesk 3.4 Release Notes

Sep 21, 2017

Welcome to Unidesk 3.4.4 for Hyper-V!

This release provides more stability for your Windows 10 Layered Desktops. Several issues have been f ixed, as described

below under Issues f ixed.

Links in the UI now bring you to the Unidesk documentation on the new Citrix site.

Issues fixed in this release

Unattend and Optimizer f iles no longer f lagged by some virus scanners. The Unattend.exe and Optimize.exe f iles

are now only delivered as .hta f ile types, because the .exe f iles were getting f lagged by some virus scanners. To use these

.hta f iles, execute them from an admin cmd prompt.

The Off iceActivate.cmd script has been modif ied to reorder how the script executes.

After you resolve bad WPA keys, af fected desktops now start and Windows is successfully activated. This is

because the Software Protection service (SPPsvc) now starts as expected. Affected desktops need to be republishedafter upgrading to the 3.4.4 release. (UNI-58506)

On Windows 10 LTSB installation machines, WindowsTrustedRT.sys driver is present and no longer containsa crit ical error.

Newly created desktops that use OS Windows 10 version 1607 no longer have broken Metro Apps.

Upgrading f rom Win10 version 1511 to version 1607 no longer results in broken tiles or Store apps.

You can now turn off Windows 10 Store downloads and updates without issue.

After upgrading f rom Windows 10, version 1511 to version 1607, you can f inalize the OS layer as expected.You no longer receive the message, "An .msi install operation is in progress – please check the packaging machine."

Microsoft Hot f ix KB3063109 no longer causes driver store problems for new desktops. When you install this hot

fix on an OS layer version, desktops that use this layer now function without driver store problems.

Installing Unidesk

You can download the Unidesk 3.4 package from our download page for the Hyper-V environment.

Platform Support

For details about supported server software, desktop operating systems, and directory services, see the Unidesk 3.x for

Hyper-V Platform Support.

Considerations

Clusters and load balancing. Virtual machine load balancing is done outside of Unidesk. In a Hyper-V role, you can set

up Desktops to f loat between hosts. Please note however, that you should not configure Unidesk Appliances to f loat

https://www.citrix.com/downloads/unidesk/product-software/unidesk-3.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/about-this-release/unidesk-3-4-for-hyper-v-platform-support.html#unideskhyper


between hosts. When you set up Clusters in your Hyper-V environment you must use Cluster Shared Volumes (CSV). For

details about how to achieve load balancing in this release, click here.

Microsoft RemoteFX 3D Video Adapter. You must turn on this feature using the settings in Hyper-V manager in either

your gold image or in the user's vm. Please be sure to restart the gold vm so this setting can take effect.

Known issues in this release

Windows 10 upgrade

Compatibility of Unidesk software with Windows 10 1703 Creators Edition is being tested, and what appearto be compatibility issues have been found. Using the WIndows 10 1703 Creators Edition at this time.

If you want to upgrade to Windows 10, version 1607 (Anniversary Update edition), you must do this one-timestep. After upgrading to this Windows 10 version, you must add a new Layer Version to each App Layer, and republish

the updated Image Template with the new OS and App Layer Versions. (UNI-54892).

After a Windows 10 upgrade, you must allow all scheduled tasks to f inish. After a Windows 10 upgrade, for

example after upgrading from 1511 to 1607, you must allow any scheduled system tasks to complete. This allows

existing desktops to gather the networking information required to ensure that the change in the OS Layer Version

does not loose the network. Simply let the virtual machines f inish their task or edit them immediately to ensure that they

are completed before you upgrade your OS Layer to Windows 10 1607 and assign it to desktops.

Windows updates may cause issues on persistent desktops. If Windows updates are causing issues on persistent

desktops in your environment, disable Windows Updates via a local GPO.

Win 10 upgrade may result in new Recovery Volume partit ion. During a major upgrade, for example when upgrading

from 1511 to 1607, Windows 10 sometimes creates a Recovery Volume as a new partition on the same disk as the OS

Layer Version. This volume should always be removed before you f inalize the OS Layer Version. Otherwise, the recovery

volume can cause desktops to fail to boot correctly. For the steps to safely remove a recovery volume, click here.

General

The f irst Desktop that you create in a Collection can fail. If the f irst Desktop that you create in a Collection fails

with the error "Broker error: One of the specif ied user groups, group-name, could not be mapped to a valid SID," the

Active Directory group may have been created pre-Windows 2000, so it doesn't match the group name in RDS. For

details about how to diagnose and f ix this problem, click here. (UNI-30270)

When editing a large number of desktops, a single desktop cannot be viewed in the visualization panel. If you

select a large number of Desktops for editing, performance is slow when you attempt to select a single desktop in the

visualization panel. (UNI-37936)

Remote Desktop Services not refreshing the Desktop. In approximately 5-10% of the cases per 300 desktops on a

single host, RDS does not detect that a user has logged out and consequently does not refresh the Desktop. (UNI-

35626)

Conf iguring the Citrix Xen Delivery Groups Access Policy. Once you integrate with XenDesktop and create Unidesk

http://10.57.4.42:4502/editor.html/content/docs/en-us/unidesk/3-4-3-hyper-v/deploy/unidesk-appliances/deploy-unidesk-appliances-and-desktops-in-clusters.html

https://support.citrix.com/article/CTX221769




Collections and Desktops, you will receive an error message if you attempt to edit the Access Policy directly in Citrix

Studio. To make any changes to Group Access Policy, use the Unidesk Management Console to edit the Collection

Entitlements. (UNI-31613)

RDS Remote App collections become unusable if Session Hosts are deleted f rom the Unidesk Management.Console. If Session Hosts that were manually added to RDS RemoteApp programs are deleted from the Unidesk

Management Console, then the entire collection becomes unusable in RDS. The workaround is to delete the servers

from the RemoteApp session collection on RDS Connection Brokers f irst before deleting them from the Unidesk

Management Console. (UNI-35810)

RDS User prof ile disks not supported. RDS User profile disks are not supported, but Unidesk is compatible with profile

management tools, such as roaming profiles and folder redirection, that you can use to give Non-persistent Desktops

some personalization. (UNI-29231)

A Desktop may end up in an Active or Disconnected state after a user or Hyper-V administrator shuts down,restarts, or powers off the Desktop. If a user issues a restart or shutdown from their Desktop, the RD Connection

Broker may not recognize the event. A restart of the Desktop via the Unidesk Management Console will clear the issue

and allow the Desktop to be accessed through RDS. (UNI-30191)

Setting up deduplication on any storage accessed by Unidesk is not supported. Running a deduplication process

on a storage accessed by Unidesk can produce an error message that reads, "Access to the path... is denied." (UNI-38062)


Unidesk 3.4 Platform Support

Jun 28 , 2017

Unidesk 3.4 for Hyper-V supports the following third-party software.

Infrastructure software

Unidesk supports the following virtual infrastructure software, US-English language pack only. For the best Unidesk

experience, we recommend running the first of these configurations.

Microsoft Windows Server 2012 R2 (Standard, Datacenter) with Hyper-V role and the Remote Desktop Connection

Broker (RDCB) service enabled in the Remote Desktop Services (RDS) role



Unsupported features

The "Move the virtual machine's storage" option in the Move Wizard of the Hyper-V Manager

The "Migrate Storage" option in the System Center Virtual Machine Manager (SCVMM)

Internet browser

The Unidesk Management Console (UMC) supports any standards-based browser that supports Silverlight 4.0.

Desktop operating system






Session Host Operating System





Note: Windows Server 2008 is supported on Unidesk Session Hosts, not on Unidesk Desktops.

Directory service

Microsoft Active Directory

Virtualization connection brokers for UnideskDesktops

The following brokers are directly integrated with Unidesk:


Citrix XenDesktop 7.6

Virtualization connection brokers for Unidesk SessionHosts


Citrix XenApp 7.6


Unidesk appliances

Jun 28 , 2017

You can get started with your Unidesk deployment by installing the Unidesk Management Appliance and Master

CachePoint Appliance.

What you need to deploy Unidesk for Hyper-V

You can use this checklist as a reference when setting up your environment.

Checklist: What you need

Install Unidesk appliances

Refer to these detailed steps while running the installer.


Create Secondary CachePoint Appliances

Create additional CachePoints to manage Unidesk Machines (Desktops or Session Hosts)

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/plan/unidesk-appliances-and-disks.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/unidesk-appliances/what-you-need-to-deploy-unidesk-in-a-hyper-v-environment.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/unidesk-appliances/install-unidesk-appliances.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/unidesk-appliances/create-secondary-cachepoint-appliances.html


What you need to deploy Unidesk in a Hyper-Venvironment

Jun 28 , 2017

Whether you are setting up a Proof of Concept (POC) or deploying a pilot (production) version, you'll need to meet some

basic requirements.

Basic Requirements

To get started with Unidesk, you'll need these hardware and software basics:

Unidesk-supported Windows Server with specif ic roles enabled (see details below)

500+ GB of storage

Unidesk-supported Operating System for your Desktops or Session Hosts

A single network time source for your Desktops, Session Hosts, and Appliances

Detailed Requirements

A POC requires much of the same software, accounts, and credentials as a full pilot deployment. However, for a full pilot,

you'll need more servers, storage, and network addresses.

Server requirements

Servers POC Pilot

Unidesk-supported Windows Server Microsoft Windows Server 2012 R2 (Standard, Datacenter) with Hyper-V role and the Remote

Desktop Connection Broker (RDCB) service enabled in the Remote Desktop Services (RDS) role



Xs Xs

Roles conf igurer Hyper-V Virtualization Host role

RD Connection Broker role

RD Web Access role

Xs Xs


RD Licensing role (even if it is in trial mode)

Other requirements for the serverThe .NET Framework 4.5 Features selected on the server.

Two DNS servers are required when installing the Management Appliance.

The operating system (gold image) for your Desktops or Session Hosts available on the server.

(You will prepare this OS for the Unidesk environment when creating the Operating System

Layer.)

Xs Xs

Credentials requiredYou need the credentials for the server Administrator. You can either log in as Administrator or as

a User with Administrator privileges.

Xs Xs

Port opened by the Unidesk InstallerThe Unidesk Installer opens a port on the local server's f irewall for the TCP protocol. This port is

used for communications between the Hyper-V Agent service and the Unidesk Appliances. By

default this is port 8014, but you can change the port number during installation.

Xs Xs

Register the Hyper-V server with DNSYou must register the Hyper-V server with DNS so that the Management Appliance can

communicate with it.

Xs Xs

Requirements for running the Unidesk Management Console·A standards-based browser on the Management Appliance that supports Silverlight 4.0.

Xs Xs

Network setup

Routing, DHCP, DNS and IP addresses POC Pilot

BasicsThe network must be able to route between server and Desktop vLAN

2 IP addresses required: One address for the Management Appliance, and one for the Master

CachePoint Appliance

vLAN with DHCP for Desktops

DNS entries for appliances

Xs Xs


Additional Additional IP addresses for the number of Secondary CachePoint Appliances you need to

support the number of virtual Desktops planned.

Xs

Active Directory

AD accounts POC Pilot

Single service account or multiple accounts

An account that can join computers to the domain/OU

An account that can read from Active Directory

If using Citrix XenDesktop, an account that is both:

Local administrator on the DDC

XenDesktop administrator

Xs Xs

Storage

Drives required POC Pilot

Type of drivesSupported drive types: Fixed disks, Network (cluster shared volumes).

Unsupported drive types: CD-ROM, Removable, RAM, NoRootDirectory, and Unknown.

Xs Xs

Minimum amount of disk space500+ GB of storage - Assuming 5 - 10 Desktops with average Personalization Layer size of 10 GB

Xs

Desktop and Session Host Operating System

Supported Windows versions POC Pilot

Desktop Operating System




Xs Xs




Session Host Operating System




Note: Windows Server 2008 is supported on Unidesk Session Hosts, not on Unidesk Desktops.

Implementation Notes:Install Operating System from ISO (do not reuse an existing copy)

If Windows 7, install Microsoft Integration Services

Do not join the domain with the gold image

Do not run optimization tools from outside utilities

Xs Xs

Connection Broker (for full Desktop broker integration)

If you are using one of the supported desktop integration brokers for full broker integration, you'll need the software and

associated requirements shown below.

Supported brokers POC Pilot

Citrix XenDesktopAn account that is both a local administrator on the DDC and a XenDesktop administrator

DDC FQDN

Xs Xs

Microsoft Remote Desktop Connection Broker (RDCB) Xs Xs



Oct 03, 2017

In the first stages of the Unidesk installation process, you:

Install Unidesk Hyper-V Agent

Deploy the Unidesk Management Appliance

Copy the Unidesk CachePoint Template to the same location as the Management Appliance

Manually deploy the Master CachePoint Appliance in two steps:

Configure the CachePoint Template

Configure the Master CachePoint settings

Before you start

Whether you are deploying a proof of concept (POC), or a production pilot, be sure to meet the requirements detailed here.

Deploy the Unidesk Appliances

Download the Unidesk Installation package

Download the Unidesk ZIP file from the Unidesk Support Download Center onto one of the local drives on your Server.

Deploy the Unidesk Management Appliance (MA)

This procedure installs the Unidesk Hyper-V Agent, and then the Management Appliance on your Hyper-V Server. It also

copies the CachePoint Appliance Template onto your Hyper-V Server as the first step in deploying your Unidesk Master

CachePoint Appliance (MCP):

1. Unzip the Unidesk for Hyper-V installation package. This contains the Unidesk Installer ZIP and other f iles.

2. Extract the installer Zip f ile to a folder on your local drive.

3. Double-click the Unidesk installer f ile (UnideskInstaller.exe). The Unidesk End User License Agreement is displayed.

4. Read the End User License agreement, and if you agree to the terms, check I Agree, and then click Accept . A window for

installing the Unidesk Hyper-V Agent appears.

5. Note the Current version of the Hyper-V Agent (if any). If the agent is not yet installed, click Install or Upgrade if a

newer version exists. Once the Hyper-V Agent installation is complete, a window for installing the Unidesk Management

Appliance appears.

6. Specify the following settings for the Management Appliance, and click Install. This deploys the Management Appliance,

copies the CachePoint Template to the same location, and opens the Next Steps window.

Name A unique name for the Management Appliance.

LocationBrowse for a folder on the local server for the Management Appliance VM and CachePoint

Template.

Virtual SwitchSpecify the virtual network to use for the Management Appliance and Master CachePoint

Appliance.

Time Zone The international T ime Zone for the MA.




NTP Server 1

and 2The Network Time Protocol servers used to synchronize the time on the server. The URLs for

recommended NTP servers are included.

IP Configuration

Type of IP address, Dynamic (DHCP) or Static. It is strongly recommended that you use a Static IP

address for your Management Appliance, and Dynamic IP addresses for your CachePoint

Appliances.

If you must use a DHCP address for the Management Appliance, you'll need to set a Static

MAC address for it. Refer to this article about how to set the Static MAC address:

Microsoft Hyper-V Static MAC Address

VLAN TagThe VLAN tag inserted into packet headers, indicating which logical network to use for this virtual

machine.

7. When the Next Steps window opens, note the CachePoint Template path, so you can use this location to configure

the CachePoint in the Management Appliance.

8. Click the Management Console link to open the Unidesk Management Console (UMC). Login using "administrator" and

the password "Unidesk1".

9. Dismiss the 1-2-3 message that appears, and change the UMC Administrator password.

10. Then, change the root password on the new Management Appliance and Master CachePoint Appliance. If you are

comfortable using Linux, use the Hyper-V console or SSH to log into the appliance as root (password v9Yx*6uj), and

enter Linux commands to change the root password.

If you are not familiar with the Linux commands for changing the root password, please contact the Unidesk Support

team, and they will either walk you through the steps or change it for you.

Next, you will configure the Master CachePoint Appliance, as described in the next section.

If the MA is deployed to a UNC, set up the CachePoint Appliance Template

When deploying a Management Appliance (MA) to a UNC path, the installer will attempt to configure the network storage

location to allow you to setup the CachePoint Appliance template. If this fails, take the following steps:

1. Log into the Unidesk Management Console.

2. Select System , and click Manage Network Storage on the Action bar. This opens the Manage Network Storage

wizard.

3. Click the New button, and enter the network share used to deploy the Management Appliance, where the entry is of

the form:

\\server\sharename

4. Click Add. By default, the new network share will be assigned to the Hyper-V host on which the Management Appliance

was deployed, as well as any other hosts known by the Management Appliance.

5. From the Confirm and Complete wizard tab, review the changes and, if correct, click Submit Network StorageChanges.

You should now be able to Edit the CachePoint Appliance Settings to browse to the location of the CachePoint template,

as displayed in the Unidesk Installer.

http://www.solution-soft.com/sites/default/files/wysiwyg/Configuring Microsoft Hyper-V Virtual Machines to use a Static MAC address.pdf


Configure the Master CachePoint Appliance

Once you've deployed the Management Appliance, you can configure the CachePoint Template and create your first

CachePoint Appliance, which will be your Master CachePoint Appliance.

1. In the Unidesk Management Console, select System > Settings and Conf iguration.

2. Click Edit next to the CachePoint Settings.

3. Browse for the CachePoint Template (the path you noted in Step #6 above), and click Save. Now you can create your

first CachePoint.

4. Select System > Manage Appliances, and click Create CachePoint .

5. Enter a name for the CachePoint. If you are not planning to create a secondary CachePoint Appliance, make sure that

Allow new machines to be deployed to this CachePoint is checked.

6. On the Storage Tiers tab, select a location on the server for the Boot Images, and for the Master CachePoint Appliance

and Layers.

7. On the Virtual Switch tab, select the type of virtual switch (Network). Specify the VLAN Tag, if needed, and the

IP configuration settings for the CachePoint Appliance. For the IP Configuration, choose DHCP if using a dynamic IP

address, or Static if using a Static IP address. If Static, enter the additional values required.

8. On the Confirm and Complete tab, verify that the settings are correct, and click Create CachePoint . This deploys the

Master CachePoint Appliance.

9. Then, change the root password on the new Master CachePoint Appliance. If you are comfortable using Linux, use the

Hyper-V console or SSH to log into the appliance as root (password v9Yx*6uj), and enter Linux commands to change the

root password.

If you are not familiar with the Linux commands for changing the root password, please contact the Unidesk Support

team, and they will either walk you through the steps or change it for you.

Refresh the Unidesk Management Console and deploy Unidesk machines

Once you've deployed the appliances, you need to refresh the Unidesk Management Console , and follow the steps to:

Create your Operating System Layer

Create Collections

Create a Unidesk Machine (either a Desktop or Session Host)

To get started:

1. Refresh the Unidesk Management Console by logging out and logging back in again. A window pops up over the

Management Console with the three steps required to deploy your Unidesk machines.

2. Click each of the step icons for instructions. Once you've created a Unidesk Machine, this window will no longer appear

when you start the Management Console.

Configure email notifications

Types of email notifications you can set

You can configure email notifications to inform you in case there are issues with services running on your CachePoint

Appliances.

Events that can trigger an email notice

When you configure email notifications, you will receive an email for any of the following events:


Tests of the email notif ication connection.

An internal failure occurs on a CachePoint Appliance that requires an automatic restart.

Log f iles are exported.

Connection issues between Desktops or Session Hosts and CachePoint Appliances occur.

Types of email notifications

Emailnotif ication

Description

CachePointservicefailures

The Management Appliance sends an email message to the designated addresses when an internal

service failure occurs and the affected CachePoint Appliance tries to restart the service or the

CachePoint Appliance.

Exportinglog f iles

When you export logs for Desktops or the virtual appliances, the software sends the specified recipients

an email notification that includes a link to the log files. For details, click here.

Connectionissues

If a Desktop or Session Host loses its connection to its assigned CachePoint Appliance, the Desktop or

Session Host contacts the Management Appliance to either obtain a new IP address for the

CachePoint Appliance or to confirm that it has the correct IP address.

If the Desktop or Session Host has the correct address but cannot communicate with its CachePoint

Appliance, the Management Appliance sends an email notification the first time it tries to communicate

with the CachePoint Appliance.

When you receive this message, verify that the CachePoint Appliance is operational and available on the

network.


To set up email notifications

1. Select System > Settings and Configuration.

2. Navigate to Notifications Settings and click Edit.

3. In the Mail Server box, enter the name of your email server or the name of the SMTP relay server.

4. In the Mail Server port, enter the number of the port that the email server uses for communication.

5. In the User Name box, enter the user name for the email account you want to use for sending notifications. For

example, [email protected].

6. In the Password box, enter the password for the email account.

7. In the From box, enter an email address to identify the source of the email message. For example, if you enter

[email protected], the email message displays the following in the From box of the received notification:

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/troubleshoot/export-log-files-and-send-to-support.html


Unidesk Management Appliance [[email protected]]

8. In the Recipient List box, enter the email addresses that should receive notifications. Use a comma or semicolon to

separate the email addresses.

9. Click Test Email Configuration to verify that the settings for the email server and account work correctly. If the test

succeeds, the software displays a success message and sends the recipients a confirmation email.

10. Enter a comment, if necessary, and click Save to save the email settings. If you enter comments, they appear in the

Information view Audit History.

Secure the appliances

Make sure you've changed the Administrator and root passwords for each appliance

Make sure you have changed the default Administrator password for the Management Appliance and Master CachePoint

Appliances as described in Deploy the Unidesk Management Appliance (MA) and Configure the Master CachePoint

Appliance above.

You must also be sure to change the root password on each of the appliances, as described above. If you are not familiar

with the Linux commands to change this password, please contact Unidesk Support for assistance.

Set a session timeout for the UMC

You can set a timeout for the Unidesk Management Console, so that if there is no user-initiated activity for a specified

length of time, the console ends the session.

Session activity includes user interaction with the console, for example, starting tasks and editing settings. Tasks in progress

will not keep a session from timing out, nor will simply selecting an object or clicking inside the console window.

If you have just installed Unidesk software, the Session Timeout is set to 15 minutes by default. If you have upgraded from

an earlier version of Unidesk, the Session Timeout will be set to zero (0) by default, effectively leaving this function turned

off.

To set a session timeout


2. Scroll to Security Settings.

3. Select Session Timeout, and click the Edit button.

4. Enter the number of minutes after which the session will timeout. Valid values include numbers from 0 - 10000. (A value

of 0 turns off this feature.)

5. Click Save.


Upgrade Unidesk

Oct 03, 2017

This release contains updates for the following components:

Unidesk Management Appliance

Unidesk Master CachePoint® Appliance and Secondary CachePoint Appliances

Unidesk Hyper-V Agent

Unidesk for Hyper-V Broker Agent

Unidesk® Gold Image Tools

Component upgrades

This upgrade supports moving from Unidesk 3.x for Hyper-V to the current release.

To see which Unidesk version is installed on each appliance, open the Unidesk Management Console, select System >Manage Appliances, and click the icon for each component to see the version.

Upgrade Steps

It 's important to upgrade the Unidesk components in the order shown here.

Upgrade Notes

The Unidesk Hyper-V Agent must be upgraded on all Hyper-V servers in your Unidesk environment, and you must do these

upgrades manually, as described in Step 2 below.

The Unidesk Broker Agent must be upgraded on all broker servers (the XenDesktop Delivery Controller or RD Connection

Broker server) in your Unidesk environment, and you must do these upgrades manually, as described in Step 3 below.

Some new Unidesk features will not be available until the CachePoint Appliances have all been upgraded.

Existing machines that had the Dynamic Memory option turned on before the upgrade process have that option turned

off after the upgrade.

STEP 1: Download the Unidesk Upgrade ZIP file

1. Download the Unidesk Upgrade ZIP from the Unidesk for Hyper-V Download Center, and unzip the f iles.

2. Check the Unidesk Management Console Taskbar for any pending Desktop configuration changes, and if there are any

waiting to be processed as part of a Maintenance Schedule, override the schedule, as follows:

1. Select the affected Desktops and choose Edit Desktops.

2. In the Maintenance Schedule tab, select As soon as possible.

3. Complete the wizard.

3. Copy the Unidesk for Hyper-V Upgrade ISO image to a directory on the Hyper-V server that hosts the Management

Appliance.

1. Copy the upgrade image (unidesk_hyperv_upgrade_3.x.x.iso) from the extracted upgrade package to a directory on

the Hyper-V server that hosts the Management Appliance .

2. Use Hyper-V Manager to connect the CD/DVD device to the Unidesk ISO upgrade image

(unidesk_hyperv_upgrade_3.x.x.iso.). You can do this by right-clicking the Management Appliance in the HyperV-

Manager that runs on the Hyper-V server itself, and choosing Settings. The CD/DVD device must be inserted into the

IDE Controller 1, Location 0.



STEP 2: Upgrade the Unidesk Hyper-V Agent

On every Hyper-V server where you've installed the Hyper-V Agent, you must upgrade the Unidesk Hyper-V Agent. To do

this, you must be logged onto the Hyper-V Server with administrator privileges.

1. Log onto the Hyper-V Server with Administrator privileges.

2. Copy the Hyper-V Agent executable (unidesk_hyperv_agent_installer.exe) from the extracted upgrade package to a

directory on the Hyper-V server .

3. Run the Upgrade executable and click through the screens to accept the default settings.

4. Click Finish to exit the wizard.

5. Repeat these steps for all of the installed Unidesk Hyper-V agents.

STEP 3: Upgrade the Unidesk for Hyper-V Broker Agent

You must be logged onto the broker server (the XenDesktop Delivery Controller or RD Connection Broker server) with

administrator privileges.

1. Log onto the broker server (the XenDesktop Delivery Controller or RD Connection Broker server) with administrator

privileges.

2. Copy the Unidesk Hyper-V Broker Agent executable (unidesk_hyperv_broker_agent_installer_3.x.x.exe) from the

extracted upgrade package to a directory on the server .

3. Run the executable and click through the screens to accept the default settings. This upgrades the broker agent.


5. Repeat these steps for all of the installed Unidesk Hyper-V Broker agents.

STEP 4: Upgrade the Management Appliance

1. In the Unidesk Management Console, select System > Upgrade.

2. In the next Upgrade tab, the CachePoint Appliances will remain deselected.

3. In the Confirm and Complete tab, click Upgrade. The upgrade process closes the current Unidesk Management Console

session and starts upgrading the Management Appliance. During the upgrade, the process displays a status page.

IMPORTANT! Do not refresh the Web browser before the upgrade completes, or the status page closes and you

cannot navigate back to it.

4. After the Management Appliance upgrade completes, refresh the browser and log into the Unidesk Management

Console (UMC) again.

STEP 5: Upgrade the Master CachePoint Appliance and Secondary CachePointAppliances

This assumes you have upgraded the Unidesk Hyper-V Agent, Unidesk for Hyper-V Broker Agent, and Management

Appliance. You'll begin by upgrading the CachePoint Appliance Template, and then upgrade the Master CachePoint

Appliance itself.

1. Log into the Hyper-V server that hosts the Management Appliance, and delete the old CachePoint Appliance Template

(the one currently selected in the System Settings) from the previous version of Unidesk.


2. Copy the new CachePoint Appliance Template (CachePoint_3.x.x.x.unitemplate) to the directory where the previous

version of the template is stored.

3. In the Unidesk Management Console select System > Settings and Configuration, and then edit the CachePoint

Settings. Select the template that you just imported and click Save. This ensures that new CachePoint Appliances use

the new template.

4. In the Unidesk Management Console, select System > Upgrade.

5. In the next Upgrade tab, select the Master CachePoint Appliance and any Secondary CachePoint Appliances.

6. In the Confirm and Complete tab, you can enter a comment that will appear in the Audit log, then click Upgrade.

7. Unmount the CD drive by editing the settings for the MA. Click the DVD drive under IDE 1 and select None.

Note: CachePoint Appliances that have not been upgraded will disregard any Dynamic Memory settings. After the

CachePoint has been upgraded, the next edit will apply the Dynamic Memory settings.


Add Hyper-V hosts to the Unidesk environment

Jun 28 , 2017

You can add a Hyper-V host to the Unidesk environment, and then configure your CachePoint Appliances to use the new

host. If this is a new Unidesk deployment, follow the instructions for Installing Unidesk appliances.

Before you start

Unidesk requirements

Once you have the required hardware in place, please be sure to meet the following detailed requirements before running

the Unidesk Installer.

Windows Server 2012 R2 system (with Hyper-V Role enabled), or Hyper-V Server 2012 R2

The .NET Framework 4.5 Features selected on the server.

Credentials required

You need the credentials for the server Administrator. You can either log in as Administrator or as a User with Administrator

privileges.

Port opened by the Unidesk Installer

The Unidesk Installer opens a port on the local server's firewall for the TCP protocol. This port is used for communications

between the Hyper-V Agent service and the Unidesk Appliances. By default this is port 8014, but you can change the port

number during installation.

Use host names in the Unidesk environment

You can set up your environment to use host names in addition to IP addresses, so that a change in an IP address will not

affect communications between the Management Appliance and its CachePoint Appliances.

If you set the host name on your Hyper-V server, Unidesk will automatically use it instead of the IP address. Then the IP

address can change without causing any problems, as long as the host name does not change.

Similarly if you set a host name for you MA and use it when you register the host (via the Unidesk installer, or manually as

described next) then you can change the IP address of the MA without issues, as long as the host name does not change.

Add a Hyper-V host

Add a new host to the environment

You can add a new host to the environment by installing the Unidesk Hyper-V Agent on the server, and registering the host

with your Management Appliance.

1. Download the Hyper-V Agent Installer from the Unidesk Hyper-V Download Center onto one of the local drives on your

new Hyper-V server.

2. Run the installer and when prompted, enter the host name or IP address of your Management Appliance. This installs the

Hyper-V agent on the host, and registers the host with the Management Appliance.

3. If the host is being added to a cluster, the Unidesk Management Appliance must be restarted to recognize the cluster

configuration change.





Jun 28 , 2017

You can (and should) create one or more Secondary CachePoint Appliances in the Unidesk environment to manage

Desktops and store Desktop User data, while the Master CachePoint Appliance maintains the master copy of all Layers in

the environment.

You can specify a host or cluster for the CachePoint Appliance. As long as there is one host in a cluster with a CachePoint

on storage accessible by the whole cluster, you can create Unidesk Desktops on any of the clustered hosts that do not

have CachePoints. This minimizes both the storage requirements and the need for more resources, allowing you to create

Desktops across multiple hosts using fewer CachePoints.

Before you start

You must have provisioned a Master CachePoint Appliance as part of the Unidesk installation.

About CachePoint properties

Allow or prevent new Desktops on a CachePoint Appliance

You can allow or prevent a CachePoint Appliance to be used for new Desktops simply by editing the CachePoint Properties

and deselecting this check box on the first wizard tab: Allow new Desktops to be deployed to this CachePoint. This

feature is good for:

Preventing Desktops from being added to the Master CachePoint Appliance, a best practice.

Preparing to remove a Secondary CachePoint from the network.

Reserving space on a Secondary CachePoint for a future project.

Specify storage tiers used for this CachePoint

You can choose where to store the images and Layers the CachePoint uses to manage Desktops, including:

The Boot Images for Desktops managed by a CachePoint

The Layers used by the CachePoint's Desktops

Create a Secondary CachePoint Appliance

1. In the Unidesk Management Console, select System > Manage Appliances > Create CachePoint. This opens the Create

CachePoint Wizard..

2. In the Configuration tab specify the VM Name, the name of the CachePoint Appliance, and select the host where you

want to create it.

3. Leave the Allow new desktops to be deployed to this CachePoint check box selected, unless you want to prevent new

Desktops from being deployed to this CachePoint for reasons described above in Allow or prevent new Desktops on aCachePoint Appliance.

4. In the Storage Tiers tab, specify the locations in the virtual infrastructure where the CachePoint will store its Desktop

Boot images and Layers.

Select a Boot volume location for the Desktop s being managed by this CachePoint.

Select a location for the Application Layers and the CachePoint virtual machine itself .

5. In the Virtual Switch tab, select a virtual switch (network). Specify the VLAN Tag, if needed, and the IP configuration



settings for the CachePoint Appliance. For the IP Configuration, choose DHCP if using a dynamic IP address, or Static if

using a Static IP address (Static requires the IP address, gateway, and DNS information).

6. In the Confirm and Complete tab review the settings. If you want, enter a comment for the Audit History.

7. Click Create CachePoint.

The Unidesk software begins creating the new CachePoint. You can monitor the progress of this task in the Management

Console Tasks area.

Change the root password on the new CachePoint Appliance

If you are comfortable using Linux, log into the appliance as root (password v9Yx*6uj), and enter Linux commands to

change the root password.

If you are not familiar with the Linux commands for changing the root password, please contact the Unidesk Support team,

and they will either walk you through the steps or change it for you.


Deploy Unidesk Appliances and Desktops in Clusters

Jun 28 , 2017

Unidesk supports High Availability and Failover in environments with multiple hosts and clustering.

Note: On non-clustered hosts without shared storage, Unidesk does work, but failover and load balancing are notsupported, and migrating Virtual Machines is more involved than it will be in the future.

Before you start

Install the Unidesk Management Appliance and Master CachePoint Appliance


Create Desktops

Migrate CachePoint Appliances

You can migrate Unidesk Virtual Machines to different hosts, but not to different storage, using two kinds of migration

that Hyper-V supports:

Live migrate moves the Virtual Machine while it’s running, and there is no interruption.

Quick migrate moves powered down machines. If you choose to quick migrate a running machine, Hyper-V will 'save' and

then move them.

Note: A Unidesk Move Tool for migrating Virtual Machines to different storage is in development.

Unidesk supports migrating the Unidesk Management Appliance or CachePoint Appliance as follows:

While the Virtual Machine is powered OFF, you can quick migrate the VM. (recommended)

While the Virtual Machine is powered ON:

You can Live Migrate idle Appliances, but Unidesk recommends that you migrate while the machine is powered OFF.

You cannot move Appliances that are running jobs

You cannot quick migrate a VM that is in a saved or paused state, as it causes jobs on that VM to fail for several

minutes after the migrate happens, and any jobs in progress will probably fail

The preferred method of migrating VMs is to power down the machine, and migrate it using Hyper-V Quick Migrate.

Configure load balancing

For best results, configure Unidesk load balancing as follows:

Configure each CachePoint to prefer only one host (the host it was originally deployed on).

You can set the CachePoint’s Possible Host to any reasonable choice.

Desktops can be configured as you please, as long as your load balancing software does not migrate powered down

Desktops (most do not).

Configure failover of Unidesk Virtual Machines

In this release, you'll need to manually configure failover of Unidesk Virtual Machines, including the Management Appliance,

Master CachePoint Appliance, Secondary Appliances, and Desktops.

WARNING: The MA should have a static IP address and/or a static mac, while the CachePoint Appliances can have Dynamic


http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/unidesk-appliances/create-secondary-cachepoint-appliances.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/desktops-and-session-hosts/create-desktops.html


IP addresses.

To configure Failover:

1. Set up Hyper-V Roles for any Unidesk VM you want to fail over, whether it's an appliance, Installation Machine, or

Desktop.

2. Configure a CachePoint Appliance on each host where you want to deploy Desktops. A host isn't eligible to get

Desktops until a CP has been deployed to it.

3. (Recommended) Set CachePoint Appliances to Low priority for failover, so that Desktops failover f irst.

4. Your Gold Image VM(s) can be stored in one of two locations so that they can be accessed by Unidesk in the event of a

failover:

(Recommended) On the cluster shared storage.

On local storage on the host for the Master CachePoint Appliance.

On network storage.

For network settings, configure your networks according to the Hyper-V requirements for a failover-capable cluster.For storage, you must use cluster shared volumes or network storage. Unidesk uses constant f ile system paths to VHDX

files when VMs move from host to host.For memory, Desktops that are failing over from a failed host cannot boot on a new host unless there is enough free

memory. You must take that into consideration when planning resources for your cluster.

Notes on Cluster Configuration Changes

If you add or remove hosts from a cluster, the MA must be restarted before Unidesk will recognize these changes. This is

necessary if hosts are added or removed, but it is not required for other changes such as:

Storage (including Cluster Shared Volumes) is added or removed

The host is powered off or on

CachePoints or Desktops are migrated between hosts

Until the MA is restarted you will see the following behavior:

If a new host has been added to the cluster, the new host will be listed under the cluster when you are selecting a host

in the Desktop Create Wizard, but the new host may be marked "Unavailable" with a tool tip that says "There are no

CachePoint Appliances that are capable of using this host for machine deployment" if there are no CachePoints on that

host. You will not be able to select that host in the Create Desktop Wizard. If you select the cluster, that host will not

be used and Desktops will only be deployed to the other hosts in the cluster.

If a host has been removed from the cluster, the host does not display in the cluster. If you attempt to create a

Desktop on that host or on the original cluster, the Desktop creation task may fail with the following error: "Could not

find a CachePoint with storage locations accessible by the selected host."


OS Layer

Jun 28 , 2017

About the Operating System Layer

What is the Unidesk Operating System Layer The Unidesk Operating System Layer contains the Windows Operating System that will be deployed to your virtual Unidesk

Machines (Desktops or Session Hosts). Once created, you can use this gold image to build thousands of Desktops and

Session Hosts.

This Operating System Layer includes a gold image, a virtual machine in your infrastructure running the Unidesk-supported

Windows Operating System that you want to use for your Unidesk Machines, whether they are Desktops or Session Hosts.

It is best to use a freshly installed gold image.

What you need to create the Unidesk Operating System Layer

To build the Operating System Layer, you'll need to:

Freshly install the gold image - A virtual machine in your infrastructure running the supported Windows Operating System

version that you want to use for your Unidesk Machines (Desktops or Session Hosts). It is best to use a freshly installed

gold image.

Prepare the gold image for the Unidesk environment, so you can use it to create your Operating System Layer.

Prepare the Gold Image

Windows 10 gold image

Steps: Prepare the Windows 10 Gold Image

Windows 8.1 gold image

Steps: Prepare the Windows 8.1 Gold Image

Prepare a Windows 7 gold image

Steps: Prepare the Windows 7 Gold Image

Prepare a Windows Server 2012 R2 Gold Image

Steps: Prepare a Windows Server 2012 R2 gold image

Prepare a Windows Server 2008 R2 Gold Image

Steps: Prepare a Windows Server 2008 R2 gold image

http://10.57.4.42:4502/content/docs/en-us/unidesk/3-4-3-hyper-v/deploy/about-this-release/unidesk-3-4-for-hyper-v-platform-support.html

http://10.57.4.42:4502/content/docs/en-us/unidesk/3-4-3-hyper-v/deploy/about-this-release/unidesk-3-4-for-hyper-v-platform-support.html

http://10.57.4.42:4502/editor.html/content/docs/en-us/unidesk/3-4-3-hyper-v/deploy/os-layer/prepare-the-gold-image.html







Create your Operating System Layer

Next, you'll import your gold image into a new Operating System Layer.

Import your gold image into a new Operating System Layer

http://10.57.4.42:4502/editor.html/content/docs/en-us/unidesk/3-4-3-hyper-v/deploy/os-layer/create-the-os-layer.html


Prepare the Gold Image

Jun 28 , 2017

About the gold image

About preparing the gold image

The gold image is a clean install of a supported Windows Operating System that you want to use on your Unidesk

Machines (Desktops or Session Hosts). To prepare the gold image, you will install it on a virtual machine whose disk is

accessible by the Unidesk Management Appliance. Then use Unidesk tools to both create a Windows answer file for

unattended installation on new Unidesk Machines, and to optimize the image for use in Unidesk. Once you have prepared

the gold image, you will use the Unidesk Management Console to import it into a new Operating System Layer.

This topic explains how to prepare a gold image for the Unidesk environment, including how to:

Set up a gold image on a virtual machine.

Install the Unidesk Gold Tools on the image. This includes the Unidesk Unattend Builder and the Unidesk Optimization

Script.

Create an answer f ile for unattended operating system setup, using the Unidesk Unattend Builder.

Optimize the operating system for the Unidesk environment, using the Optimization script.

CAUTION: Using Third-party optimization scripts can have adverse effects in Unidesk, because they can change services

and features that Unidesk uses, for example, Universal Plug and Play and the 8.3 f ile names setting.

For Windows 2012, this also includes steps to:

Configure the OS as either a desktop operating system, or a session host.

Install the Citrix XenApp Broker Agent, if you plan to use XenApp to manage sessions.

Before you start

Prerequisites

Make sure that the disk for the VM where you install the gold image is accessible by the Unidesk Management Appliance.

You can enable domain join in the answer f ile, for unattended operating system setup on each Desktop.

You can only have one network device in your gold image.

Any applications that are account bound, such as Microsoft One Drive, should not be installed on the gold image.

http://10.57.4.42:4502/editor.html/content/docs/en-us/unidesk/3-4-3-hyper-v/deploy/about-this-release/unidesk-3-4-for-hyper-v-platform-support.html


The gold image should not be in a domain

The gold image should get its IP address from DHCP

If you are using a language other than US-English, please see this article on how to add the required nls f iles to the boot

image.

http://www.unidesk.com/support/kb/boot-failure-0xc000000f-windows-failed-load-because-nls-data-missing-or-

corrupt

Prepare a Gold Image

Choose the operating system you are using for the gold image:

Prepare a Windows 8.1, Windows 7, or Windows 10 gold image (Desktop) STEP 1: Set up a Windows gold image on a virtual machine

In the Hyper-V client :

1. Create a new Generation 1 virtual machine.

2. Configure memory and networking.

3. Note: You can have just one network device in your gold image.

4. Configure a virtual hard disk that is large enough for a Windows operating system installation, and make sure it is

accessible by the Unidesk Management Appliance.

5. Install the desktop operating system that you wish to use on the virtual machine.

6. Install the Hyper-V Integration Services in this virtual machine, using the Microsoft Windows Integration Services Setup

Disk. (This is not necessary on Windows 8.1 or Windows 10, because these systems include those services.)

This virtual machine is your gold image

STEP 2: Copy the Unidesk Tools onto the gold image

1. Copy the unidesk_win_gold_image_tools_3.4.x.exe f ile onto the gold image. You can f ind these tools in the Unidesk

Installer download, or in the Unidesk for Hyper-V Download Center.

2. Double-click the unidesk_win_gold_image_tools_3.4.x.exe to self-extract it to c:\windows\setup\scripts.

STEP 3: Create an answer file for unattended installation on Unidesk Desktops

https://www.unidesk.com/user/login


1. In the c:\windows\setup\scripts folder, right-click the unattend.exe tool and choose Run as administrator. The unattend

builder form opens.

2. Complete the unattend form.

Product key activation For KMS activation, select KMS Server.

For KMS with a Multiple Activation Key (MAK), select KMS with MAK and enter the MAK.

For Retail Licensing with a MAK, select Retail with MAK, and the MAK.

Domain JoinSelect Enable if you want to configure the unattend.xml f ile to join Desktops to a specif ic domain. If you plan to use AD

join scripts, ensure Enable is not selected.

You can add Desktops to the Computer's container in Active Directory by deleting the OU entry. However, we

recommend that you use an alternate OU for Unidesk Desktops, both to segregate the Desktop from other machines

and to avoid applying virtual Desktop-specif ic GPOs to other types of machines.

If you are supporting multiple OUs within one or more domains, you can join machines in different Domains or OUs by

creating different unattend.xml f iles in different application layers.

Local Administrator accountYou can enable the Administrator account on each Unidesk Desktop by selecting Enable. Remember to also enable this

account in your gold image or Operating System Layer version. You can also enable the Administrator account for your

gold image and then have it disabled in the deployed Desktops by clearing the check box.

If you want to add an alternate Administrator account, select Enable and enter the account information. This account

cannot be preconfigured in the gold image.

You can create a Desktop where the Administrator is disabled and the alternate administrator is created and enabled.

However for this to work, the Administrator account must be enabled in the gold image and it cannot be renamed.

Time ZoneIf your time zone is not listed, you can add it to the Other box. Be sure to use the time zone, not the display setting.

Disabling automatic activationSelect this option if you plan to use the Microsoft Volume Activation Management Tool.

3. Click Save File.

STEP 4 : Optimize the gold image for the Unidesk environment

1. In the c:\windows\setup\scripts folder, right-click the Optimize64.exe tool and choose Run as administrator. This

creates a .cmd file (optimizations.cmd) that will be run during Desktop creation to optimize the image.

2. Follow the instructions to run the optimizations.cmd file on the gold image. This removes installation-specif ic drivers and

https://technet.microsoft.com/en-us/library/cc749073(v=ws.10).aspx


settings.

If you are using the Unidesk Optimizer script and you are enabling the View Persona feature, you must go to the section

of the Optimizer script called Disable Unnecessary Services to Save Memory and CPU, deselect the option to DisableOff line File Service, and click Save File. This is because View Persona folder redirection requires Offline f iles to be

enabled, and by default, the Unidesk Optimizer turns off Offline f iles, which are not a requirement for Unidesk.

STEP 5: Create a backup copy of the gold image

Once the gold image is ready, create a copy of it so you can return to this state at any time.

Important: It is critical to create a backup copy (checkpoint) before installing the Unidesk software onto the gold image.

Without this backup copy, returning to this state requires rebuilding the image.

STEP 6: Install the Unidesk software onto the gold image

1. Run setup_x64.exe from c:\Windows\setup\scripts.

Once this is done, you are ready to create a Unidesk Operating System Layer.

STEP 7: Run NGen

About Microsoft NGen operations NGen is the Microsoft "Native Image Generator". It is part of the .NET system, and basically re-compiles .NET byte code

into native images and constructs the registry entries to manage them. Windows will decide when to run NGen, based on

what is being installed and what Windows detects in the configuration. When NGen is running, you must let it complete. An

interrupted NGen operation can leave you with non-functioning .NET assemblies or other problems in the .NET system.

Force an NGen operation to the foreground

Normally, NGen is a background operation and will pause if there is foreground activity. Bringing the task into the

foreground can help the task to complete as quickly as possible.

1. Open a command prompt as Administrator.

2. Go to the Microsoft .NET Framework directory for the version currently in use:

cd C:\Windows\Microsoft.NET\FrameworkNN\vX.X.XXXXX

3. Enter the NGen command to execute the queued items:

ngen update /force

This brings the NGen task to the foreground in the command prompt, and lists the assemblies being compiled.


4. Ensure that all NGen processes have run to completion. Optionally, you can now shut down the Gold Image VM.

Once you have completed these steps, you are ready to create a Unidesk Operating System Layer.

Windows 8.1 deployment tips

Improving Windows 8.1 login times

If you want to speed up login times for Windows 8.1 Desktops, you can disable some of the more costly and less necessary

GUI actions.

Turn off new user arrowsYou can turn off new user arrows, by making the following Registry edits:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\EdgeUI

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EdgeUI

DisableHelpSticker DWORD

0 = Enable help tips

1 = Disable help tips

Deploying applications on Windows 8.1

Windows 10 deployment tips

Removing Windows 10 built-in Applications

When preparing the gold image for import into a Unidesk Operating System Layer, you can remove Windows 10

applications. If you do, we recommend removing these applications either on the gold image itself, or on the Operating

System Layer. For the steps to remove Windows 10 Applications, click here.

Prepare a Windows 2012 R2 gold image (Desktops)

Use these steps to prepare a gold image for Desktops that will run in the Unidesk environment.

Note: Unidesk Desktops are supported on Windows Server 2012 R2, but not on Windows 2008 R2.

STEP 1: Set up a Windows Server 2012 R2 gold image on a virtual machine

In the Hyper-V client:


2. Configure memory and networking, for example, the NIC and video memory.

http://10.57.4.42:4502/editor.html/content/docs/en-us/unidesk/3-4-3-hyper-v/plan.html

http://10.57.4.42:4502/editor.html/content/docs/en-us/unidesk/3-4-3-hyper-v/deploy/application-layers/deploy-windows-8-1-applications-in-layers.html

https://www.howtogeek.com/224798/how-to-uninstall-windows-10s-built-in-apps-and-how-to-reinstall-them/


Note: You can have just one network device in your gold image.



4. Install the operating system and patches to bring it up-to-date.


Disk.

STEP 2: Configure Windows Server as a desktop operating system (for Desktops)

Use this section as a guide to configuring Windows Server 2012 R2 as a desktop operating system for your users.

This section is not required. It is included for your convenience.

Disable Shutdown event tracker

The shutdown event tracker asks for the reason the system is being shut down before it allows the shutdown to continue.

To disable this feature, follow these steps.

Important : You must run the Group Policy Editor as Administrator, or it will appear as if the values are being changed, but

the Desktops will remain the s

1. Run the group policy editor as Administrator.1. Click Start .

2. Type gpedit.msc in the Search box.

3. Right-click gpedit.msc and choose Run as Administrator.

Running the editor this way ensures that you are running it as Administrator.

2. Browse to Computer Configuration /Administrative Templates/System.

3. Scroll down to, then double-click Display Shutdown Event Tracker.

4. Select Disabled and click OK.

Stop Server Manager f rom running automatically at logon

1. Run the group policy editor as Administrator.

1. Click Start .




2. Browse to Local Computer Policy/Computer Configuration/Administrative Templates/System/Server Manager.


3. Scroll down to, then double-click Do not display Server Manager automatically at logon.

4. Select Enabled and click OK

Grant users shutdown rights

By default, only administrators will have the right to shut down or restart the machine. By following the steps below, other

users and/or groups can be granted the right to shut down the machine.


the Desktops will remain the same.





2. Browse to Computer Configuration /Windows Settings/Security Settings/Local Policies/User Rights Assignment.

3. Double click Shut down the system.

4. Click Add User or Group.

5. Click Object Types.

6. Select Groups.

7. Click OK in the Object Types dialog.

8. Type “Users” for the object name.

9. Click OK in the Select Users or Groups dialog.

10. Click OK in the Shut down the system Properties dialog.

Change the function of the Power button on the Start menu

By default, the Power button on the start menu is set to Log Off. If you would like a different setting for the desktops,

follow the steps below to change it.

Important: You must run the Group Policy Editor as Administrator, or it will appear as if the values are being changed, but



Group Policy method

This method sets the button for all users and does not let individual users override the setting.



3. Right-click gpedit.msc and choose Run as Administrator


2. Browse to User Configuration /Administrative Templates/Start Menu and Taskbar.

3. Double click Change Start Menu Power Button.

4. Change the setting to Enabled.

5. Select which option to display on the start menu and click OK.

Copy Profile method

This method will set the button for all users and allow individual users to override the setting. This will only work if copy

profile is selected when creating the unattend file.

1. Right click on the task bar and select properties.

2. Click the Start Menu tab.

3. Select the desired Power button action in the drop down.

4. Click OK.

Disable IE Enhanced Security configuration

The IE Enhanced Security feature severely limits what can be done with IE with sites that are not part of the trusted sites

zone. To disable this feature, follow the steps below.

1. Open the Server Manager (right-click This PC on the start menu and select Manage).

2. Choose Local Server.

3. In the Properties panel, scroll to the right to f ind IE Enhanced Security Conf iguration.

4. Select Off for both Administrators and Users.

5. Click OK. Note that the Properties panel refreshes slowly, so the change may not be visible immediately


Install .Net 3.5 feature

The .Net feature is installed by default on workstation operating systems, but not on Windows Server 2012 R2. It is a

software framework provided by Microsoft that is required for many 3rd party applications to run. To install this feature,

follow the steps below.

1. On the Start menu, right-click This PC, and select Manage.

2. Select Add Roles and Features. If this opens the Before you begin page, select Next .

3. Select Role-based or feature-based installation, then select Next.

If not already selected, select the correct local server from the server pool.

4. In the right panel, select Features.

5. Click Add Features.

6. Expand .NET Framework 3.5 Features.

7. Check .NET Framework 3.5.

8. Click Next .

9. Click Install.

10. When the installation is done, click Close.

Install Desktop Experience Feature

The Desktop Experience feature includes several options that are installed by default on workstation operating systems.

These features include, among others, Themes, audio and video support, Windows Media player, and phone management.

Use these steps to install the Desktop Experience feature.

Installation

Here's how to install the Desktop Experience feature.


2. In the left panel select Features.

3. In the right panel, click Add Features.

4. Scroll down the Features list to User Interfaces and Infrastructure (2 of 3 installed), and expand that entry.


5. Check Desktop Experience.

6. If you are prompted to add features that are required by the Desktop Experience feature, click Add Required Features.

7. Click Next , and then Install.

8. When the installation is done, click Close.

9. Restart when prompted.

Enable themes

The following steps describe how to enable themes after the Desktop Experience feature is installed.

1. Click Start > Control Panel > Administrative Tools > Services.

2. Double click the Themes service.

3. Set Startup type to Automatic.

4. Click OK.

Assign default theme

It is possible to assign the default theme for new users by performing the following steps. Individual users will be able to

override the default theme.



1. Run the group policy editor as Administrator.

1. Click Start .



Starting the editor this way ensures that you are running it as Administrator.

2. Browse to User Configuration /Administrative Templates/Control Panel/Personalization.

3. Double click Load a specif ic theme.

4. Select Enabled.

5. Enter the path to the theme file. “%windir%\Resources\Themes\aero.theme” is the path to the aero theme. More

themes can be downloaded from the Microsoft website.


6. Click OK.

Install Windows Search service

The Windows Search service is not installed by default in Windows Server 2012. Microsoft Outlook depends on this service

for searching emails. To install this service, follow the steps below.


2. In the left panel select Features.

3. In the right panel, click Add Features.

4. In the Features list, scroll down to Windows Search Service, and select it.

5. Click Install on the Confirmation page.

6. Once the installation has completed, click Close.

Enable audio

By default, audio is not enabled. To enable audio, follow the steps below.

1. Click Start > Control Panel > Administrative Tools > Services.

2. Double click the Windows Audio service.

3. Set Startup type to Automatic.

4. Click OK.

Adjust performance for programs

By default, the operating system is optimized to run background services rather than user programs. To change this, follow

the steps below.

1. On the Start menu, right click This PC and select Properties.

2. Click Advanced system settings in the left pane.

3. Click the Settings button in the Performance section.

4. Click the Advanced tab.


5. Select Programs.

6. Click OK.

STEP 3: Mount or copy the Unidesk Tools onto the gold image

1. Mount the Unidesk_Gold_Image_Tools ISO or copy the Unidesk_Gold_Image_Tools ZIP f ile onto the gold image. You

can f ind these tools in the Unidesk Installer download.

2. Open the ISO or extract the ZIP.

3. In the extracted Unidesk_Gold_Image_Tools_x.x.x folder, extract Unidesk_Windows_Gold_Image_Tools.zip to

c:\windows\setup\scripts.

STEP 4 : Create an answer file for unattended installation on Unidesk desktops


builder form opens.

2. Complete the unattend form

1. Product key activation

a. For KMS activation, select KMS Server.

b. For KMS with a Multiple Activation Key (MAK), select KMS with MAK and enter the MAK

c. For Retail Licensing with a MAK, select Retail with MAK, and the MAK.

2. Domain Join

a. Select Enable if you want to configure the unattend.xml f ile to join desktops to a specif ic domain. If you plan to

use AD join scripts, ensure Enable is not selected.

b. You can add desktops to the Computer's container in Active Directory by deleting the OU entry. However, we

recommend that you use an alternate OU for Unidesk desktops, both to segregate the desktop from other machines

and to avoid applying virtual desktop-specif ic GPOs to other types of machines.

c. If you are supporting multiple OUs within one or more domains, you can join machines in different Domains or OUs

by creating different unattend.xml f iles in different application layers.

d. For information about domain join scripts,see the following Support articles:

Debugging Domain Join Problems

3. Local Administrator account

http://10.57.4.42:4502/editor.html/content/docs/en-us/unidesk/3-4-3-hyper-v/administer/troubleshoot/troubleshoot-domain-join-issues.html


a. If you want to use the unattend.xml f ile to enable the Administrator account on each Unidesk desktop, select

Enable. Remember to also enable this account in your gold image or Operating System Layer revision. It is possible to

enable the Administrator account for your gold image and then have it disabled in the deployed desktops by clearing

the check box.

b. If you want to add an alternate Administrator account, select Enable and enter the account information. This

account cannot be pre-configured in the gold image.

c. You can create a desktop where the Administrator is disabled and the alternate administrator is created and

enabled. However for this to work, the Administrator account must be enabled in the gold image and it cannot be

renamed.

4. T ime zone

a. Select the time zone. If your time zone is not listed, you can add it to the Other box. Be sure to use the time zone,

not the display setting. A list of time zone settings can be found here.

5. Disabling automatic activatio

a. Select this option if you plan to use the Microsoft Volume Activation Management Tool.

3. Click Save File

STEP 5: Optimize the gold image for the Unidesk environment

1. In the c:\windows\setup\scripts folder, run the Optimize executable to create a .cmd file (optimization.cmd) that will be

run to optimize the image during desktop creation.

STEP 6: Create a checkpoint of the gold image

Once the gold image is ready, create a Hyper-V checkpoint of it, so that you can return to this state at any time.

Important : It is critical to create a checkpoint before installing the Unidesk software onto the gold image. Without this

checkpoint, returning to this state requires rebuilding the image.

STEP 7: Install the Unidesk tools onto the gold image

1. In the c:\windows\setup\scripts folder, run the Unidesk setup_x64.exe (64-bit).

2. The installation prompts for the location of the Management Appliance IP address and the location of the unattend.xml

file (the default location is c:\windows\panther).





Prepare a Windows 2012 R2 or Windows 2008 R2 gold image (Session Host)

Use these steps to prepare a gold image for Session Hosts that will run in the Unidesk environment. If you are building

Desktops rather than Session Hosts, see the previous steps to Prepare a Windows 2012 R2 gold image (Desktop).

Note: Unidesk Desktops are not yet supported on Windows Server 2008.

STEP 1: Set up a Windows Server gold image on a virtual machine

In the Hyper-V client:


2. Configure memory and networking, for example, the NIC and video memory.

Note: You can have just one network device in your gold image.



4. Install Windows Server 2012 R2, and patches to bring it to the most current.

Note: The machine is not joined to the domain.


Disk.

STEP 2: Add the RD Session Host Role

Using Server Manager, add the RD Session Host Role to the machine.

IMPORTANT : This should be done as a Role-based or Feature-based installation, not as a Remote Desktop Services

installation.

1. In the Hyper-V Server Manager, select Add roles and features.

2. For the Installation Type, select Role-based or Feature-based installation.

3. For the Server Role, select Remote Desktop Services > Remote Desktop Session Host (Installed).

4. Complete the process of adding the Server Roles.

STEP 3: Copy the Unidesk Tools onto the gold image

1. Copy the Unidesk_Gold_Image_Tools RAR f ile onto the gold image. You can f ind these tools in the Unidesk Installer

download.


2. Run the RAR f ile. This copies the tools to the C:windows\setup\scripts directory.

STEP 4 : Create an answer file for unattended installation on Unidesk desktops


builder form opens.

2. Complete the unattend form

1. Product key activation

a. For KMS activation, select KMS Server.

b. For KMS with a Multiple Activation Key (MAK), select KMS with MAK and enter the MAK

c. For Retail Licensing with a MAK, select Retail with MAK, and the MAK.

2. Domain Join

a. Select Enable if you want to configure the unattend.xml f ile to join desktops to a specif ic domain. If you plan to

use AD join scripts, ensure Enable is not selected.

b. You can add Session Hosts to the Computer's container in Active Directory by deleting the OU entry. However, we

recommend that you use an alternate OU for Unidesk Session Hosts, both to segregate the Session Host from other

machines and to avoid applying specif ic GPOs for Session Hosts to other types of machines.

c. If you are supporting multiple OUs within one or more domains, you can join machines in different Domains or OUs

by creating different unattend.xml f iles in different application layers.

d. For information about domain join scripts,see the following Support articles:

Debugging Domain Join Problems

3. Local Administrator account

a. If you want to use the unattend.xml f ile to enable the Administrator account on each Unidesk desktop, select

Enable. Remember to also enable this account in your gold image or Operating System Layer revision. It is possible to

enable the Administrator account for your gold image and then have it disabled in the deployed desktops by clearing

the check box.

b. If you want to add an alternate Administrator account, select Enable and enter the account information. This

account cannot be pre-configured in the gold image.

c. You can create a desktop where the Administrator is disabled and the alternate administrator is created and

enabled. However for this to work, the Administrator account must be enabled in the gold image and it cannot be

renamed.

http://10.57.4.42:4502/editor.html/content/docs/en-us/unidesk/3-4-3-hyper-v/administer/troubleshoot/troubleshoot-domain-join-issues.html


4. T ime zone

a. Select the time zone. If your time zone is not listed, you can add it to the Other box. Be sure to use the time zone,

not the display setting. A list of time zone settings can be found here.

5. Disabling automatic activatio

a. Select this option if you plan to use the Microsoft Volume Activation Management Tool.

3. Click Save File

STEP 5: Optimize the gold image for the Unidesk environment

1. In the c:\windows\setup\scripts folder, run the Optimize executable to create a .cmd file (optimization.cmd) that will be

run to optimize the image during Session Host creation.

STEP 6: Create a checkpoint of the gold image

Once the gold image is ready, create a Hyper-V checkpoint of it, so that you can return to this state at any time.

Important : It is critical to create a checkpoint before installing the Unidesk software onto the gold image. Without this

checkpoint, returning to this state requires rebuilding the image.

STEP 7: Install the Unidesk tools onto the gold image

1. In the c:\windows\setup\scripts folder, run the Unidesk setup_x64.exe (64-bit).

2. The installation prompts for the location of the Management Appliance IP address and the location of the unattend.xml

file (the default location is c:\windows\panther).





Create the OS Layer

Jun 28 , 2017

An Operating System Layer includes the software and settings for the operating system that you deploy to Unidesk

Machines (Desktops or Session Hosts). Once you have prepared the gold image for deploying to your Unidesk Machines,

you can create a Unidesk Operating System Layer by importing the gold into a new Layer.

Before you start

The disk for the VM where the gold image is installed must be accessible by the Unidesk Management Appliance.

The gold image must not be in the domain.

Import the gold image onto a Unidesk Operating System Layer

1. Apply all Windows updates to the image, so that it is at the most current Microsoft patch level.

2. In the Unidesk Management Console, select Layers > OS Layers.

3. Click Create OS Layer. This opens a wizard.

4. Layer Details tab:

Layer Name - Enter a name for the Layer, for example, Win81_64gold.

Version - You can create many versions of the Operating System Layer, for example, to add updates from Microsoft.

Name this version (the date can be useful).

Gold Image - Select the gold image you've prepared for your Unidesk Machines from the list of images on your

Management Appliance.

5. Icon Assignment tab - Choose an icon for this Layer.

6. Confirm and Complete tab - Verify your settings and click Create Layer.

Creating a Windows Operating System Layer can take up to 20-30 minutes to complete. You can then create a Unidesk

Machine to verify that the Layer works as intended.

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/os-layer/prepare-the-gold-image.html


Create Unidesk Collections

Jun 28 , 2017

Unidesk Collections are containers for organizing Unidesk machines. Each Collection is intended for either Desktops or

Session Hosts, not both. You'll need to create a Collection before you can create either a Desktop or a Session Host.

To get started, choose the type of Collection you're creating:

Get started creating a Collection for Desktops

Get started creating a Collection for Session Hosts

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/collections-for-desktops/create-desktop-collections.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/collections-for-session-hosts/create-collections-for-session-hosts.html

https://www.unidesk.com/support/learn/3.4.3_for_Hyper-V/deploy/deploy_about_create_collections_desktops_hv

https://www.unidesk.com/support/learn/3.4.3_for_Hyper-V/deploy/deploy_about_create_collections_desktops_hv


Collections for Desktops

Jun 28 , 2017

Unidesk Collections are containers for organizing Session Hosts or Desktops. You'll need to create a Desktop Collection

before you can create your first Desktop.

A Collection is where you specify the Operating System Layer to use for your Desktops. With Desktop Collections, you'll

also specify the connection broker (if you have integrated with one of the Unidesk-supported brokers). Once integrated

with a broker, your Desktop Collections will mirror the groupings already established in the broker, so you should integrate

with a broker before setting up any Desktop Collections.

If you're using a supported desktop connection broker, like the Remote Desktop Connection Broker (RDCB) or Citrix

XenDesktop, you'll start by integrating with the broker, so that when you create Unidesk Collections they'll mirror the

groupings used by your broker.


Integrate with Microsoft Remote Desktop ConnectionBroker

Jun 28 , 2017

To simplify Desktop management, Unidesk supports full integration with selected virtualization connection brokers,

including supported versions of Microsoft Remote Desktop Connection Broker (RDCB).

Once you set RDCB as the broker for Unidesk Collections, any Desktops you create in the Collection are assigned to

Desktop groupings in the broker that mirror the Unidesk Collections.

Install or upgrade the Unidesk Broker Agent

The first step to integrate Unidesk with RDCB is to install the UnideskBroker Agent on the connection broker server.

The first step to integrate Unidesk with RDCB is to install the UnideskBroker Agent on the connection broker server.

Privileges requiredPrivileges required

Ensure you have access to an account with administrator privileges on the connection broker server.

Roles requiredRoles required

Remote Desktop Services must be configured as prescribed by Microsoft.

The Virtualization Host role for RDS must be enabled on every server that hosts Unidesk Desktops.

When setting up a High Availability connection broker, install the Unidesk Broker Agent on each of the connection broker

servers.

To inst all or upgrade t he Unidesk Broker AgentTo inst all or upgrade t he Unidesk Broker Agent

1. Log into the connection broker server by using an account with administrator privileges.

2. Download the unidesk_hyperv_broker_agent_setup_3.3.0.exe f ile from the Unidesk Download Center to a convenient

location on the server.

3. Double click unidesk_hyperv_broker_agent_setup_3.3.0.exe, and when prompted, enter the location where you want to

install the Unidesk Broker Agent. The default is C:\Program Files (x86)\Unidesk Corporation\Unidesk Connection Broker

Agent\.

4. Set the communications port number by either accepting the default (8015) or by specifying a different port for the

Unidesk Broker Agent.

5. Click F inishFinish to exit the wizard.

If you need to change the port number later. (needs a link)


Integrate with Microsoft Remote Desktop ConnectionBroker (RDCB)

If more than one broker server is set up for High Availability, determine which is the current active management server.

1. Log onto the Hyper-V host.

2. Open Server ManagerServer Manager, and select Remot e Deskt op ServicesRemot e Deskt op Services on the left.

3. Note the server listed under Deployment OverviewDeployment Overview. This is the current active management server, required for the

following procedure.

Integrating with the Remote Desktop Connection Broker (RDCB), enables Unidesk to:

Create RDCB Virtual Desktop Collections.

Add Unidesk Desktops to the RDCB Collections.

NoteRDCB allows one Desktop per user in a Collection.

You can integrate with RDCB by configuring the Unidesk broker agent connection settings in the Unidesk Management

Console.

1. In the Unidesk Management Console (UMC), select Syst em > Set t ings and Conf igurat ionSyst em > Set t ings and Conf igurat ion.

2. Scroll to Broker Set t ingsBroker Set t ings and then click AddAdd.

3. For Broker Set t ingsBroker Set t ings, type the broker server information. If you have a High Availability broker setup, type the

information for the active management server (determined by using the steps in the previous section):

* Broker Name

* Broker Description

*Broker Address

* Broker Port (suggested port number is 8015)

4. Click T est Connect ionT est Connect ion to ensure that Unidesk can communicate with the broker.

5. Once the connection is validated, click ApplyApply .

6. Save this new broker by entering a comment, if needed, and then click SaveSave .

If the active management broker server fails

If the active management server fails, users can still connect to Desktops through RDWeb, and Unidesk's scheduled

maintenance of those Desktops continues. However, you cannot create new Desktops or edit Collection entitlements until


the broker settings in the Unidesk Management Console are updated with the new active management server.

To update the RD connection broker settings, you can wait for RDS to detect that the server has gone down and change

the active management server, which may take several minutes. Or, you can manually change the active management server.

If you don't want to wait for RDS to detect that the server failed and change to the active management server, you can

change the active RD Connection broker server as follows.

1. Log into the Hyper-V host.

2. Open Server ManagerServer Manager and select Remot e Deskt op ServicesRemot e Deskt op Services on the left.

3. Choose a new server from the list and then click the Set Act iveSet Act ive button.

When there is a new active management server, connect to the Unidesk Management Appliance and update the server

information.

1. Log into the Unidesk Management Console (UMC).

2. Click the Syst emSyst em tab and then the Set t ing and Conf igurat ionSet t ing and Conf igurat ion tab.

3. Click EditEdit next to the Broker Set t ingsBroker Set t ings section.

4. Select the broker server from the list and click the Modif yModif y button.

5. Update the Broker Address to the FQDN of the new active management server and click ApplyApply .

6. Click SaveSave to commit the change.


Integrate with XenDesktop

Jun 28 , 2017

You can integrate Unidesk for Hyper-V with Citrix XenDesktop, so that your Unidesk Collections specify that you want new

Desktops to belong to a XenDesktop group. This article lays out what you need to integrate with XenDesktop, and

explains the steps in detail.

Requirements to integrate Unidesk for Hyper-V withXenDesktop

What you need to integrate with Citrix XenDesktop

Hyper-V servers in an SCVMM environmentFor users to access Unidesk Desktops hosted on Hyper-V servers via XenDesktop, the HyperV servers must be part of a MicrosoftSystem Center 2012 Virtual Machine Manager (SCVMM) environment.

Note: If you do not have an SCVMM environment, Microsoft provides a downloadable appliance in the form of a VHD (Virtual Hard Disk)file for evaluation purposes. This VHD may be deployed as a virtual machine on any HyperV server. You may also install the SCVMMsoftware directly on any Windows Server 2012 system (physical or virtual) in your environment.

Citrix XenDesktop SiteXenDesktop Desktop Site must have the following software installed and configured: A supported version of the Citrix XenDesktopsoftware and Citrix Studio, Delivery Controller(s), Citrix License Server, and Citrix StoreFront.

The XenDesktop Site, Hyper-V Servers, and SCVMM Console(s) must all be in the same domain.

Windows PowerShell 4.0 must be installed on the Citrix XenDesktop host, and the PowerShell execution policies must be set to eitherUnrestricted or Bypass. You can set this by running the PowerShell script “set-executionpolicy unrestricted”. You must run this script as auser with local admin rights on the server.

You must have access to an account with administrator privileges.

Firewall Port open for the Unidesk Broker AgentA port in your firewall is opened by the Unidesk Broker Agent installer. By default, the broker agent uses Port 8015. You can change thisport in the Unidesk Management Console by selecting System > Settings and Configuration > Broker Settings, and then editing thebroker.

Unidesk LayerUnidesk Unidesk Operating System Layer on which to install the agent. You can install the agent on:

The Operating System Layer, or on a new Version of the Layer.An Application Layer or Layer version, unless you are integrating XenDesktop with App-V.

If Microsoft .NET Framework 4 is not yet installed, it must be installed before you install the XenDesktop agent on this Layer.

You must have Admin privs on the server that is running the Cirtix XenDesktop Delivery Controller. This requires editing the service. Thisis required for the Agent.

Integrate with XenDesktop

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/about-this-release/unidesk-3-4-for-hyper-v-platform-support.html


Once installed on your XenDesktop Controllers, the Unidesk Broker Agent lets you add Unidesk Desktops to XenDesktop

groups by creating Unidesk Collections and Desktops.

To install or upgrade the Unidesk Broker Agent:

1. Determine which port to use for communication between Unidesk and XenDesktop. By default, the installer configures

the Broker Agent to use port 8015, but you can choose a different port.

Not e:Not e: If you select a different port during installation, you must also edit the port in the Unidesk Management Console,

using Syst em > Set t ings and Configurat ion > Broker Set t ingsSyst em > Set t ings and Configurat ion > Broker Set t ings.

2. Log into the XenDesktop host using an account that has full administrator privileges on the XenDesktop Controller.(The

user must be a member of fulladministrators Role in Citrix.)

3. Download the Unidesk Broker Agent setup file from the Unidesk for Hyper-V Download page.

4. Run the Broker Setup, unidesk_hyperv_broker_agent_installer_3.3.0.exe.


6. Make sure that the logon user for the Unidesk Broker Agent is in the administrators group on the DDC and in the

XenDesktop Administrators in Desktop Studio as a Full Administrator.

Give t he Unidesk Broker Agent access t o t he XenDeskt op serviceGive t he Unidesk Broker Agent access t o t he XenDeskt op service

Using the Windows Administration Tools, make sure that the Unidesk Service running as Domain User is both an

Administrator for Citrix and a Local Administrator on the machine.

Set up a connect ion t o a Cit rix XenDeskt op Sit eSet up a connect ion t o a Cit rix XenDeskt op Sit e



3. Next to Broker Settings, click Edit.

4. Click Add.

5. Enter the connection details for a XenDesktop Controller:

1. Enter a name and description for the broker.

2. Enter the IP address or Fully Qualif ied Domain Name (FQDN) for the XenDesktop Controller.

3. Enter the firewall port that the Unidesk Management Appliance and the XenDesktop Controller can use for

communication purposes.

Not e:Not e: By default, the Unidesk Broker installer opens port 8015 in the firewall for this purpose. If a different port was

set during installation, enter that port number, and make sure the port is open in the firewall.

6. Click Test Connection to verify that the connection to the Controller is valid.

If you created catalogs before you configured the settings for the XenDesktop Controller, clicking Test

Connectionallows Unidesk to retrieve a list of Existing catalogs.

7. Click Apply to add the Controller to the list of brokers.

8. Repeat this procedure for each Controller that you want to add to the configuration.

9. Click Save to save the Broker settings and exit Edit mode.


If you want to configure Unidesk to communicate with more than one XenDesktop Controller, you can add another one

after this one is saved.

Configure Cit rix XenDeskt op t o work wit h t he Unidesk Hyper-V serversConfigure Cit rix XenDeskt op t o work wit h t he Unidesk Hyper-V servers

You can configure Citrix XenDesktop to work with the Unidesk Hyper-V servers by creating a new Host Connection, and

selecting Microsoft SCVMM as the connection type.

This assumes that your Hyper-V servers are part of a Microsoft System Center 2012 Virtual Machine Manager (SCVMM)

environment, as described in the requirements.

1. Log into the XenDesktop host.

2. Run Citrix Studio.

3. Select Citrix Studio > Configuration > Hosting.

4. In the Actions, select Add Connection and Resources.

5. On the Connection tab, select Create a new Connection.

6. In the Connection Type f ield, select Microsoft System Center Virtual Machine Manager as a connection type.

7. Finish completing the Connection wizard.

Install the XenDesktop Virtual Desktop Agent (VDA)on a Unidesk Layer

About installing the Virtual Desktop Agent

Next, you need to deploy the Citrix XenDesktop agent to the Desktops that will belong to the Citrix XenDesktop group.

You can install the agent by adding it to a version of the Unidesk OS Layer, though you could also install it on the gold

image. The steps vary based on the version of Windows the Desktop will be running.

Windows 7 or Windows 8.1 - Run the XenDesktop VDA installer.

Windows Server 2012 R2 - Run the XenDesktop VDA Command Line installer.

Not e:Not e: If you run the regular VDA installer on Windows Server 2012, the Virtual Desktop Agent for the Server OS will be

installed, instead of the agent for the Desktop OS, and the Operating System will be used as a Desktop OS.

Install VDA on Windows 7 or Windows 8.1

When you install XenDesktop 7.6, there are several settings you must choose for the software to work correctly with

Unidesk. Please use the instructions in this section when doing the installation.

You can install Citrix XenDesktop 7.6 on the Operating System Layer or on a Version of the Layer that you’ll deploy to

Desktops. Microsoft .NET Framework 4 must be installed before you install XenDesktop 7.

1. If .NET Framework 4 is not yet installed, install it on a Layer or Layer Version. (.NET Framework 4 is required by Citrix

XenDesktop 7.6.)

2. Start the Citrix XenDesktop 7.6 installer and choose Virt ual Delivery Agent f or Windows Deskt op OSVirt ual Delivery Agent f or Windows Deskt op OS .


3. On the Environment step, choose Enable Remot e PC AccessEnable Remot e PC Access .

4. On the HDX 3D Pro step, choose the appropriate type for your graphics hardware. For example:

5. On the Delivery Controller step, enter the fully qualified domain name (FQDN) of your XenDesktop 7.6 server. (You must

use the FQDN rather than the IP address.) For example:

6. On the Features step, disable both Opt imize perf ormanceOpt imize perf ormance and Personal vDiskPersonal vDisk. Optionally, select the Remote

Assistance, if it is something that you will be using with your Xen Desktops.

7. Continue to the end of the installer steps and start the installation.

8. If at any point during the installation a window pops up requesting a reboot and gives you the choice to reboot later,

choose Reboot lat erReboot lat er. Otherwise, restart and continue the installation when the Desktop comes back up.

9. When the installation completes, select Rest art machineRest art machine and click F inishFinish.

10. Now either finalize the layer (if you were building an OS version) or shutdown the gold and use it to create an OS layer.

Install VDA on Windows Server 2012 R2

When you install XenDesktop 7.6, there are several settings you must choose for the software to work correctly with

Unidesk. Please use the instructions in this section when doing the installation.

You can install Citrix XenDesktop 7.6 on the Operating System Layer or on a Version of the Layer that you’ll deploy to

Desktops. Microsoft .NET Framework 4 must be installed before you install XenDesktop 7.

To install the XenDesktop Agent as a desktop OS, you need to run it from the command line.

1. If .NET Framework 4 is not yet installed, install it on a Layer or Layer Version. (.NET Framework 4 is required by Citrix

XenDesktop 7.6.)

2. Run the Citrix XenDesktop 7.6 command line installer.

XenDesktopVdaSetup.exe /quiet /servervdi /controllers

where

/quiet - Set the installation process to run without the user interface appearing during the installation. If you want to

check the process status, check the Windows Task Manager.


/serverdi - Install a VDA for Windows Desktop OS on the Windows Server.

/controllers - Specify the fully qualified domain name (FQDN) of your XenDesktop 7.6 server. You must use the FQDN

rather than the IP address. For example: server.domain.com.

3. When the installation completes, select Rest art machineRest art machine and click F inishFinish.

4. Now either finalize the layer (if you were building an OS version) or shutdown the gold and use it to create an OS layer.

Deploy Unidesk Desktops in XenDesktop Groups andCatalogs

About Deploying Unidesk Collections and Desktops

Unidesk creates Persistent Collections in a XenDesktop Dedicated Catalog, and Non-persistent Collections in a Pooled-Random Catalog.

For each Collection you create, Unidesk creates a corresponding XenDesktop Delivery Group. The Desktops you create in a

Collection go into the corresponding XenDesktop Group.

Deploy Desktops in a XenDesktop Group

To deploy Desktops in a XenDesktop Group:


2. Select Deskt ops > Creat e Deskt opDeskt ops > Creat e Deskt op.

3. Follow the steps to Create a Desktop, and when you get to the User Assignment tab of the Create Desktop wizard,

select the connection broker and the users or groups to assign to the Desktop.

1. For the broker integration, select XenDesktop Group.

2. Then select the actual XenDesktop group.

3. Select a user assignment option:

Select Assigned to user and select an Active Directory user.

Select Assigned to group and select an Active Directory group. You must specify the number of Desktops that are

available to the group when you select this option.

Select Assigned by broker to allow the XenDesktop Controller to assign users to the Desktops. You must specify

the number of Desktops to create when you select this option.

4. In the Desktop Details tab, follow the usual Desktop creation instructions and select the Desktop Type.

5. Finish creating the Desktop(s).

Make sure the Windows Firewall is configured to allow the Desktops to communicate with the XenDesktop Controller. You

can use a GPO for this purpose after adding the Desktops to a domain. For additional details about firewall configuration,

see the Citrix XenDesktop documentation.

Activate Citrix XenDesktop on the Desktops

https://www.unidesk.com/support/learn/3.4.3_for_Hyper-V/deploy/deploy_about_create_desktops_hv/deploy_desktop_create_hv

https://www.unidesk.com/support/learn/3.4.3_for_Hyper-V/deploy/deploy_about_create_desktops_hv/deploy_desktop_create_hv


Activating Citrix XenDesktops on your Unidesk Desktops allows users to connect to their Desktops using RDP.

Configure the Web Storefront(s) to use HTTPS

1. Log onto the Citrix Receiver. Citrix Receiver lets you see the collections in the Web Storefront.

2. Configure the Web Storefront(s) to use HTTPS.


Create Desktop Collections

Jun 28 , 2017

Unidesk Collections are groupings of Desktops that you can manage easily. Desktop Collections have settings associated

with them that all of the Desktops in the collection inherit, for example, the operating system and connection broker, if

applicable.

About Desktop Collections

You must create one or more Desktop Collections before you create your first Desktop, and when creating each Collection

you are required to specify which Users and Groups are entitled to be assigned to Desktops in the Collection.

All Desktops are created in a Collection, and you can only assign them to Users and Groups specified in the Collection's

Entitlements.

Typically, a Collection of Desktops is associated with a connection broker, and the Desktops in that Collection are deployed

as a group to that broker. You can specify no broker in your Collection, and the Desktops in that Collection will be created

without a broker integration.

There are several settings you must specify when creating a Desktop Collection:

Ent it lement sEnt it lement s - select the Users and GroupsUsers and Groups that are entitled to have Desktops in this Collection

T ype of Deskt opsT ype of Deskt ops - that this Collection contains, either Persistent (private/personal) or Non-

persistent (shared/pooled). A Persistent Desktop retains all user customizations, including settings and data f iles, while a

Non-persistent Desktop returns to its original state when the users logs off .

Operat ing Syst em LayerOperat ing Syst em Layer - that is assigned to the Desktops.

Create a Unidesk Desktop Collection

1. In the Unidesk Management Console, select Deskt ops > Collect ionsDeskt ops > Collect ions, based on which Desktops you'll be putting in the

Collection.

2. Click Creat e Collect ionCreat e Collect ion.

3. Type a name for the Collection and select an icon (or create a custom icon) for the Collection.

4. (Desktop collection only) On the Broker and Ent it lement sBroker and Ent it lement s tab, choose a connection broker for this Collection, or

select No BrokerNo Broker. Then select the Groups and UsersGroups and Users entitled to access this collection.

5. (Desktop collection only) On the Collect ion Det ailsCollect ion Det ails tab, choose the Collect ion T ypeCollect ion T ype , either Persist entPersist ent or Non-Non-

Persist enPersist ent.

6. OS AssignmentOS Assignment tab: Select the Operat ing Syst em LayerOperat ing Syst em Layer and version. If there is more than one version of this LayerLayer,

the latest version is selected by default. If you want a different version, expand the LayerLayer and change your selection.

7. On the Conf irm and Complet eConf irm and Complet e tab, type a comment about this Collection, if needed, and click Creat e Collect ionCreat e Collect ion.


Collections for Session Hosts

Jun 28 , 2017

Unidesk Session Host Collections are containers for organizing Session Hosts. You'll need to create a Collection before you

can create your first Session Host. A Collection is where you specify the Operating System Layer to use for your Session

Hosts. You can add your Session Hosts to either RDCB or Citrix XenApp, as described below. Before you add Session Hosts

to the broker, you'll need to create all of the Unidesk Session Host Collections, and create a Session Host in each

Collection.

Create Unidesk Collections for Session Hosts

The Session Host module has a Collection tab where you can create the Session Host Collection. For details, see the

following topic:

Create Unidesk Session Host Collections

Create a Session Host in each Collection

If you plan to add your Session Hosts to a connection broker, be sure to create a Session Host in each Collection.

Add your Session Hosts to a connection broker

Once you've created all of your Unidesk Collections, each containing at least one Session Host, you can add your Session

Hosts to a connection broker, either the Microsoft RD Connection Broker (RDCB) or Citrix XenApp. This makes it easier to

manage your Session Hosts.

Add Session Hosts to Microsoft RD Connection Broker

Add Session Hosts to Citrix XenApp


http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/collections-for-session-hosts/create-collections-for-session-hosts.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/collections-for-session-hosts/add-session-hosts-to-microsoft-remote-desktop-connection-broker.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/collections-for-session-hosts/add-session-hosts-to-citrix-xenapp.html


Create Collections for Session Hosts

Jun 28 , 2017

Unidesk Session Host Collections are containers for organizing Session Hosts. You'll need to create a Collection before you

can create your first Session Host. A Collection is where you specify the Operating System Layer to use for your Session

Hosts. You can add your Session Hosts to either RDCB or Citrix XenApp, as described below. Before you add Session Hosts

to the broker, you'll need to create all of the Unidesk Session Host Collections, and create a Session Host in each

Collection.

The Session Host module has a Collection tab where you can create the Session Host Collection. For details, see the

following topic:

Create Unidesk Session Host Collections (add link)

If you plan to add your Session Hosts to a connection broker, be sure to create a Session Host in each Collection.

Once you've created all of your Unidesk Collections, each containing at least one Session Host, you can add your Session

Hosts to a connection broker, either the Microsoft RD Connection Broker (RDCB) or Citrix XenApp. This makes it easier to

manage your Session Hosts.

Add Session Hosts to Microsoft RD Connection Broker (add link)

Add Session Hosts to Citrix XenApp (add link)


Create Session Hosts

Jun 28 , 2017

A Unidesk Session Host is a virtual machine made up of an Operating System Layer, Application Layers, and a machine

Personalization Layer. You create and select the Operating System and Application Layers, and the Unidesk software

creates the Personalization Layer, where changes made to the Session Host are saved.

When you are ready to create Session Hosts, you can create one or multiple Session Hosts at a time. You can name Session

Hosts individually, or generate the names based on built-in naming conventions that you can edit or augment. A single Azure

subscription is limited to 48 Session Hosts.

Before You Start

As soon as you create your Operating System Layer, ensure this Layer and your Domain Join script are in good working order.

Do this by creating a bare-bones test Session Host, as described in the next section.

Before you can create a Session Host you need a Unidesk Collection [add link], which in turn requires an Operating System

Layer [add link].

Certain Session Host attributes are determined by the Collection in which you create them, and once created, you can

never change these attributes for the Session Host. Currently, this includes the Operating System Layer. You can change

the version of the Operating System Layer assigned to a Session Host, but not the Layer itself.

As stated above, the Collection where you create a Session Host determines its key attributes. If you decide to move a

Session Host to a different Collection, the new Collection must have the same Operating System Layer.

Create a Test Session Host (Recommended)

Before using your new Operating System Layer to create your Session Hosts and Application Layers for production, we

recommend creating a quick, test Session Host to verify that your Operating System Layer and domain join script are in

good working order.

Since you won't deploy this Session Host to production, you just need to select the required settings and accept the

default values for everything else.

1. On the Unidesk menu bar, select Session Host sSession Host s , and then click Creat e Session HostCreat e Session Host . The Creat e Session HostCreat e Session Host

wizard opens.

2. On the Collect ion AssignmentCollect ion Assignment tab, select a Collect ionCollect ion where you want to group the Session Host and choose to

create one Session Host.


3. Take the default settings for everything else, and on the Conf irm and Complet eConf irm and Complet e tab, confirm that the settings are

correct (see the Visualizat ionVisualizat ion panel to the right), and click Creat e Session Host sCreat e Session Host s to start creating the Session HostSession Host .

A Session Host icon appears with the status displayed in the lower right corner of the icon. The Session Host status cycles

through Stopped, Powering on, Starting, and Running. For more status information, click the Expander tab in the bottom

center of the console to open the Tasks panel. For example, if the Session Host is not successfully added to the

connection broker, a status message appears in the Session Host Details.

1. View the IP address assigned to the Session Host, by hovering over the Session Host icon and clicking the information

icon.

2. Log into the Session Host and verify that it successfully joined the domain.

If your Session Hosts do not successfully join the domain, follow the steps below to identify the issue. Fixing the problem

usually requires an update to the unattend file, and usually you need to create a new version of your Operating System

layer and use the Unidesk unattend builder to correct any issues in the unattend.xml file. The Unidesk unattend builder is

available for download in the Unidesk Download Center. [update link]

About Domain JoinAbout Domain Join

When a Session Host is created in Unidesk it runs through the Microsoft Windows mini-setup process, which uses a file

called unattend.xml to configure a variety of Session Host settings. We recommend that you use the Unidesk Unattend

builder tool to create your unattend file. With the Unattend builder you can specify all of the settings required to join the

Session Host to the domain during creation.

If your Session Host is not joining the domain correctly, here are some common issues and how to solve them.

Keep in mind that while you will look at logs on the Session Host Unattend to identify your problem, you will update the

unattend file in your OS layer or in an application layer to correct it so that newly created Session Hosts will successfully

join your domain.

F irst T hings t o CheckFirst T hings t o Check

The following log file details the progress of the mini-setup process, including a summary line for each domain attempt.

Check this log file for errors:

C:\Windows\Panther\UnattendGC\setupact.log

NoteBe sure you are not looking at the setupact log in C:Windows\Panther. You want the log file that's

in C:Windows\Panther\UnattendGC.

https://www.unidesk.com/support/download-center


Search for DJoin.exe to see a log of the domain join operations:

DsGetDCName failed: 0x54b … check your fully qualified domain name

NetJoinDomain attempt failed: 0x89a … check your domain join credentials

NetJoinDomain attempt failed 0x2: check your OU specification

Still stumped? For other log files to check, go to the section on Advanced debugging later in this article.

Check your unat t end file f or common problems and fix any issuesCheck your unat t end file f or common problems and fix any issues

Let’s assume that you have this configuration:

Fully qualif ied domain name: vdidomain.acme.com or vdidomain.local

Short domain name: vdi

OU: acmegrp1

Domain account: Administrator

Open the unattend file on the Session Host and check for some common problems. The unattend file is located in

c:\windows\panther.

Search for the <JoinDomain> tag and check the fully qualified domain name. It should look like one of these examples:

<JoinDomain>vdidomain.local</JoinDomain>

<JoinDomain>vdidomain.acme.com</JoinDomain>

Check the domain specif ication by searching for the Domain tag: <Domain>. The Domain tag must be the short

domain name, not the fully qualif ied domain name.It should look like this:

1.


Correct: <Domain>vdi<Domain>

Incorrect: <Domain>vdidomain.acme.com<Domain>

Check the Username specif ication. It should look like this:

Correct: <Username>Administrator</Username>

Incorrect:<Username>vdi\Administrator<\Username>

Check the processor architecture

In the component tag, make sure processorArchitecture is correct for your platform, either amd64 or x86.

Fix any issues you find in the unattend.xml, either by editing the file manually, or by re-running the Unattend builder. This

involves creating a new version of your OS layer to update the unattend file:

1. In the Unidesk Management Console, click Operat ing Syst em Layer > Add VersionOperat ing Syst em Layer > Add Version. Allow the Operating System

Layer to boot up in the Install Machine and log in.

2. Once logged in, either edit the unattend.xml f ile, or run the Unattend builder again:

Run Notepad as an Administrator, edit the f ile at C:\Windows\Panther\unattend.xml, and then save the f ile.

3. Finalize the layer.

Deploy a new Session Host with your latest OS version and check for successful domain join.

Check t he Net set up log file f or errorsCheck t he Net set up log file f or errors

One log file details the entire process of joining the domain: C:\Windows\debug\NetSetup.log. Look for the section with

today's date to watch the process from the beginning, or go to the bottom of the file to see the last attempt and why it

failed. If an attempt fails, Windows makes another attempt every five seconds, up to 80 times, As a result, your log may

contains many duplicate failure messages.

A successful domain join displays the following message:

2.

3.


05/01/2012 09:28:01:740 NetpDoDomainJoin: status: 0x0

This line appears at the bottom of the last attempt, and denotes that the domain join process succeeded. Any return

status other than 0x0 denotes a failure. You may also see the following lines above it, which also shows success:

05/01/2012 09:28:01:740 NetpCompleteOfflineDomainJoin: status: 0x0

05/01/2012 9:28:01:740 NetpJoinDomain: NetpCompleteOfflineDomainJoin SUCCESS: Requested a reboot :0x0

Failure, again, is a non-zero return code:


One of the most common failures is an error attempting to connect to the IPC$ share on the domain controller. It will look

like this:

05/02/2012 23:14:21:057 NetUseAdd to \\DC1.company.local\IPC$ returned XXXX

Get the returned message (XXXX)and run net helpmsg XXXX from a command prompt to see the specific error. The

following are common domain join errors and solutions to those errors.

Failure 1231


07/12/2012 14:38:52:122 NetUseAdd to \\DC1.company.local\IPC$ returned 1231

07/12/2012 14:38:52:122 NetpJoinDomain: status of connecting to dc '\\TDC1.company.local': 0x4cf

07/12/2012 14:38:52:122 NetpJoinDomainOnDs: Function exits with status of: 0x4cf

07/12/2012 14:38:52:122 NetpDoDomainJoin: status: 0x4cf

Pre-1.5 versions of Unidesk had a timing issue that could cause domain joins on Windows 7 x64 to fail randomly. Upgrade to

the latest version of Unidesk if you are using a version earlier than version 1.5.

This error may aslo be the result of mixing layers that were built from different OS layers. Resolve it by deploying with just

the Operating System Layer. Once you can identify which Application Layer is breaking the domain join process, recreate

that layer with the current version of the current OS layer.

If you cannot find conflicting layers, use the PowerShell script for joining the domain:

http://www.unidesk.com/support/kb/using-powershell-advanced-domain-join-operations [add link]

Failure 1326Failure 1326


05/02/2012 23:07:31:696 NetpJoinDomain: status of connecting to dc '\\DC1.company.local': 0x52e

05/02/2012 23:07:31:696 NetpJoinDomainOnDs: Function exits with status of: 0x52e

05/02/2012 23:07:31:696 NetpDoDomainJoin: status: 0x52e

Failure 1326 is a straightforward password error, "Logon failure: unknown user name or bad password." Double-check the

username and password in your unattend.xml file.




05/02/2012 23:14:21:057 NetpJoinDomain: status of connecting to dc '\\DC1.company.local': 0x775

05/02/2012 23:14:21:057 NetpJoinDomainOnDs: Function exits with status of: 0x775


A 1909 error means "The referenced account is currently locked out and may not be logged on to." Go to your Active

Directory and unlock the account. You should also determine how the account got locked. Often the account becomes

locked because the unattend.xml has an incorrect password. Attempting to join a domain retries dozens of times. If the

password is incorrect, you might get three password failures and dozens of "account locked" failures.

Bad OU specifiedBad OU specified

01/20/2012 10:53:01:232 NetpCreateComputerObjectInDs: NetpGetComputerObjectDn failed: 0x2

01/20/2012 10:53:01:232 NetpProvisionComputerAccount: LDAP creation failed: 0x2

01/20/2012 10:53:01:232 NetpProvisionComputerAccount: Cannot retry downlevel, specifying OU is not supported

01/20/2012 10:53:01:232 ldap_unbind status: 0x0

01/20/2012 10:53:01:232 NetpJoinDomainOnDs: Function exits with status of: 0x2

01/20/2012 10:53:01:232 NetpJoinDomainOnDs: status of disconnecting from '\\DC1.company.local': 0x0



The message "Cannot retry downlevel, specifying OU is not supported" means that the specified OU is invalid. This error

could indicate that the OU does not exist within the AD, or that you are attempting to specify the default Computers

container. Windows requires that the default OU be left unspecified, so if you want to put new Session Hosts into the

default Computers OU, you must delete the <MachineObjectOU> line entirely. Look further up the log file for what the

specified OU is:

01/20/2012 10:53:01:123 lpMachineAccountOU: OU=Computers,OU=VDI,DC=company,DC=local

Verify the existence of the specified OU and confirm that it is not the top-level Computers container.

Bad domain specifiedBad domain specified

If the domain name itself is invalid, a domain join makes no entries to NetSetup.log and does not create a log file. In this

situation, look in C:\Windows\Panther\UnattendGC\setupact.log for lines like this:

2012-07-13 16:11:15, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5 seconds...

The error text for 0x54b (1355) is "The specified domain either does not exist or could not be contacted." You can look

further up in the setupact.log to see exactly what domain you were trying to join. Note that this is an error with the

"JoinDomain" tag, not the credentials.

Insuf ficient user right sInsuf ficient user right s


07/17/2012 13:26:47:524 NetpMapGetLdapExtendedError: Parsed [0x5] from server extended error string: 00000005: SecErr: DSID-03152492, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

07/17/2012 13:26:47:524 NetpModifyComputerObjectInDs: ldap_add_s failed: 0x32 0x5

07/17/2012 13:26:47:524 NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x5


...


The user account you specify must have rights to add machine accounts to the domain in the specified OU. This error

appears when you have a valid account with insufficient privileges. Either try a different account or adjust the account

privileges in the domain.

Use anot her approach t o domain join: Add a script t o t he deployment processUse anot her approach t o domain join: Add a script t o t he deployment process

If you are unable to make your domain join work automatically via the unattend file, you can try adding a PowerShell script

to the deployment process to do the domain join. For more information, see this article:

http://www.unidesk.com/support/kb/using-powershell-advanced-domain-join-operations [ADD LINK]

More about how domain join worksMore about how domain join works

The relevant section of the unattend.xml belongs in the 'pass="specialize"' settings block:


<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<Identification>

<Credentials>

<Domain>company</Domain

<Password>thePassword</Password>

<Username>administrator</Username>

</Credentials>

<JoinDomain>company.local</JoinDomain>

<MachineObjectOU>OU=VDI,OU=lab,DC=company,DC=local</MachineObjectOU>

<DebugJoin>true</DebugJoin>

</Identification>

</component>

There are four elements of block that need to be correct:

1. In the "component" tag, make sure "processorArchitecture" is correct for your platform - either "amd64" or "x86".

2. In the "Identif ication" block, the "Credentials" block must be correct. The "Domain" tag must be the short domain name,

not the FQDN. The "Domain" and "Username" tags are joined to create the account that the Session Host will login to

the domain as in order to create the Machine Account. The account must exist and be a domain administrator or a

service account with suff icient privileges to create Machine Account objects. In this example, "company\administrator"

logs in with password "thePassword". Note that the password is stored in the gold as plain text, but is replaced with the

string "*SENSITIVE*DATA*DELETED*" during deployment to preserve security.

3. The "JoinDomain" tag must contain the full domain as a FQDN. The Session Host logs in to and joins this domain using

the credentials described above earlier.


4. The "MachineObjectOU" tag must refer to an existing OU. It must not refer to the default Computers container. If you

want your Session Hosts to appear in the default Computers container for your domain, you must delete the entire

MachineObjectOU line. The reason is that the MachineObjectOU field must refer to an OU, but Computers is actually a

CN. You cannot specify a CN there, and if you reference Computers as an OU, it's an error. So to get the default, which

you can't specify, you must not have the line at all. (When using the Unattend Builder from Unidesk, specify the

Computers container by putting nothing in the "OU to Place Session Hosts" f ield.)

Note that if the machine already has a Machine Account in your domain (for instance because you are reusing names from

Session Hosts that have been created and deleted before), the domain reuses the existing Machine Account in whatever

location it is already in, ignoring the one specified in unattend.xml.

One log file details the entire process of joining the domain: C:\Windows\debug\NetSetup.log. Review this file after

deployment to determine why the attempt to join the domain failed. Look for the section with today's date to watch the

process from the beginning, or go to the bottom of the file to see the last attempt and why it failed. If an attempt fails,

Windows makes another attempt every five seconds, up to 80 times, As a result, your log may contains many duplicate

failure messages.

A second log, C:\Windows\Panther\UnattendGC\setupact.log, details the progress of mini-setup, including a summary line

for each domain attempt. At least one type of failure (bad domain specified) results in no NetSetup.log being created, so

you would have to see the failure information in setupact.log. If you find no current information in NetSetup.log, or no log

at all, check setupact.log.

Create one or more Session Hosts

In the Unidesk Management Console, select Session Hosts > Create Session Host. This opens the Create Session Host

wizard where you can configure the Session Host(s).

Collect ion AssignmentCollect ion Assignment

Select a Unidesk Collection

Session Host Det ailsSession Host Det ails

Session Host Names - You can use our built-in naming convention to auto-generate Session Host names. Or, you can define

your own custom naming convention using a set of expressions, and change the built-in naming convention.

Generate Name Automatically - This option automatically generates the Session Host names based on a naming

convention. You can select a built-in naming convention or create your own custom naming convention. You must use

automatic name generation if you are creating more than one Session Host. If you don't want the default naming

convention (Collection name and increment), you can make your own naming convention by selecting Custom and

entering an expression.

Enter Session Host Name - If you are creating a single Session Host, deselectGenerate Name Automatically and type in

a Session Host name.

Session Host Naming Requirement sSession Host Naming Requirement s

Session Host names must meet these basic naming requirements, or the Session Host does not start.

Names can include one to 15 of these characters:

Letters a through z, and A through Z


Numbers 0 through 9

Hyphen (-) and Underscore (_)

Names cannot include Spaces, the characters / \ * , . " @, or a sequence of two hyphens (--) or underscores (__)

Names cannot start with a number, hyphen (-), or underscore (_)

Names cannot end with a hyphen (-) or an underscore (_)

Applicat ion AssignmentApplicat ion Assignment

Application Layer(s) to add to the Session Host. Expand a Layer to select the version. You can assign up to 13 Application

Layers to each Session Host.

This is where you configure hardware and memory settings for the virtual machine.

CPUs - Number of virtual CPUs to allocate to the Session Host. You can specify any number between 1 and 64. The

default number of CPUs is derived from the greater of the following two values: the number of CPUs on the gold image

or the minimum number of CPUs Unidesk recommends, which is 4. Your infrastructure must be able to support the

number of CPUs you choose.

Starting Memory - Amount of memory (in megabytes) to allocate to the Session Host at startup.

Dynamic Memory - Marking this check box specif ies the use of dynamic memory for the Session Host, while clearing this

check box specif ies that the Session Host's memory use is static. Using dynamic memory enables the Session Host to

contribute or receive memory as a shared resource. When working with multiple Session Hosts, dynamic memory utilizes

the overall available physical memory in a more eff icient way than static memory does.

Not es:Not es:

If you select the Dynamic Memory option, the Starting Memory number must be greater than or equal to the Minimum

RAM number and less than or equal to the Maximum RAM number.

If you upgrade a Session Host that is using dynamic memory, the Dynamic Memory option is no longer enabled following

the upgrade procedure.

A CachePoint that has not been upgraded disregards any dynamic memory settings. Once the CachePoint is upgraded,

the next edit to it invokes the dynamic memory settings.

Minimum RAM - The minimum amount of memory (in megabytes) to allocate to the Session Host after startup. This

number cannot be less than 32 and must be divisible by 2. This option becomes active when the Dynamic Memory option

is selected. The default minimum value for this setting is 8192 MB (8 GB).

Maximum RAM - The maximum amount of memory (in megabytes) to allocate to the Session Host after startup. This

number cannot be greater than 1048576 and must be divisible by 2. This option becomes active when the Dynamic

Memory option is selected. The default value for this option is the greater of the following two values: the Maximum

RAM from the Gold Image, or 16384 MB (16 GB), the minimum recommended by Unidesk.

Buffer Percentage - Specif ies how much memory to add to the Session Host as a buffer. This number is a percentage of

the amount of memory the Session Host actually requires to run applications and services. This percentage cannot be

less than 5 or greater than 2000. This option becomes active when the Dynamic Memory option is selected.

User Data Storage - Space in GB to allow for the machine's personalization settings and data f iles.

Page File Size - Percentage of memory to use for the page f ile size.

NoteThe Page File size is a percentage of the Starting Memory value. On Session Hosts that have Dynamic Memory enabled, and a

Maximum RAM value set greater then the Starting RAM value, Full Core Dumps may not be created successfully, as the Page file

might not be large enough.


Core Dump Type - The type of core dump file you want the system to create when system problems occur. You can

specify None, Mini (to create a small, or mini-dump file), Kernel (to create a kernel memory dump file), or Full (to create a

full crash dump file). If you select Full, the size for the page f ile must be a minimum of 100%.

Maint enance ScheduleMaint enance Schedule

A maintenance window is a time for Session Host maintenance tasks that require users to be logged off, for example,

adding a new version of a Layer. Unidesk keeps track of the number of users logged into each session host, so that

maintenance can be performed when all users are logged off.

ImportantWhen using XenApp, Session Hosts must be put in Maintenance Mode by using the Desktop Studio Console.


Add Session Hosts to Microsoft Remote DesktopConnection Broker

Jun 28 , 2017

To simplify Session Host management, you can connect Unidesk with Microsoft RD Connection Broker (RDCB).

Create the Unidesk Operating System Layer

Prepare t he Windows Server 2012 R2 Gold ImagePrepare t he Windows Server 2012 R2 Gold Image

When you prepare the gold image, it 's important to follow the detailed steps for a Windows Server Session Host. This

includes special steps for servers, including:

Running all Microsoft redistributable items

Enabling the RDSH Role on the server

Use the steps to Prepare the gold image [ADD LINK] for your Unidesk Session Hosts.

Import t he gold image int o a new Operat ing Syst em LayerImport t he gold image int o a new Operat ing Syst em Layer

When the gold image is ready, you can import it into a new Operating System Layer, as described here:

Create the Operating System Layer [UPDATE LINK]

Create your Unidesk Collections and Session Hosts

To connect to RD Connection Broker, every Unidesk Session Host must be manually connected to an RDS Collection.

Therefore, you must create the Session Hosts, which in turn require Unidesk Collections. In case this isn't done yet, you can

use the following links:

Create Session Host Collections [ADD LINK]

Create a Session Host [ADD LINK]

Add the Unidesk Session Hosts to RDS Collections

Add Session Host s t o RDSAdd Session Host s t o RDS

1. From Server manager, start at All ServersAll Servers .

2. Right-click and select Add ServersAdd Servers .

3. Type the f irst letter or two of the server name and select the correct server.

When the servers are added, you can add them as RD Session Hosts to new RDS Collections.

Creat e RDS Collect ions t hat correspond t o Unidesk Collect ionsCreat e RDS Collect ions t hat correspond t o Unidesk Collect ions

https://www.unidesk.com/support/learn/3.4.3_for_Hyper-V/deploy/deploy_about_create_os_layer_hv/deploy_os_layer_create_hv


At least one Session Host must have been added for each RD Collection you want to create. See the above step for

details about adding Unidesk Session Hosts to RDS.

1. In Remot e Deskt op ServicesRemot e Deskt op Services , select RD Session Host ServicesRD Session Host Services .

2. In the list of Server PoolsServer Pools , select a server, move it to the Select edSelect ed list, and click OKOK .

This server will now be a managed RD Session host that can be added to existing collections or used to create new

collections.

If the active management broker server fails

What happens when t he act ive management broker server f ailsWhat happens when t he act ive management broker server f ails

If the active management server fails, users can still connect to Desktops via RDWeb, and Unidesk's scheduled maintenance

of those Desktops continues. However, you cannot create new Desktops or edit Collection entitlements until the broker

settings in the Unidesk Management Console are updated with the new active management server.

To update the RD connection broker settings, you can wait for RDS to detect that the server has gone down and change

the active management server, which may take several minutes. Or, you can manually change the active management

servers.

Updat e RD connect ion broker set t ingsUpdat e RD connect ion broker set t ings

When there is a new active management server, connect to the Unidesk Management Appliance and update the server

information.

1. Log on to the Unidesk Management Console (UMC).

2. Click the Syst emSyst em tab and then the Set t ing and Conf igurat ionSet t ing and Conf igurat ion tab.

3. Click EditEdit next to the Broker Set t ingsBroker Set t ings section.

4. Select the broker server from the list and then click the Modif yModif y button.

5. Update the Broker Address to the FQDN of the new active management server and click ApplyApply .

6. Click SaveSave to commit the change.


Add Session Hosts to Citrix XenApp

Jun 28 , 2017

You can manually connect to Citrix XenApp, so that you can align your Session Host Collections with XenApp. Unlike

integrating with Desktop Brokers, currently you can simply connect, not fully integrate with a broker.

Requirements to integrate Unidesk with XenApp

What you need to connect to Citrix XenApp.

T oT o You needYou need

Get started A supported version [ADD LINK] of the Citrix XenApp software.

Create a XenApp Group

XenDesktop Catalog(s) with a machine type of Existing.

At least one valid Directory Junction.

An Operating System Layer for the Session Hosts.

Create the Unidesk Operating System Layer

Prepare t he Windows Server 2012 Gold ImagePrepare t he Windows Server 2012 Gold Image

When you prepare the gold image, it 's important to follow the detailed steps for a Windows Server Session Host. This

includes special steps for servers, including:

Running all Microsoft redistributable items

Enabling the RDSH Role on the server

Use the steps to Prepare the gold image [ADD LINK] for your Unidesk Session Hosts.

Import t he gold image int o a new Operat ing Syst em LayerImport t he gold image int o a new Operat ing Syst em Layer

When the gold image is ready, you can import it into a new Operating System Layer, as described here:

Create the Operating System Layer [ADD LINK]

Install the XenApp agent on a Unidesk Layer

Layer requirement s f or XenAppLayer requirement s f or XenApp

The XenApp VDA can be installed into a new version of the Unidesk Operating System Layer, or if you do not need

Microsoft App-V integration, in an Application Layer.


ImportantThe installation process will attempt to create a user account. This account is used to deliver App-V packages. If this App-V

functionality is not required, then the XenApp VDA can be installed in an Application Layer. If the App-V functionality is required, than

the VDA must be installed into a new version of the Operating System Layer.

Inst all and configure t he XenApp client on t he Inst allat ion MachineInst all and configure t he XenApp client on t he Inst allat ion Machine

Follow these steps to install and configure the XenApp client.

1. Attach the XenApp .iso and auto-run it. The installer opens.

2. Click the XenApp St artXenApp St art button.

3. On the next screen, click Prepare Machines and ImagesPrepare Machines and Images.

4. For the EnvironmentEnvironment , select Enable connect ions t o a server machine Enable connect ions t o a server machine .

5. For the Core Component sCore Component s , select Cit rix ReceiverCit rix Receiver.

6. For the Delivery Cont rollerDelivery Cont roller, select Do it manuallyDo it manually , then in the Cont rollerCont roller address f ield, add the FQDN (not the IP

address) of the Delivery Controller. Test the connection and when successful, add the connection and continue.

7. For Feat uresFeat ures, you can leave all items selected.

8. The Firewall is configured automatically.

9. Review the SummarySummary , and f ix any issues with your selections.

10. On the Inst allInst all tab, click Inst allInst all.

11. If you are prompted to restart the machine, allow the restart and then sign back in as administrator once the machine is

back up. The installation continues.

12. When the post installation task (Component Initialization) is complete, allow the machine to restart again.

Expedit e Microsof t NGen operat ionsExpedit e Microsof t NGen operat ions

After certain applications are installed, the operating system will have outstanding Microsoft NGEN operations for its .NET

components. You can take steps to expedite the completion of the queued NGEN items, as described in this section.

Layer int egrit y checkLayer int egrit y check

When finalizing a Layer, Unidesk checks to see if the Layer is ready. If any tasks remain to be completed, for example

Microsoft NGen or other Windows operations, it waits until all Windows operations that are in progress on the Installation

Machine have completed before finalizing the Layer. Otherwise, the new Layer or Layer version that uses this Installation

Machine would have issues. A Layer integrity message, lets you know what you can do to expedite the completion of

queued tasks that must be completed before a Layer is finalized.

Layer Integrity Message: The new version [version-name] of Layer [layer name] on Installation Machine (IM) [im-name] can

only be finalized when the following conditions are addressed:

A restart is pending to update drivers on the boot disk - please check and restart the IM.

A post-installation restart is pending - please check and restart the IM.

A Microsoft NGen operation is in progress in the background - (Click here for help with this condition).

An MSI install operation is in progress - please check the IM.

See if you can expedit e Microsof t NGen operat ionsSee if you can expedit e Microsof t NGen operat ions

About Microsof t NGen operat ionsAbout Microsof t NGen operat ions


NGen is the Microsoft "Native Image Generator". It is part of the .NET system, and basically re-compiles .NET byte code




You have the choice of waiting for the NGen to complete in the background or you can force the NGen to the foreground.

Forcing the NGen to the foreground will allow you to view the progress and once the output has completed you should be

able to finalize the layer.

Force an NGen operat ion t o t he f oregroundForce an NGen operat ion t o t he f oreground



Open a command prompt as Administrator.

Go to the Microsoft .NET Framework directory for the version currently in use:


Enter the NGen command to execute the queued items:

ngen update /force


NoteIt’s okay if you see several compilation failed messages.

Look in the Task Manager to see if an instance of MSCORSVW.EXE is running. If it is, you must allow it to complete, or

run the command ngen update /force again. Do not restart to stop the task. You must allow it to complete.

Check t he st at us of an NGen operat ionCheck t he st at us of an NGen operat ion

If you would prefer to wait for the NGen to complete you can check the status as described here. However, every time you

check the queue status, you are creating foreground activity, which might cause the background processing to temporarily

1.

2.

3.

4.


pause.


Check status by running this command:

ngen queue status

When you receive the following status, the NGen is complete, and you can finalize the Layer.

The .NET Runtime Optimization Service is stopped.

Create your Unidesk Collections and Session Hosts

To connect to XenApp, every Unidesk Session Host must be manually connected to a XenApp Delivery Group. Therefore,

you must create the Session Hosts, which in turn require Unidesk Collections. In case this isn't done yet, you can use the

following links:

Create Session Host Collections [ADD LINK]

Create a Session Host [ADD LINK]

Add the Unidesk Session Hosts to XenApp DeliveryGroups

When your Session Hosts are available in Unidesk, you can add them to Citrix Machine Catalogs and Delivery Groups.

Creat e XenApp Delivery Groups t hat correspond t o your Unidesk Collect ionsCreat e XenApp Delivery Groups t hat correspond t o your Unidesk Collect ions

Use Citrix Studio to create the Delivery Groups for your Unidesk Session Hosts. Citrix recommends using the same names for

your Delivery Groups as you did for the Unidesk Collections.

Configure t he Machine Cat alogs and Delivery GroupsConfigure t he Machine Cat alogs and Delivery Groups

To add Unidesk managed Session Hosts to the XenApp environment, follow the usual steps for adding a physical machine

to a XenApp Machine Catalog.

1.

2.

3.


1. In Citrix Studio, select Machine Cat alog Set upMachine Cat alog Set up.

2. On the Operat ing Syst emOperat ing Syst em tab, select Windows Server OSWindows Server OS and then select NextNext .

3. On the Machine ManagementMachine Management tab, select Anot her service or T echnologyAnot her service or T echnology .

4. On the MachinesMachines tab, select Add Comput ersAdd Comput ers and search for the name of the XenApp server you just deployed.

Configure t he Delivery GroupsConfigure t he Delivery Groups

Delivery groups are collections of machines. These groups define who is authorized to use the Applications hosted on those

machines. Create a new Delivery Group and add the previously created Session Host to this group.

1. In Citrix Studio, select Creat e Delivery GroupCreat e Delivery Group.

2. On the MachinesMachines tab, select the Cat alogCat alog you just created, and click NextNext .

3. On the Delivery T ypeDelivery T ype tab, select Applicat ionsApplicat ions and click NextNext .

4. On the UsersUsers tab, add users you want to entitle in this delivery group.

5. On the Applicat ionsApplicat ions tab, publish an application. This can be done by typing the path to the executable or by browsing

applications. It can take some time before the list is generated, as it requires communication with the XenApp Virtual

Delivery Agent.



Jun 28 , 2017

A Unidesk Machine (Desktop or Session Host) is a virtual machine composed of an Operating System layer and Application

Layers. A Unidesk Machine also includes a Personalization Layer. You create and select the OS Layer and Application Layers

and for Unidesk Machines, Unidesk creates the Personalization Layer.

In a Persistent Desktop or Session Host, the Personalization Layer stores all changes made to the Machine, including files

and installed applications. In a Non-persistent Desktop the Personalization Layer is cleared on each Desktop restart or log

off, unless you are using RDS in which case it is cleared only on a log off. Unidesk Machines can be deployed to a

connection broker such as Microsoft’s RDCB or can simply be deployed to the virtual infrastructure and accessed via a

connection client like RDP.

Once you have Collections, Citrix recommends connecting to your directory service so you can easily create Desktops and

assign roles to Directory Service users.


Connect to a directory service

Jun 28 , 2017

Once you configure Unidesk to connect to your directory service, for example Active Directory, Unidesk associates the

Unidesk Machines (Desktops or Session Hosts) you create with users and groups in your directory service (supported

directory services).

When you connect to your directory service, you will create one or more Directory Junctions to access specific domains or

OUs. Unidesk reads from your directory service to create an association between users and Unidesk Machines. If you are

using a broker, the user association will also be configured in the broker.

Your directory service is not modified by Unidesk.

About connecting Unidesk to a directory service

Overlapping Directory Junctions

Overlapping (or nested) Directory Junctions occur when you create multiple Directory Junctions that contain the same users

and then import the users into the Unidesk directory tree. When overlapping occurs, each Directory Junction contains its

own copy of the duplicate users.

Assume you create Directory Junction A that starts at the Marketing folder in a directory service tree. Next, you create

Directory Junction B which starts at a folder above the Marketing folder. If you browse both Directory Junctions, you can

see the Marketing users in both folders.

User attributes are imported from the directory service

The Unidesk software imports and caches user and group attributes from your directory service when:

You assign a Unidesk Machine to a user or group.

You assign administrator privileges to a user.

The values of the attributes change in the directory service.

The attributes that the Unidesk software caches are read only. All changes to the attributes for directory service users

come from the directory server.

The Unidesk software synchronizes the information it caches for directory service users with the directory service every 12

hours. If the software discovers that a user is no longer an object in the directory service, it classifies the user as abandoned

(you can view this information in the Information view for the user). You can continue to assign Unidesk Machines to this

user; however, the attributes that the software originally obtained from the directory service are not updated unless you

change them manually in the Unidesk Management Console. In this case, the directory user is equivalent to a local user.

Directory service user name changes and assigned Unidesk Machine owners


After you assign a directory service user to a Unidesk Machine, changing the name in the directory service has no effect on

the assigned owner of the machine. Unidesk continues to display the original user name as the owner of the machine.

Create a directory junction

Before you start

Create the folders where you want to place the Directory Junctions or decide which existing folder you want to use. You

can add a Directory Junction folder to any existing folder in the Unidesk Management Console directory tree.

Best Pract ice:Best Pract ice: Avoid creating overlapping Directory Junctions, if possible. In some circumstances, deleting an overlapping

Directory Junction can affect your ability to delete another Directory Junction that contains the same users. You can,

however, browse and assign Unidesk Machines to users that belong to overlapping Directory Junctions.

Create a directory junction

Select Users > Direct ory ServiceUsers > Direct ory Service .

Select Creat e Direct ory Junct ionCreat e Direct ory Junct ion in the Act ionAct ion bar.

The Create Directory Junction wizard opens.

On the Connect ion Det ailsConnect ion Det ails tab, specify the details for the directory server.

Name f or t he Direct ory Junct ionName f or t he Direct ory Junct ion - This name becomes the name of the folder that you see in the Unidesk

Management Console tree view. You can use any name, including the name of a domain in your directory service tree.

IP address or DNS nameIP address or DNS name - This is the name for the server you will use for the directory service.

Port numberPort number - Specify the port for communicating with the directory server.

SSL check boxSSL check box - Select this if you want to use Secure Sockets Layer (SSL) communication.

If certif icate errors occur, the wizard displays a list of these errors. If you know it is safe to ignore them, select Ignore

Certif icate Errors.

T est Connect ionT est Connect ion - Click to verify that the Management Appliance can connect to the directory service.

On the Aut hent icat ion Det ailsAut hent icat ion Det ails tab, enter the authentication details for a user who has permissions to search the

directory service.

ID, user name, or Dist inguished NameID, user name, or Dist inguished Name - This ID is referred to as the Bind Distinguished Name (DN).

To determine the correct syntax for the Bind DN or user name, see the documentation for your directory service.

Examples:Examples: The following examples shows some of the ways you can specify a user for the directory service:

domain\username or [email protected].

PasswordPassword for the Bind DN

T est Aut hent icat ionT est Aut hent icat ion - Click to verify that the connection to the directory server is valid.

On the Dist inguished Name Det ailsDist inguished Name Det ails tab, specify where you want the software to start searching for users and

groups in the remote directory service.

Base Dist inguished Name (DN)Base Dist inguished Name (DN) - The software starts searching for users and groups in the remote directory

service. Once you establish a connection to the server for the directory service, the wizard displays a list of available

DNs. You can select a DN from the list or enter the DN directly in the box.

1.

2.

3.

4.

5.


Example:Example: Assume that you want to start the search at the Marketing Organizational Unit at the root of a domain.

You would enter the following Base DN:

OU=marketing, DC=root,DC=mydomain DC=com

Click T est Base DNT est Base DN to verify that the Base DN you specif ied is valid.

On the Folder Locat ionFolder Locat ion tab, select the folder in the Unidesk tree where you want to add the directory junction for the

remote directory service.

On the At t ribut e MappingAt t ribut e Mapping tab, enter the names of directory service attributes that you want to map to the local

attributes or use the default settings.

To change the mapping from local attributes back to default mappings, click Use Def ault sUse Def ault s .

On the Confirm and Complet eConfirm and Complet e tab, verify the Directory Junction settings, enter a comment if required, and click

Updat e Direct ory Junct ionUpdat e Direct ory Junct ion.

If you enter comments, they appear in the Information view Audit History.

To ensure that the Unidesk software can find user, group, and folder entities in a directory service, you can map

attributes that the directory service uses to the attributes that the Unidesk software uses.

When you enter attribute values, use the following syntax. The software searches for the first attribute. If it cannot find

the first attribute, it searches for the second one.

attribute:attribute

The following tables describe the local attributes that you can map to directory service attributes.

6.

7.

8.


LocalLocalattributeattribute

Des criptionDes cription

GUIDThe Globally Unique Identifier for the user. If the user entity's location in the directory service changes, the Unidesk

software uses this attribute to locate it and retrieve its values.

Display

NameA name associated with the user.

First

NameThe first name of the user.

Last

NameThe last name of the user.

T itle A title associated with the user (for example Vice-President of Sales).

Logon

NameThe user name for authentication.

Email The email address associated with the user.

Phone The telephone number associated with the user.

Address 1 The first line of the user's street address.

Address 2 The second line of the user's street address.

City The city associated with the user's street address.

State The state associated with the user's street address.

Postal

codeThe postal or ZIP code associated with the user's street address.

Country The country associated wit the user's street address.




GUIDThe Globally Unique Identifier for a group. If the group entity's location in the directory service changes, the Unidesk


Display

NameA name associated with the group.

Description A description of the group.

Members The name of the groups in which this group has membership.



GUIDThe Globally Unique Identifier for a folder. If the folder entity's location in the directory service changes, the Unidesk


Display

NameThe name of the folder.

Description A description of the folder.

Local attributeLocal attribute Des criptionDes cription

UserA search string that looks for users.

The default value searches for users based on their last names.

GroupA search string that looks for groups.

The default value searches for group names, including the names of groups that are members of other groups.

FolderA search string that looks for specific contents in organizational units.

The default value searches organization units that are likely to contain users and groups.

Connect to a directory service

Select an existing folder or use the Creat e FolderCreat e Folder action to create folders in the Unidesk directory tree structure

where you want to place connections to a directory service.

1.


Select Creat e Direct ory Junct ionCreat e Direct ory Junct ion and specify:

Bind Distinguished Name - The Distinguished Name or ID for a user who has the permissions required to search the

directory service tree.

Base Distinguished Name - The starting point that the software uses when searching for users and groups in the

directory service tree.

Now you can assign Unidesk Machines to the users, or assign administrator privileges to them. The Unidesk software

caches the attributes for each directory service entry, so that if the connection to the directory service is lost

temporarily, the software can use the cached information for management tasks.

2.


Create desktops

Jun 28 , 2017

A Unidesk Desktop is a virtual machine made up of an Operating System Layer, Application Layers, and a user


creates the Personalization Layer.

About Unidesk Desktops

Persist ent and Non-persist ent Deskt opsPersist ent and Non-persist ent Deskt ops

On a Persistent Desktop, the Personalization Layer stores all changes made by the Desktop’s user, including files and

installed applications. On a Non-persistent Desktop the Personalization Layer is cleared on each Desktop reboot or log off,

unless you are using RDS in which case it is cleared only on a log off. Desktops can be deployed to a connection broker

such as Microsoft’s RD Connection Broker or Citrix XenDesktop, or can simply be deployed to the virtual infrastructure and

accessed via a connection client like RDP.

Creat ing a t est Deskt op t o verif y your Operat ing Syst em LayerCreat ing a t est Deskt op t o verif y your Operat ing Syst em Layer

The first Desktop you create will be a test Desktop, and it will give you an idea of the broad range of settings available for

your users, though you don't need to concern yourself with the majority of settings until you are ready to create them for

real users.

Creat ing mult iple Deskt ops at onceCreat ing mult iple Deskt ops at once

When you are ready to create Desktops for real users, you can create one Desktop at a time, or as many as you want at

once. You can name Desktops individually, or generate the names based on built-in naming conventions that you can edit or

augment.

Before You Start

Desktop Requirements

As soon as you create your Operating System Layer, you should make sure this Layer and your Domain Join script are in

good working order. Do this by creating a bare-bones test Desktop, as described in the next section.

Before you can create a Desktop you need:

A Unidesk Collection, which in turn requires an Operating System Layer

Users (available in Unidesk via a connection to your directory service)

A cluster or host that you set up when installing Unidesk appliances

Access to the network where the cluster or host is running

Desktop attributes you can never change

Certain Desktop attributes are determined by the Collection in which you create them, and once created, you can never

change these attributes for the Desktop:


Desktop Type - The Desktop Type can be either Persistent or Non-Persistent. A Persistent Desktop retains all user

customizations, including settings and data f iles, while a Nonpersistent Desktop returns to its original state when the

user logs off . The Desktop Type is determined by the type of Collection in which is created.

Connection Broker - You can upgrade the version of the broker used for a Desktop, but cannot move the Desktop to a

different broker.

Operating System Layer - You can change the version of the Operating System Layer assigned to a Desktop, but not

the Layer itself .

Desktops and the Collections to Which They Belong

As stated previously, the Collection where you create a Desktop determines its key attributes. If you decide to move a

Desktop to a different Collection, the new Collection must have the same key attributes, Broker, Desktop Type, and

Operating System Layer.

Create a Test Desktop (Recommended)

Before using your new Operating System Layer to create your Desktops and Application Layers for production,

Citrix recommends creating a test Desktop to verify that your Operating System Layer and domain join script work.

Create a Test Desktop to Verify Your Operating System Layer and Domain JoinSettings

Since you won't deploy this Desktop to production, select the required settings only and accept the default values for

everything else.

1. In the Unidesk menu bar select Deskt opsDeskt ops and then click Creat e Deskt opCreat e Deskt op.

The Creat e Deskt opCreat e Deskt op wizard opens.

2. On the Collect ion AssignmentCollect ion Assignment tab, select a Collection where you want to group the Desktop with other Desktops,

then browse your directory service tree and select a user. This step creates an association in Unidesk between the user

and the Desktop. It also configures your broker to associate the Desktop with the selected user. Your directory service is

not modif ied.

3. On the Deskt op Det ailsDeskt op Det ails tab, select a cluster or host, a network, and a VLAN Tag (if necessary).

Use the default settings for everything else.

4. On the Conf irm and Complet eConf irm and Complet e tab, confirm that the settings are correct in the Deskt op Visualizat ion Deskt op Visualizat ion panel on the

right.

5. Click Creat e Deskt opsCreat e Deskt ops to start creating the Desktop.

A Desktop icon appears with the status displayed in the lower right corner of the icon. The Desktop status cycles

through Stopped, Powering on, Starting, and Running. For more status information, click the ExpanderExpander tab in the

bottom center of the console to open the T asksT asks panel. For example, if the Desktop is not successfully added to the

connection broker, a status messages are displayed in the Desktop Details.

6. View the IP address assigned to the Desktop, by hovering over the Desktop icon and clicking the information icon.

7. Log into the Desktop and verify that the Desktop successfully joined the domain.

Troubleshoot Domain Join Issues (Windows 7, Windows 8.1)

If your Desktops are not successfully joining the domain, follow the steps below to identify the issue. Fixing the problem


usually requires an update to the unattend file. Then you need to create a new version of your Operating System layer. Use

the Unidesk unattend builder to correct any issues in the unattend.xml file. The Unidesk unattend builder is available for

download in the Unidesk Download Center. [ADD LINK]

When a Windows 7 or Windows 8.1 Desktop is created in Unidesk it runs through the Microsoft Windows mini-setup

process, which uses a file called unattend.xml to configure a variety of Desktop settings. We recommend that you use the

Unidesk Unattend builder tool to create your unattend file. With the Unattend builder you can specify all of the settings

required to join the Desktop to the domain during creation.

If your Desktop is not joining the domain correctly, here are some common issues and how to solve them.

Keep in mind that while you will look at logs on the Desktop Unattend to identify your problem, you will update the

unattend file in your OS layer or in an application layer to correct it so that newly created Desktops will successfully join

your domain.

Check t he Set upact log on t he Deskt op f or errorsCheck t he Set upact log on t he Deskt op f or errors




NoteEnsure you are looking at the setupact log in C:Windows\Panther\UnattendGC. The log file is not in the directory

path C:Windows\Panther.









Fully qualif ied domain nameFully qualif ied domain name: vdidomain.acme.com or vdidomain.local

Short domain nameShort domain name: vdi

OUOU: acmegrp1

Domain accountDomain account : Administrator

To check your unat t end fileTo check your unat t end file

Open the unattend file on the Desktop and check for some common problems. The unattend file is located in

c:\windows\panther.

Search for the <JoinDomain> tag and check the fully qualif ied domain name, as shown in one of these examples:



Check the domain specification by searching for the Domain tag: <Domain>. The Domain tag must be the short domain

name, not the fully qualified domain name. An example is:



Check the Username specif ication. An example is:

1.




Check the processor architecture.

In the component tag, make sure the processorArchitecture is correct for your platform, either amd64 or x86.

Fix any issues you find in the unattend.xml, either by editing the file manually, or by running the Unattend builder again.

This involves creating a new version of your OS layer to update the unattend file:

1. In the Unidesk Management Console, click Operat ing Syst em Layer > Add Version Operat ing Syst em Layer > Add Version.

Allow the Operating System Layer to start up in the Install Machine and then log on.

2. Once logged on, either edit unattend.xml or run the Unattend builder:

Run Notepad as Administrator, edit C:\Windows\Panther\unattend.xml, and then save the f ile.


Deploy a new Desktop with your latest OS version and check for successful domain join.







This line appears at the bottom of the last attempt and denotes that the domain join process is successful. Any return

status other than 0x0 denotes a failure. You may also see the following lines above it, which also show success:






like this:




2.

3.





07/12/2012 14:38:52:122 NetpJoinDomainOnDs: Function exits with status of : 0x4cf




This error may also be the result of mixing layers that were built from different OS layers. Resolve it by deploying with just




http://www.unidesk.com/support/kb/using-powershell-advanced-domain-join-operations




05/02/2012 23:07:31:696 NetpJoinDomainOnDs: Function exits with status of : 0x52e







05/02/2012 23:14:21:057 NetpJoinDomainOnDs: Function exits with status of : 0x775
















container. Windows requires that the default OU be left unspecified, so if you want to put new Desktops into the default

Computers OU, you must delete the <MachineObjectOU> line entirely. Look further up the log file for what the specified

OU is:




Bad domain specifiedBad domain specified



2012-07-13 16:11:15, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5

seconds...




Insuf ficient user right sInsuf ficient user right s

07/17/2012 13:26:47:524 NetpMapGetLdapExtendedError: Parsed [0x5] from server extended error string: 00000005:

SecErr: DSID-03152492, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0




...







http://www.unidesk.com/support/kb/using-powershell-advanced-domain-join-operations [CHANGE LINK]


<settings pass="specialize" wasPassProcessed="true">

The UnattendedJoin block within it looks like this.


<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<Identification>

<Credentials>




</Credentials>




</Identification>

</component>




not the FQDN. The "Domain" and "Username" tags are joined to create the account that the Desktop will login to the

domain as in order to create the Machine Account. The account must exist and be a domain administrator or a service

account with suff icient privileges to create Machine Account objects. In this example, "company\administrator" logs in

with password "thePassword". Note that the password is stored in the gold as plain text, but is replaced with the string

"*SENSITIVE*DATA*DELETED*" during deployment to preserve security.

3. The "JoinDomain" tag must contain the full domain as a FQDN. The Desktop logs in to and joins this domain using the

credentials described above earlier.



want your Desktops to appear in the default Computers container for your domain, you must delete the entire




Computers container by putting nothing in the "OU to Place Desktops" f ield.)


Desktops that have been created and deleted before), the domain reuses the existing Machine Account in whatever






failure messages.





Create One or More Desktops

In the Unidesk Management Console, select Deskt ops > Creat e Deskt op Deskt ops > Creat e Deskt op. The Create Desktop wizard opens where you

can configure the Desktop(s).

Collection Assignment

Select a Unidesk Collection, and individual users or a group. If you select a group, Desktops will be created for all users in the

group. Collection assignment creates an association in Unidesk between the user and the Desktop, and will also configure

your broker to associate the Desktop with that user. Your directory service is not modified.

Not esNot es

If the Desktop is not successfully added to the connection broker, a status message appears in the Desktop Details. To

see the broker or a status message about the Desktop being added to the broker, click the information symbol on the

Desktop icon.

In an RD Connection Broker (RDCB) collection, a user can have only one Desktop. If you attempt to create a Desktop in

an RDCB collection where there is already a Desktop owned by that user, the Desktop will not be created.

Desktop Details

Cluster or Host - Choose the cluster or server to host the Desktop(s) from the choices you configured when setting up the

UnideskManagement Appliance. If the cluster or host is missing, verify that it has been enabled for the Management

Appliance and CachePoint. Note that the Management Appliance must be restarted if hosts are added or removed from a

cluster.


Desktop Names - You can use one of our built-in naming conventions to auto-generate Desktop names. Or, you can define


Generate Name Automatically - This option automatically generates the Desktop names based on a naming convention.

You can select a built-in naming convention or create your own custom naming convention. You must use automatic

name generation if you are creating more than one Desktop. If you don't want the default naming convention

(FirstnameLastname), you can make your own naming convention by selecting Custom and entering an expression.

Enter Desktop Name - If you are creating a single Desktop, deselectGenerate Name Automatically and type in a

Desktop name.

Desktop names must meet the following basic naming requirements or the Desktop will not start.



Numbers 0 through 9





NoteIf you use non-alphanumeric characters in the Desktop name, Unidesk substitutes an underscore for each non-alphanumeric

character in the corresponding folder name.

When you create more than one Desktop at a time, the system generates the names for you. You can also choose to have

the system generate a name for an individual Desktop. You can either use the built-in naming conventions, or create a

custom naming convention. The built-in naming conventions available are based on whether the Collection is for Persistent

or Non-persistent Desktops.

When creating Desktops, you can ensure that naming is consistent by choosing one of the built-in naming conventions, or

by defining (and then choosing) a naming convention of your own.


T his conventionT his convention Creates a name that contains theCreates a name that contains the ExampleExample

FirstnameLastname First name and last name of the selected user. JohnDoe

LastnameFirstInitial Last name and first initial of the selected user. DoeJ

FirstInitialLastname First initial and last name of the selected user. JDoe

CollectionIncrementSelected Collection. Also appends a sequential numeric value to the end of each Desktop

name.

Support1,

Support2

1. Select Syst em > Set t ings and Conf igurat ion Syst em > Set t ings and Conf igurat ion.

2. Select Deskt op Naming Convent ion Set t ingsDeskt op Naming Convent ion Set t ings and then click EditEdit .

3. In the Expression box for the naming convention that you want to change, edit the displayed expression.

In addition to using the naming expressions, you can enter additional characters as long at they follow the host naming

standards.

Example: If you wanted Desktop names to use a format such as, MKTG-FirstnameLastname, you could enter an

expression similar to the following one:

MKTG-%F%L

4. Click SaveSave .

1. Select Syst em > Set t ings and Conf igurat ionSyst em > Set t ings and Conf igurat ion.

2. Select Deskt op Naming Convent ion Set t ingsDeskt op Naming Convent ion Set t ings and then click EditEdit .

3. Click Add Naming Convent ionAdd Naming Convent ion.

4. In the Convent ion NameConvent ion Name box, enter a name that you want to associate with the naming convention. The Create

Desktop wizard displays this name as a selection in the Desktop Assignment tab.

5. Enter an expression that defines the syntax for the name. In addition to using the built-in naming expressions, you can

enter additional characters as long at they follow the host naming standards.

6. Click AddAdd and then click SaveSave .

Naming convention expressions define how the system displays the naming conventions. The following table describes the

syntax for the valid expressions that the system uses to generate names.


Us eUs e T o includeT o include ExamplesExamples

%

[n]F

The first name of the selected user.

The n variable indicates the number of characters to include.

If you do not specify a character length, the software uses the full name.

%F = Joey

%3F = Joe

%

[n]L

The last name of the selected user.



%L =

Hartley

%4L = Hart

%

[n]C

The name of a selected group.



%C =

Marketing

%3C =Mar

[%I]

A unique number at the end of a generated name. The number starts at 1 and increments sequentially for each

Desktop that the software creates. The software applies this expression if the generated name is not unique and if

you include it in a custom expression.

%3C%I =

Mar1,

Mar2,

Mar3, ...

Network - Choose a network. The list displays all networks available to the selected host or cluster.

Application Assignment

Application Layer(s) to add to the Desktop. Expand a Layer to select the version.

Desktop Settings


CPUs - Number of virtual CPUs to allocate to the Desktop. You can specify any number from 1 to 64. The default

number of CPUs is derived from the greater of the following two values: the number of CPUs that was imported for the

gold image or the minimum number of CPUs Unidesk has defined.

Starting Memory - Amount of memory (in megabytes) to allocate to the Desktop at startup. The default setting is

derived from the greater of the following two values: the Starting Memory that was imported for the gold image or the

minimum amount of starting memory Unidesk has defined.

Dynamic Memory - Specif ies the use of dynamic memory for the Desktop; otherwise, the Desktop's memory use is

static. Using dynamic memory enables the Desktop to contribute or receive memory as a shared resource. When working

with multiple Desktops, dynamic memory uses the overall available physical memory in a more eff icient way than static

memory does.

If you select the Dynamic Memory option, the Starting Memory number must be greater than or equal to the

Minimum RAM number and less than or equal to the Maximum RAM number.

If you upgrade a Desktop that is using dynamic memory, the Dynamic Memory option is no longer enabled following

the upgrade procedure.

A CachePoint that has not been upgraded disregards any Dynamic Memory settings. Once the CachePoint is

upgraded, the next edit to it invokes the Dynamic Memory settings.

Minimum RAM - The minimum amount of memory (in megabytes) to allocate to the Desktop after startup. This number

cannot be less than 32 and must be divisible by 2. This option becomes active when the Dynamic Memory option is


selected.

Maximum RAM - The maximum amount of memory (in megabytes) to allocate to the Desktop after startup. This number

cannot be greater than 1048576 and must be divisible by 2. This option becomes active when the Dynamic Memory

option is selected.

Buffer Percentage - Specif ies how much memory to add to the Desktop as a buffer. This number is a percentage of the

amount of memory the Desktop actually requires to run applications and services. This percentage cannot be less than 5

nor greater than 2000. This option becomes active when the Dynamic Memory option is selected.



The Page File size is a percentage of the Starting Memory value. On Desktops that have Dynamic Memory enabled, and

a Maximum RAM value set greater then the Starting RAM value, Full Core Dumps may not be created successfully, as the

Page f ile might not be large enough.




Maintenance Schedule

A maintenance window is a time set aside for Desktop maintenance tasks that require the user to log off, for example,

adding a new version of a Layer.


Create session hosts

Jun 28 , 2017

A Unidesk Session Host is a virtual machine made up of an Operating System Layer, Application Layers, and a machine


creates the Personalization Layer, where changes made to the Session Host are saved.

When you are ready to create Session Hosts, you can create one or multiple Session Hosts at a time. You can name Session

Hosts individually, or generate the names based on built-in naming conventions that you can edit or augment. A single Azure

subscription is limited to 48 Session Hosts.

Before you start

Session Host Requirements

As soon as you create your Operating System Layer, you should make sure this Layer and your Domain Join script are in

good working order. Do this by creating a bare-bones test Session Host, as described in the next section.

Before you can create a Session Host you need:

A Unidesk Collection, which in turn requires an Operating System Layer

Session Host attributes you can never change

Certain Session Host attributes are determined by the Collection in which you create them, and once created, you can

never change these attributes for the Session Host. Currently, this includes:

Operating System Layer - You can change the version of the Operating System Layer assigned to a Session Host, but

not the Layer itself .

Session Hosts and the Collections they belong to

As stated above, the Collection where you create a Session Host determines its key attributes. So, if you decide to move a

Session Host to a different Collection, the new Collection must have the same Operating System Layer.

Create a test Session Host (Recommended)

Before using your new Operating System Layer to create your Session Hosts and Application Layers for production, we

recommend creating a quick, test Session Host to verify that your Operating System Layer and domain join script are in

good working order.

Create a test Session Host to verify your Operating System Layer and domain join settings

Since you won't deploy this Session Host to production, you just need to select the required settings, and accept the

default values for everything else.

1. On the Unidesk menu bar select Session Host s Session Host s , then click Creat e Session HostCreat e Session Host . This opens the Create Session Host

wizard.


http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/os-layer.html


2. On the Collection Assignment tab, select a Collection where you want the Session Host to be grouped, and choose to

create 1 Session Host.

3. Take the default settings for everything else, and on the Confirm and Complete tab, confirm that the settings are

correct (see the Visualization panel to the right), and click Creat e Session Host sCreat e Session Host s to start creating the Session Host.

A Session Host icon appears, its status displayed in the lower right corner of the icon. The Session Host status cycles

through Stopped, Powering on, Starting, and Running. For more status information, click the Expander tab in the bottom

center of the console to open the Tasks panel. For example, if the Session Host is not successfully added to the

connection broker, a status messages is displayed in the Session Host Details.

1. View the IP address assigned to the Session Host, by hovering over the Session Host icon and clicking the information

icon .

2. Log into the Session Host and verify that t has successfully joined the domain.

Troubleshoot domain join issues

If your Session Hosts are not successfully joining the domain, follow the steps below to identify the issue. Fixing the

problem usually requires an update to the unattend file, and usually you need to create a new version of your Operating

System layer and use the Unidesk unattend builder to correct any issues in the unattend.xml file. The Unidesk unattend

builder is available for download in the Unidesk Download Center.

About domain join

When a Session Host is created in Unidesk it runs through the Microsoft Windows mini-setup process, which uses a file

called unattend.xml to configure a variety of Session Host settings. We recommend that you use the Unidesk Unattend


Session Host to the domain during creation.

If your Session Host is not joining the domain correctly, here are some common issues and how to solve them.

Keep in mind that while you will look at logs on the Session Host Unattend to identify your problem, you will update the

unattend file in your OS layer or in an application layer to correct it so that newly created Session Hosts will successfully

join your domain.

First things to check




Note: Be sure you are not looking at the setupact log in C:Windows\Panther. You want the log file that's

in C:Windows\Panther\UnattendGC.




https://www.unidesk.com/support/download-center





f ully qualif ied domain namef ully qualif ied domain name: vdidomain.acme.com or vdidomain.localshort domain nameshort domain name: vdiOU:OU: acmegrp1Domain accounDomain account: Administrator

1. Open the unattend file on the Session Host and check for some common problems. The unattend file is located in

c:\windows\panther.

Search for the <JoinDomain> tag and check the fully qualified domain name. It should look like one of these examples:



Check the domain specification by searching for the Domain tag: <Domain>. The Domain tag must be the short

domain name, not the fully qualified domain name.It should look like this:



Check the Username specification. It should look like this:





2. Fix any issues you f ind in the unattend.xml, either by editing the f ile manually, or by re-running the Unattend builder. This

involves creating a new version of your OS layer to update the unattend f ile:

1. In the Unidesk Management Console, click Operating System Layer > Add Version. Allow the Operating System Layer

to boot up in the Install Machine, and log in.

2. Once logged in, either edit unattend.xml, or re-run the Unattend builder:

Run Notepad as Administrator, edit C:\Windows\Panther\unattend.xml, and save the f ile.

3. Finalize the layer

3. Deploy a new Session Host with your latest OS version and check for successful domain join.

Check the Netsetup log file for errors















like this:








































container. Windows requires that the default OU be left unspecified, so if you want to put new Session Hosts into the

default Computers OU, you must delete the <MachineObjectOU> line entirely. Look further up the log file for what the

specified OU is:






seconds...









...






Use another approach to domain join: Add a script to the deployment process




More about how domain join works



And the UnattendedJoin block within it looks like this.

<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64"

publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"

xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-

instance">

<Identification>

<Credentials>




</Credentials>




</Identification>

</component>




not the FQDN. The "Domain" and "Username" tags are joined to create the account that the Session Host will login to

the domain as in order to create the Machine Account. The account must exist and be a domain administrator or a

service account with suff icient privileges to create Machine Account objects. In this example, "company\administrator"

logs in with password "thePassword". Note that the password is stored in the gold as plain text, but is replaced with the

string "*SENSITIVE*DATA*DELETED*" during deployment to preserve security.

3. The "JoinDomain" tag must contain the full domain as a FQDN. The Session Host logs in to and joins this domain using

the credentials described above earlier.


want your Session Hosts to appear in the default Computers container for your domain, you must delete the entire




Computers container by putting nothing in the "OU to Place Session Hosts" f ield.)


https://www.unidesk.com/support/kb/using-powershell-advanced-domain-join-operations


Session Hosts that have been created and deleted before), the domain reuses the existing Machine Account in whatever






failure messages.





Create one or more Session Hosts

In the Unidesk Management Console, select Session Host sSession Host s > Creat e Session HostCreat e Session Host . This opens the Create Session Host

wizard where you can configure the Session Host(s).

Collection Assignment

Select a Unidesk Collection

Session Host Details

Session Host Names - You can use our built-in naming convention to auto-generate Session Host names. Or, you can define


Generate Name Automatically - This option automatically generates the Session Host names based on a naming

convention. You can select a built-in naming convention or create your own custom naming convention. You must use

automatic name generation if you are creating more than one Session Host. If you don't want the default naming

convention (Collection name and increment), you can make your own naming convention by selecting Cust omCust om and

entering an expression.

Enter Session Host Name - If you are creating a single Session Host, deselect Generat e Name Aut omat icallyGenerat e Name Aut omat ically and

type in a Session Host name.

Session Host naming requirements

Session Host names must meet the these basic naming requirements, or the Session Host will not start.



Numbers 0 through 9





Application Assignment


Application Layer(s) to add to the Session Host. Expand a Layer to select the version. You can assign up to 13 Application

Layers to each Session Host.


CPUs - Number of virtual CPUs to allocate to the Session Host. You can specify any number between 1 and 64. The

default number of CPUs is derived from the greater of the following two values: the number of CPUs on the gold image

or the minimum number of CPUs Unidesk recommends, which is 4. Your infrastructure must be able to support the

number of CPUs you choose.

Starting Memory - Amount of memory (in megabytes) to allocate to the Session Host at startup.

Dynamic Memory - Marking this check box specif ies the use of dynamic memory for the Session Host, while clearing this

check box specif ies that the Session Host's memory use is static. Using dynamic memory enables the Session Host to

contribute or receive memory as a shared resource. When working with multiple Session Hosts, dynamic memory utilizes

the overall available physical memory in a more eff icient way than static memory does.

If you select the Dynamic Memory option, the Starting Memory number must be greater than or equal to the

Minimum RAM number and less than or equal to the Maximum RAM number.

If you upgrade a Session Host that is using dynamic memory, the Dynamic Memory option is no longer enabled

following the upgrade procedure.

A CachePoint that has not been upgraded disregards any dynamic memory settings. Once the CachePoint is

upgraded, the next edit to it invokes the dynamic memory settings.

Not es:Not es:

Minimum RAM - The minimum amount of memory (in megabytes) to allocate to the Session Host after startup. This

number cannot be less than 32 and must be divisible by 2. This option becomes active when the Dynamic Memory option

is selected. The default minimum value for this setting is 8192 MB (8 GB).

Maximum RAM - The maximum amount of memory (in megabytes) to allocate to the Session Host after startup. This

number cannot be greater than 1048576 and must be divisible by 2. This option becomes active when the Dynamic

Memory option is selected. The default value for this option is the greater of the following two values: the Maximum

RAM from the Gold Image, or 16384 MB (16 GB), the minimum recommended by Unidesk.

Buffer Percentage - Specif ies how much memory to add to the Session Host as a buffer. This number is a percentage of

the amount of memory the Session Host actually requires to run applications and services. This percentage cannot be

less than 5 or greater than 2000. This option becomes active when the Dynamic Memory option is selected.



Not e:Not e: The Page File size is a percentage of the Starting Memory value. On Session Hosts that have Dynamic Memory

enabled, and a Maximum RAM value set greater then the Starting RAM value, Full Core Dumps may not be created

successfully, as the Page file might not be large enough.




Maintenance Schedule

A maintenance window is a time for Session Host maintenance tasks that require users to be logged off, for example,

adding a new version of a Layer. Unidesk keeps track of the number of users logged into each session host, so that

maintenance can be performed when all users are logged off.


IMPORTANTIMPORTANT : When using XenApp, Session Hosts must be put in Maintenance Mode using the Desktop Studio Console.


Application Layers

Jun 28 , 2017

Create Application Layers

You can create any number of Application Layers and assign them to Unidesk Machines (Desktops or Session Hosts). You'll

need a staging area, called an Installation Machine (IM) where you'll create the Layers. Then you can assign them

to Unidesk Machines that use the same Operating System Layer as the IM.

Refer to these detailed steps for creating an Installation Machine, creating an Application Layer, and assigning the

Application Layer to Unidesk Unidesk Machines.

Create an Installation Machine, a staging area for your Layers

Create Application Layers

Assign Layers to your Unidesk Machines

Application Layering tips

Tips to deploy Anti-virus applications in Layers

Tips to deploy Windows 8.1 applications in Layers

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/application-layers/create-an-installation-machine.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/application-layers/create-an-application-layer.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/application-layers/assign-applications-to-a-desktop-or-session-host.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/application-layers/deploy-anti-virus-software.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/application-layers/deploy-windows-8-1-applications-in-layers.html


Create an installation machine

Jun 28 , 2017

An Installation Machine is a virtual machine that you provision with the software needed for new Application Layers and

new versions of Operating System and Application Layers. You will need at least one installation machine for

each Operating System Layer in your Unidesk deployment.

About Installation Machines

When to use an Installation Machine

You'll need an Installation Machine whenever you want to create a new Application Layer or when you add a new Version

to an existing Application or Operating System Layer. You do not need an Installation Machine for the initial creation of

an Operating System Layer, just for any Layer Versions you add to it.

The role of an Installation Machine in Layer creation

The Installation Machine is a virtual machine that you use as a staging area for the application(s) you want to put in a

Layer. Before creating a Layer or a new version of a Layer, you'll set up the new software on an Installation Machine.

Before you start

Determine the configuration for memory, CPUs, and network adapters that the application(s) need on the Installation

Machine. For example, if you plan to create Application Layers that require two CPUs, ensure you provision an Installation

Machine with this setting.

Create the Installation Machine (IM)

You must create at least one Installation Machine for each Operating System Layer that you are using in your environment.

Once you create an Installation Machine, you cannot change its Virtual Machine settings, including the Operating System

Layer.

1. Select Syst em Syst em > Inst allat ion MachineInst allat ion Machine > Create Installation Machine. This opens the Create Installation

Machine wizard.

2. In the General Settings tab, specify the virtual machine settings for the Installation Machine, including:

Installation

Machine Name

The Installation Machine name (IM Name) should be 15 characters or less, and unique on the

Master CachePoint Appliance. Valid characters include the letters a - z and A - Z; the numbers 0 - 9;

underscores (_) and hyphens (-). Names cannot start or end with a hyphen or an underscore, nor can

two hyphens or underscores be used consecutively.

Associated OS

LayerThe Operating System Layer associated with this IM.

Amount of memory (in megabytes) to allocate to the Installation Machine We suggest a minimum


Memory of 4096 MB for Windows updates. By default, this f ield is pre-populated with the same amount of

memory that was allocated to the associated gold image.

CPUs

Number of virtual CPUs to allocate to the Installation Machine. This value can be any number

between 1 and 64. By default, this f ield is pre-populated with the same number of CPUs that were

allocated to the associated gold image.

Virtual Switch The network that the Installation Machine will use to communicate with Unidesk appliances.

VLAN TagThe VLAN tag inserted into packet headers, indicating which logical network to use for this virtual

machine. If you need to add new VLAN Tags, click the Manage button and use the wizard to do so.

3. In the Confirm and Complete tab, you can enter a comment that describes the Installation Machine for the Audit

History.

4. Click Create Installation Machine.If you enter comments, they appear in the Information view Audit History.


Create an application layer

Jun 28 , 2017

An Application Layer includes one or more applications that you can assign to Unidesk Machines (Desktops or Session

Hosts). You can create any number of Application Layers to deliver applications to your Unidesk Machines.

Creating an Application Layer takes just a few steps. You’ll use a virtual machine, called an Installation Machine (IM) to install

the application, tell Unidesk when you’re done, and Unidesk will create the Layer. You can install as many applications as you

want in a single Application Layer. See the application recipes section on the forum for some useful hints about Application

Layers

About creating an Application Layer

Overview of the steps to create an Application Layer

Creat e an Creat e an Installation Machine - Do the initial creation of the Installation Machine using the Unidesk Management

Console.

Creat e an Creat e an Application Layer, or a new version of a Layer, or a new version of a Layer - Create an Application Layer, selecting the version of

the Operating System Layer that you want to run on your Installation Machine. The Unidesk software boots

the Installation Machine VM with the selected Operating System.

Inst all applicat ions on t he Inst all applicat ions on t he Installation Machine - After the Unidesk software boots the Installation Machine, the

software prompts you to install applications on the Installation Machine. You log into the Installation Machine (using

your virtual infrastructure management software or a remote Desktop connection) and install the applications or

OS update for the Layer or Layer Version you are creating.

F inalize t he Layer or new Layer VersionFinalize t he Layer or new Layer Version - Finalize the layer. You select the Layer and the software creates the

application image and adds it to the layer. It also shuts down the Installation Machine. The Installation Machine is

powered off and returns to a non-bootable state.

Application Layer requirements

To create an Application Layer, you need:

Your gold image

The installer software for the application(s) you're including in the Layer.

An available Installation Machine.

Any prerequisite Application Layers.I f applications require other programs (for example, Java versions, Web browsers, or

.NET framework), make sure that these Prerequisite Layers are available to select when creating the Layer, and also

deployed to the Unidesk Machine before you deploy the Layer.

Special considerations for Windows 8.1 Applications

To deliver applications on Windows 8.1 via Unidesk Layers, you need to build the applications so they can be centrally

managed. This is because Windows Store Apps are managed via each user's profile and can only be deployed to one user.

Regular Windows Store apps, like Bing Finance and Weather, cannot be sideloaded or layered. You can, however, deliver

centrally managed applications on Windows 8.1 by sideloading Enterprise applications, also called Line of Business (LoB)

https://www.unidesk.com/forum/application-layer-recipes

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/application-layers/create-an-installation-machine.html


applications. For details, please see Sideloading Line of Business applications.

Create an Application layer

1. Select Layers > Applicat ion LayersLayers > Applicat ion Layersand select Creat e LayerCreat e Layer in the Action bar. This opens the Create Layer wizard.

2. In the Layer Details tab,specify the following about the Layer.

1. Enter a name for the Application Layer.

2. (Optional) Enter a description of the Layer

3. Enter a version. This can be the version of the application or a version you assign to the Layer. This value is displayed in

the Details view of the Layer.

4. (Optional) Enter a description of the version.

5. (Optional) Enter the path for a custom script that runs once after the Unidesk Machine restarts.

6. Specify the default size for the Layer, in gigabytes. Since Layers are thin provisioned, this value represents the

maximum Layer size. Layers will grow as space is used, up to the maximum size. The default value is 10 gigabytes. If the

application you are installing could eventually require more space, change this value accordingly.

3. In the Installation Machine Details tab, specify the operating system and the Installation Machine. The Application Layer

becomes associated with the Operating System Layer that you use to create it. .

1. Select an Operating System Layer. The layer defaults to the most current version. To select an earlier version, you can

expand the layer to display all versions.

2. Select an Installation Machine

4. In the Prerequisite Layers tab, select one or more layers from the displayed list, if required. Only applications created from

the specified Operating System Layer are available.

1. Select an Application Layer in the Prerequisite Layers box.

2. Select the version of the Application Layer in the Application Details box.

3. Click Add LayerAdd Layer

5. In the Icon Assignment tab, select an icon to assign to the layer. This layer displays this image in the Icon and List views

of the Layers Module.

To use an existing image, select an image in the image box.

To import a new image, click Browse and select an image in PNG or JPG format. For additional information about

uploaded images, see the article about how to Assign icons.

6. In the Confirm and Complete tab, review the details of the Application Layer, enter a comment if required, and

click Creat e LayerCreat e Layer.If you enter comments, they appear in the Information view Audit History.

7. When prompted to do so in the Tasks bar, install the application and the prerequisite applications on the Installation

Machine.

Install the application(s) on the Installation Machine

During the creation process for Application Layers, the software prompts you to install the applications you want to use in

the Layer on the selected Installation Machine. Keep in mind that the state of the Installation Machine before you finalize

a layer is what users experience when they access the Unidesk Machine.

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/application-layers/deploy-windows-8-1-applications-in-layers.html

http://msdn.microsoft.com/en-us/library/windows/hardware/dn265487(v=vs.85).aspx

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/desktops-session-hosts-and-collections/edit-layer-and-collection-icons.html


To install the applications on the Installation Machine:

1. Log in to the Installation Machine.

2. Install the applications, along with any drivers, boot-level applications, or files that the user will need with it.

If an application installation requires a system restart, restart it manually. The Installation Machine does not restart

automatically.

3. Make sure the Installation Machine is in the state you want it to be for the user:

If the applications you install require any post-installation setup or application registration, complete these steps now.

Remove any settings, configurations, f iles, mapped drives, or applications that you do not want to include on the Unidesk

Machine.

Finalize the Application Layer

It is not necessary to log off or disconnect from the Installation Machine before you finalize the Application Layer. During

the finalization step, the software will shut down the Installation Machine properly.

After installing the applications on the Installation Machine, complete the following steps:

1. Return to the Unidesk Management Console

2. Select the Application Layer in the Layers module.

3. Select Finalize in the Action bar.

4. Monitor the Task bar to verify that the action completes successfully and that the Application Layer is deployable.

Layer integrity check






Layer Int egrit y Message:Layer Int egrit y Message: The new version version-name of Layer layer-name on Installation Machine (IM) im-name can

only be finalized when the following conditions have been addressed:

A reboot is pending to update drivers on the boot disk - please check and reboot the IM.

A post-installation reboot is pending - please check and reboot the IM.

A Microsoft NGen operation is in progress in the background.


See if you can expedite Microsoft NGen operations

About Microsoft NGen operations















3. Enter the NGen command to execute the queued items:

ngen update /force


Not e:Not e: It’s okay if you see several compilation failed messages!

4. Look in the Task Manager to see if an instance of MSCORSVW.EXE is running. If it is, you must allow it to complete, or

re-run ngen update /force. Do not reboot to stop the task. You must allow it to complete.

Check the status of an NGen operation



pause.


2. Check status by running this command:

ngen queue status

3. When you receive the following status, the NGen is complete, and you can finalize the Layer.

The .NET Runtime Optimization Service is stopped

Considerations

If applications affect boot-level components

Installing applications such as service packs, hot fixes, and antivirus applications can affect boot-level components, which

means you'll need to restart the Installation Machine. This will generate a system task to rebuild the Unidesk Machine's


boot image. Once Unidesk rebuilds the boot image, it shuts down the Installation Machine copies the boot-level

components to the boot volume, and restarts the Installation Machine. You can then finalize the layer or version.

Not eNot e : If the Installation Machine restarts before the boot image rebuild is complete, you will see a STOP message screen.

This is temporary.

About setting a script to run the first time the user logs in

When you create a Layer or Layer Version, you can specify a .cmd or .bat script to run the first time the Unidesk Machine

(Desktop or Session Host) is deployed. For example, you can use a script to complete the setup for an application.

The .cmd or .bat file is installed on the Installation Machine.

New Layer VersionsNew Layer Versions - When you create a new Layer Version, the new Version does not inherit the script from the

original Layer. If you want to include the script from the original Layer, you need to set the script for the Layer Version.

How to set a script

To set a script for a Layer or Layer Version:

1. Add the script file to the Installation Machine you are using to create the Layer or Layer Version.

Not e:Not e: To see whether a Layer Version already has a script configured, check by opening the Layer's Information view

and expand the Version entries.

2. Enter the script's path in the Layer or Layer Version's Script Path field. For example, enter C:\Scripts\SpecialScript.bat in

the Script Path field.

Once the script runs on a Unidesk Machine, it will not run again because the scripts are executed only once.

How to set a script to run more than once

To run a script more than once, you can:

Remove the Layer from the Unidesk Machine and then re-add it.

Click Deskt op > Edit Deskt opDeskt op > Edit Deskt op or Session Host > Edit Session HostSession Host > Edit Session Host , select the Applicat ion AssignmentApplicat ion Assignment tab, and

select RepairRepair for the layer.


Assign applications to a desktop or session host

Jun 28 , 2017

Each Desktop and Session Host includes the applications that users require for their work. The Unidesk Management

Console lets you add, remove, or reinstall applications on deployable Desktops and Session Hosts.

Before you start

Check the Layers module to make sure that the required Application Layers are available.

Assign applications

1. Select Deskt ops > Deskt opsDeskt ops > Deskt ops or Session Host s > Session Host sSession Host s > Session Host s and select one or more of them.

2. Select the EditEdit action. This opens the Edit Desktop or Session Host wizard.

3. In the Application Assignment tab, select one or more applications from the Available LayersAvailable Layers list. By default, the

software selects the most recent version. To add or remove a specif ic version, complete the following steps:

1. Expand an application to view the available versions.

2. Select the box next to a version you want to use.

3. Clear the box next to a version that you want to remove.

4. If you want to reinstall a previously-assigned application, select Reinstall.

4. In the Maintenance Schedule tab, select a method for deployment of the configuration changes. You can deploy them

in any of the following ways:

Select or create a maintenance schedule. A maintenance schedule deploys changes during a specif ied time frame.

As soon as possible. This option deploys the configuration changes after you shut down the Desktops or Session

Hosts. Selecting this option overrides the current maintenance schedule.

Defer deployment until a specif ied date and time. This option defers deployment of configuration changes until the

specif ied time elapses. At that time, Unidesk deploys the configuration changes if the Desktops or Session Hosts are

shut down. Selecting this option overrides the current maintenance schedule.

When t he user logs out or reboot s t he Deskt op or Session Host s.When t he user logs out or reboot s t he Deskt op or Session Host s. This option defers deployment until the

user logs out or reboots.

5. In the Confirm and Complete tab, verify that the application assignment details are correct, and click Updat eUpdat e

Deskt op/Session HostDeskt op/Session Host . Unidesk deploys the configuration changes as specified by your Maintenance Schedule

selection.


Deploy anti-virus software

Jun 28 , 2017

You can deploy some of the most commonly-used anti-virus products in a Unidesk environment, including products from

Symantec, McAfee, Trend Micro, Sophos, Kaspersky, and AVG.

Not e:Not e: Some anti-virus products do not yet fully support Windows 10. Before implementing a Windows 10 layer, please

check the documentation for your anti-virus package to ensure that Windows 10 is supported.

General Guidelines

Anti-virus software update options

When deploying anti-virus software in a Unidesk layer, one of the considerations is how to handle the anti-virus updates.

You can either:

Turn on auto updates, and let the updates get stored in the user's Personalization Layer. If auto updates happen daily,

this might be the most convenient approach. Note that whenever there is a major product update, you'll need to reinstall

on the UEP by redeploying the layer to the Desktop with the Reinst all t he layerReinst all t he layer checkbox selected.

Turn off auto updates, and redeploy the layer for each update. This requires updating the layer whenever you want to

push out new updates.

We generally recommend using the method with which you're most comfortable. This probably means continuing to do

whatever you've been doing.

Before you start

When deploying any anti-virus software package in the Unidesk environment, you may need to:

Start the Remote Registry Service for any of the remote installations.

Disable the f irewall on the Desktop before installing to allow the products to install.

Disable Simple File sharing.

Enable/disable User Account Control (UAC).

Read the installation instructions for Virtual Desktop Infrastructure (VDI) deployments on the web site for the product

you are installing.

AVG software

About deploying AVG in a Unidesk environment

You can use a gold image or an Application Layer to deploy the AVG Business Edition anti-virus software in

the Unideskenvironment.

Use either of the following methods to deploy the AVG anti-virus software:


Install the software on a gold image and import it to a new Operating System Layer.

Install the software on an Application Layer and assign the layer to new or existing Desktops.

The following version of AVG anti-virus software has been tested:

AVG 2013 Business Edition.

Install the software on a gold image

To deploy AVG software on a gold image:

1. Install the AVG software on the gold image.

2. Open the AVG application and select Option > Advanced Settings.

3. Select Temporarily Disable AVG Protection.

4. Click Temporarily Disable AVG Protection, and click OKOK to confirm.

5. Delete the following cache files:

C:\ProgramData\AVG2013\Chjw\*.*

6. Click Enable AVG Prot ect ionEnable AVG Prot ect ion.

7. Shut down the gold image.

8. Create an Operating System Layer using this gold image.

9. On newly deployed Desktops, it is recommended that you enable the Caching option again. You can do this

automatically through integration with AVG Remote Administrator.

Install the software on an Application Layer

1. Install the AVG software on the Application Layer.

2. Deploy the AVG layer to Desktops.

Kaspersky anti-virus software

About deploying Kaspersky software in a Unidesk environment

This section provides Kaspersky installation information that is specific to the Unidesk environment. See the Kaspersky

documentation for additional instructions about deploying the software in a VDI environment. And, for details about using

Kaspersky for non-persistent Desktops in a VDI environment, please read the section on Dynamic VDI Support in this

Kaspersky article.

Use the following methods to deploy the Kaspersky anti-virus software:

Install the software on an Application Layer or Application Layer revision.

http://forum.kaspersky.com/index.php?showtopic=219309


Install the software on the gold image you import into an Operating System Layer.

Install the software on an Operating System Layer revision.

The following versions of Kaspersky Endpoint Security for Business have been tested.

Kaspersky Security Center 10.2.434.

Kaspersky Endpoint Security 10 for Windows 10.2.1.23 (a).

Note: Encryption with Kaspersky 10.2 is not supported. Kaspersky 10.2 Encryption uses a form of disk virtualization that

bypasses the Unidesk virtualization, and as such is incompatible with Unidesk. When deploying Kaspersky 10.2 make sure

to deselect the Encryption options before deploying the application.

If you plan to use a new Operating System Layer to deploy the Kaspersky software, install the software on the gold

image BEFORE you install the Unidesk Tools.

If you plan to use the Kaspersky Administration Server to manage the Desktop, install both Kaspersky Anti-Virus for

Workstations and Kaspersky NetAgent on the Installation Machine (for Application Layers or layer revisions) or on a gold

image (for a new Operating System Layer).

If you do not plan to use the Kaspersky Administration Server, install Kaspersky Anti-Virus for Workstations only on

the Installation Machine or the gold image.

When you install the Kaspersky NetAgent, clear the selection for the start application during install option.

When you install the Kaspersky Anti-Virus for Workstations in a stand-alone configuration, do not enable password

protection for any of the administrative options. The password you enter on the Installation Machine or gold image

does not work on the Desktop after you deploy the software.

After you install the Kaspersky software on an Installation Machine (for Application Layers or layer revisions), a system

restart (and Desktop image rebuild) is required.

Kaspersky 10.1 special requirement

Before adding Kaspersky 10.1 to either the gold image or to a layer, you need to add a value to the Unifltr service in the

registry. Here's how:

1. Run regedit.

2. Navigate to the HKLM\Syst em\Current Cont rolSet \Services\Unif lt rHKLM\Syst em\Current Cont rolSet \Services\Unif lt r key.

3. Right click in the right hand pane and a DWORD value.

4. Set the name of the value to MiniFilt erBypassMiniFilt erBypass .

5. Set the value to 11.

6. Exit regedit.

7. Reboot the machine, as the setting is only read at boot time.

Special steps for installing the software on an Application Layer

Complete the following steps when you install the Kaspersky software on an Application Layer:

1. Install the Kaspersky software on the Installation Machine.

Note: If you will be deploying non-persistent Desktops running Kaspersky, you need to mark the image as a Dynamic VDI

so that the Kaspersky Administration Server considers the clones of this image dynamic, and when a clone is turned off,


its information is automatically deleted from the database. To mark the image of a dynamic VDI, install the Kaspersky

Network Agent with the Enable dynamic mode f or VDIEnable dynamic mode f or VDI parameter enabled. For details, see the section of this article

on Dynamic VDI Support.

2. Restart the Installation Machine using the Hyper-V client.

3. Finalize the layer in the usual way.

If you assign the Application Layer with the Kaspersky software to a Desktop when you create it, the Kaspersky NetAgent

might not start the first time a user logs in to the Desktop. Restart the Desktop to start the NetAgent software.

Possible issues

The following interoperability issues can occur on Unidesk Desktops that have Kaspersky anti-virus software installed.

Kasperky NetAgent startup

If you use an Application Layer to deploy the Kaspersky NetAgent software to a Desktop, the NetAgent software might

not start the first time the Desktops restarts. When this occurs, the Windows Event Viewer might display the following

error:

#1266 (0) Transport level error while connection to : authentication failure

If the NetAgent software doesn't start, restart the Desktop. The NetAgent software should start properly at that time.

Kasperky 10 - End-user Pause causes Network Attack Blocker to stop working

When using Kaspersky 10, the end-user Pause causes the Network Attack Blocker to stop working. To fix this issue, restart

the Kaspersky software. The Network Attack Blocker will continue running as expected.

McAfee anti-virus software

About deploying McAfee in a Unidesk environment

The following procedures describe how to use an Operating System Layer or an Application Layer to deploy the McAfee

anti-virus software in a Unidesk environment. These procedures are based on the McAfee Product Guides.

You can find McAfee documentation at the following locations:

ePolicy Orchestrator 4.6:

https://kc.mcafee.com/corporate/index?page=content&id=KB71037

Install the software on a gold image that you import into an Operating System Layer.

Install the software on an OS Layer version.


The following versions of McAfee anti-virus software have been tested:

http://forum.kaspersky.com/index.php?showtopic=219309



ePolicy Orchestrator (ePO), version 4.6.305.0.

McAfee Agent, version 4.8.0.1500.

VirusScan Enterprise, version 8.8.0.1247.

Not e:Not e: The ePolicy Orchestrator server was used to create the McAfee Agent installation package, as described in

"Creating custom agent installation packages" in the McAfee ePolicy Orchestrator Product Guide.

The requirements for installing the McAfee anti-virus software in a Unidesk gold image or Application Layer are the same as

those for Including the agent on an image outlined in the McAfee ePO product guide.

Depending on the McAfee version, you might need to remove the Globally Unique Identifier (GUID) for the McAfee Agent

after you install it . Refer to the McAfee documentation for the version of the software you are using to determine if this

step is recommended or required.


Use this procedure if you plan to use an Operating System Layer to deploy the McAfee anti-virus software

on UnideskDesktops.

1. Install the McAfee Agent software on the gold image. The gold image becomes visible in the ePolicy Orchestrator

System Tree systems list.

2. Install the McAfee VirusScan Enterprise software on the gold image:

1. When prompted to remove Windows Defender, click Yes.

2. Allow the McAfee Agent Updater to complete an update. This step can take several minutes to complete.

3. Click Finish to complete the installation.

3. When the installation completes, the f irst scan begins. Allow the scan to complete.

4. Change the McAfee Start value:

1. Open the McAfee VirusScan Console, and disable the AccessProtection.

2. Open the registry editor (regedit), go to [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mfehidk], and

change the St artSt art value from 00to a 11.

3. Back in the McAfee VirusScan Console, re-enable the AccessProtection.

5. If McAfee requires it for your VDI setup, remove the GUID for the Agent (check the McAfee documentation to

determine if this step is necessary):

1. Open the registry editor (regedit).

2. Locate the following registry key and delete it:

64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\WoW6432Node\Network Associates\ePolicy

Orchestrator\Agent\AgentGUID

6. Shut down the gold image and import it in to an Operating System Layer.


Use this procedure if you plan to use a layer to deploy the McAfee anti-virus software on Unidesk Desktops.

1. In the Unidesk Management Console, complete the Create Layer wizard.


2. If you are layering McAfee on the Windows 8.1 OS, turn off Windows Defender.

3. When prompted to install the software, install the McAfee Agent software on the Installation Machine. After this

installation completes, the Installation Machine is visible in the ePolicy Orchestrator System Tree systems list.

This installation causes a system task to start, indicating that a rebuild of the boot image for the Installation Machineis

required.

4. Install the McAfee VirusScan Enterprise (VSE) software on the Installation Machine.

1. If prompted to remove Windows Defender, click Yes.

2. If layering McAfee on Windows 8.1, re-install the VSE software on the Installation Machine using f iles from the

McAfee EPO server. Otherwise, allow the McAfee Agent Updater to complete an update. This step can take several

minutes to complete.

3. Click Finish to complete the installation.

5. Change the McAfee Start value:

1. Open the McAfee VirusScan Console, and disable the AccessProtection.

2. Open the registry editor (regedit), go to [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mfehidk], and

change the St artSt art value from 00to a 11.

3. Back in the McAfee VirusScan Console, re-enable the AccessProtection.

6. If McAfee requires it for your VDI setup, remove the GUID for the Agent (check the McAfee documentation to

determine if this step is necessary):

1. Open the registry editor (regedit).

2. Locate the following registry key and delete it:

64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\WoW6432Node\Network Associates\ePolicy

Orchestrator\Agent\AgentGUID

7. Finalize the Application Layer and deploy the Layer in the usual way.

Possible interoperability issues

The following interoperability issues can occur on Unidesk Desktops that have McAfee anti-virus software installed.

If the McAfee anti-virus software on a Unidesk Desktop is configured to scan script files, you can experience long delays

when you try to open video files in the Microsoft Internet Explorer web browser.

When you try to open these files, the McAfee software and Unidesk try to perform operations on these files at the same

time. This conflict causes a delay in running the video file. All other windows and applications continue to function normally.

If you encounter this type of delay, wait for the video file to run. Eventually, the McAfee operation times out and

the Unideskoperation completes.

This issue has no affect on the ability of the anti-virus software to check the video files for viruses.

If Desktops with a McAfee layer are not visible from ePolicy Orchestrator, you can fix the issue by using the steps outlined

in the following McAfee knowledge base article:



McAfee MOVE AntiVirus software

About deploying McAfee MOVE AntiVirus software in a Unidesk environment

The following procedures describe describes how to deploy the McAfee MOVE AntiVirus software in a Unidesk

environment.

Not e:Not e: These instructions assume that you have installed and configured McAfee MOVE AntiVirus software on McAfee

ePolicy Orchestrator (ePO).

Use the following method to deploy the McAfee MOVE AntiVirus software.

Install the software on an Application Layer and assign the layer to existing desktops.

The following versions of McAfee MOVE AntiVirus software have been tested:

McAfee Agent for Windows, version 4.8.0.1938

McAfee AV MOVE Multi-Platform client, version 3.6.0.347

McAfee VirusScan Enterprise, version 8.8.0.1247

McAfee AV MOVE Multi-Platform Offload Scan Server, version 3.6.0.347

Ensure that the following condition is met before deploying McAfee MOVE AntiVirus software.

For Windows 7 and 8.1: Windows Defender is turned off .

Create a McAfee Agent MOVE AV CLIENT Application layer

Use these steps to create a McAfee Agent MOVE AV CLIENT Application layer in Unidesk.

1. In the Unidesk Management Console (UMC), select Layers > Application Layer > Create Layer. The Create Layer Wizard

appears.

2. Complete the Create Layer Wizard and click Create Layer on the Confirm and Complete tab.

3. View the current tasks in the UMC. At f irst, the Create Application Layer <layer_name> task has a "Running" status.

When the status of the Create Application Layer <layer_name> task changes to 'Action Required', log in to the

Installation Machine (IM) as Administrator.

4. Push the McAfee Agent software to the IM using the McAfee ePolicy Orchestrator. The IM becomes visible in the ePO

System Tree list and the McAfee icon appears in the taskbar of the IM.

5. Use the Product Deployment task on the ePO to install the McAfee MOVE AV [Multi-Platform] Client on the IM.

6. Restart the IM and log in to it again as Administrator.

7. On the IM, delete the value for the registry key named AgentGUID from one of the following locations, depending on

your Windows operating system:

1. 32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent

2. 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent


8. Shut down the IM.

9. Finalize the Application layer.

Microsoft Security Essentials

About deploying Microsoft Security Essentials in a Unidesk environment

The following procedures describe how to use an Operating System Layer or an Application Layer to deploy the Microsoft

Security Essentials anti-virus software in a Unidesk environment.

Use one of the following methods to deploy the Microsoft Security Essentials anti-virus software:

Install the software on a gold image that you import into an Operating System Layer.

Install the software on an OS Layer Version.

Install the software on an Application Layer.

The following version of Microsoft Security Essentials anti-virus software has been tested:

Microsoft Security Essentials 2012, version 4.6.305.0

The Microsoft Security Essentials anti-virus software in a Unidesk gold image, Operating System Layer Version,

or Application Layer.

You must enable the Windows Update service, but do not use the windows updates themselves. The updates themselvesmust remain disabled.

Configure Microsoft Security Essentials for Windows 7 on a Unidesk Layer Version

Use these steps to configure Microsoft Security Essentials on Windows 7 (32- or 64-bit).

By default, the Windows Update service is disabled by the Unidesk Optimization scripts, so to correctly deploy Microsoft

Security Essentials as either an Operating System or Application Layer on Windows 7, you must do the following.

1. Create a new Operating System or Application Layer version.

2. Go to C:\windows\setup\scripts and re-run the Unidesk Optimization Script Builder (if it was deleted, download it again).

3. In the Unidesk Optimization Script Builder, deselect Disable Windows Updat e ServiceDisable Windows Updat e Service .

4. Finalize the Layer.

The Update service startup type will change from Disabled to Manual. Windows updates will not be enable, which is a

Unidesk requirement.

During installation, check services.mscservices.msc and make sure that the Windows Update Service startup type is set to Manual. Ifit’s not, changethe Windows Update Service startup type to ManualManual and restart Windows.

Troubleshooting failed Microsoft Windows Essentials updates


If the Microsoft Security Essentials update fails on a Desktop because Windows updates are turned off, try the following.

Unless you have disabled Windows Updates using the Local Group Policy Editor, turn Windows Updates on using the

Control Panel. This allows Microsoft Security Essentials to update on the Desktop.

If you disabled Windows Updates using the Local Group Policy Editor, you need to:

1. Run regeditregedit and remove the Local Group Policy.

2. Reboot the machine.

3. Enable Windows Updates from Control Panel.

Sophos Cloud Anti-Virus - All supported OperatingSystems

Before you start

Create and activate your Sophos Cloud 11.0 account, as described in the Sophos documentation:

https://www.sophos.com/en-us/products/cloud.aspx

Install the Sophos Cloud software on a new version of the Operating System Layer

1. In the Unidesk Management Console, select Layers > OS Layers > Add VersionLayers > OS Layers > Add Version.

2. When the task status changes to Action Required, .prepare your Installation Machine (IM) according to the General

Guidelines for deploying anti-virus software.

3. Join the Installation Machine to the domain.

Note: The Sophos installer creates Groups and puts users to them, so the Installation Machine must be in the domain..

4. On the Installation Machine, log into your Sophos Cloud console (https://cloud.sophos.com/login ).

5. Download SophosInstall.exe from your Sophos Cloud account.

Import ant :Import ant : Do not use the emailed installer for this installation.

6. Install the Sophos Cloud software onto the Installation Machine.

7. When the task to install Sophos has completed (or indicates that an Action is required), restart the Installation Machine.

8. In your Sophos Cloud console, click Report s > Event sReport s > Event s and ensure that the computer is managed in Sophos Cloud and

up-to-date before continuing.

9. Stop and disable the following Windows services:

Sophos MCS Client

Sophos MCS Agent

10. Delete the following f iles:

Windows 7 | Windows 8.1

C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\Credentials

C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\EndpointIdentity.txt

C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\*.xml

C:\ProgramData\Sophos\AutoUpdate\data\machine_ID

https://www.sophos.com/en-us/products/cloud.aspx

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/deploy/application-layers/deploy-anti-virus-software.html


11. Edit the Sophos configuration:

1. Navigate to the Sophos configuration folder for your operating system:


C:\ProgramData\Sophos\Management Communications System\Endpoint\Config\

2. Create or open a file called registration.txt, and add the following lines to this file:

[McsClient]

Token=value_of_MCS_REGISTRATION_TOKEN

where value_of_MCS_REGISTRATION_TOKEN is the value of the MCS_REGISTRATION_TOKEN, which identifies

your Sophos Cloud account. You must extract the value of this token from SophosInstall.exe, as described in Sophos

Article ID: 119699.

12. Edit the Sophos setup f ile:

1. In the folder listed below, create a file called SophosSetup.cmd.


C:\Windows\Setup\scripts\kmsdir

2. Add the following lines to this file, including the double quotes:

sc config "Sophos MCS Client" start= auto

sc config "Sophos MCS Agent" start= auto

net start "Sophos MCS Client"

net start "Sophos MCS Agent"

13. Edit the commands to run each time Sophos is started:


1. Edit the f ile c:\Windows\Setup\scripts\kmsdir\kmssetup.cmd.

2. Add the following script to the section labeled, Commands to run every boot. This script runs the SophosSetup.cmd

file. Script details:

REM Change Sophos Service to Automatic - once

If EXIST SophosSetup.cmd (

echo !date!-!time!-kmssetup.cmd:Call SophosSetup.cmd >> SophosSetuplog.txt

Call SophosSetup.cmd >> SophosSetuplog.txt

Copy SophosSetup.cmd SophosSetupCMD.txt >> SophosSetuplog.txt

Del SophosSetup.cmd >> SophosSetuplog.txt

)

14. Join the Installation Machine back to the workgroup.

15. Finalize the Operating System Layer in usual way.

16. To become protected, Persistent Desktops need to be restarted an extra time, Use the Unidesk Management Console

http://www.sophos.com/en-us/support/knowledgebase/119699.aspx


to restart the Desktop.

Sophos Cloud net work icon st at us:Sophos Cloud net work icon st at us: On Windows 7 Desktops, the Sophos Network icon shows status as disconnected,

when in fact the connection is working fine.

Sophos Anti-Virus - Windows 7 and Windows 8.1Desktops

About deploying Sophos to new Windows 7 Desktops

This section explains how to deploy the Sophos anti-virus software on new or existing Desktops. You can add Sophos Anti-

virus to either the gold image or to a Version of the Operating System Layer.

These procedures are based on the Sophos knowledge base article that describes how to configure a Desktop to

communicate with the Enterprise Console when the Desktops are used in a VDI environment.

You must always use a gold image or an Operating System Layer Version to deploy Sophos software. You cannot deploy

Sophos software as an Application layer. This is because Sophos creates a user account that it uses for updates on the

Desktops it manages, and Unidesk supports these user accounts in the gold image or Operating System Layer Version.

The following version of Sophos anti-virus software has been installed:

Sophos Enterprise Console version 5.2.2.

Sophos Endpoint Security and Control version 10.3.

Note: If Sophos is unable to update the Sophos Auto Update module, all virus signature updates will also fail. To allow

Sophos to update its own updater, edit your OS Layer and delete this directory:

C:\ProgramData\Sophos\AutoUpdate\Cache\sau

Configure the gold image or the Operating System Layer Version

To deploy Sophos in the Unidesk environment:

1. Install the Sophos software on the gold image or Operating System Layer Version.

2. If using a gold image, make sure the Unidesk Tools are installed on the image. If using an Operating System Layer Version,

you can skip this step.

When prompted, allow the system to restart, but do not shut down the gold image after installation finishes. Instead,

complete the rest of this procedure first.

3. Stop and disable only the Sophos services listed in this step. When you deploy the Desktops, a Mini-Setup runs. Disabling

the specif ied services ensures that the Sophos services do not start until the Mini-Setup completes.

Sophos Agent

Sophos AutoUpdate Service

Sophos Message Router

http://www.sophos.com/en-us/support/knowledgebase/article/12561.aspx


4. Open the registry editor (using regedit) and delete the pkc and pkp values for the following keys:

Windows 32-bit systems

HKLM\Software\Sophos\Messaging System\Router\Private\

HKLM\Software\Sophos\Remote Management System\ManagementAgent\Private\

Windows 64-bit systems

HKLM\Software\Wow6432Node\Sophos\Messaging System\Router\Private\

HKLM\Software\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private\

5. Delete the following files:

C:\ProgramData\Sophos\AutoUpdate\data\machine_ID.txt

C:\ProgramData\Sophos\AutoUpdate\data\status\status.xml

6. Rename the directories:

From: C:\ProgramData\Sophos\AutoUpdate\Cache\savxp

To: C:\ProgramData\Sophos\AutoUpdate\Cache\savxp.copy

From: C:\ProgramData\Sophos\AutoUpdate\Cache\rms

To: C:\ProgramData\Sophos\AutoUpdate\Cache\rms.copy

This step is required because Unidesk blocks attempts to rename directories that exist on a gold image and the Sophos

update requires it to rename these directories.

7. Create a file named SophosSetup.cmd and place it in the C:\Windows\Setup\scripts\kmsdir folder. (If the folder doesn't

exist, create it).

8. Add the following lines to SophosSetup.cmd (include the double quotes as shown below):

cd "c:\ProgramData\Sophos\AutoUpdate\Cache"

xcopy savxp.copy\*.* savxp\*.* /s/y

xcopy rms.copy\*.* rms\*.* /s/y

sc config "Sophos Agent" start= auto

sc config "Sophos AutoUpdate Service" start= auto

sc config "Sophos Message Router" start= auto

net start "Sophos Agent"

net start "Sophos AutoUpdate Service"

net start "Sophos Message Router"

9. Edit the c:\Windows\Setup\scripts\kmsdir\kmssetup.cmd file, and add the following script to the section labeled,

'Commands to run every boot'. This script runs the SophosSetup.cmd file.

Script details: The script checks for theSophosSetup.cmd file, and if it 's there, runs it. It then copies

the SophosSetup.cmd file to document it, and deletes the file so it only runs once. If the Layer is ever reinstalled, then

the SophosSetup.cmd file will come back, and the script will be run again. On a Non-persistent Desktop the script will be

run before the Non-persistent disk conversion.

Example of kmssetup.cmd with Sophos script


REM Change Sophos Service to Automatic - once

If EXIST SophosSetup.cmd (

echo !date!-!time!-kmssetup.cmd:Call SophosSetup.cmd >> SophosSetuplog.txt

Call SophosSetup.cmd >> SophosSetuplog.txt

Del SophosSetupCMD.txt >> SophosSetuplog.txt

Copy SophosSetup.cmd SophosSetupCMD.txt >> SophosSetuplog.txt

Del SophosSetup.cmd >> SophosSetuplog.txt

)

10. If you are using a gold image, shut down the gold image, and use the Unidesk Management Console to create a new

Operating System Layer. This imports the gold image into the new Operating System Layer.

If you are using an Operating System Layer Version, finalize the version in the usual way.

11. To become protected, Persistent Desktops need to be restarted an extra time. Use the Unidesk Management Console

to restart the Desktop.

Optional: Adjust the security identifier

After importing the gold into an Operating System Layer, you might need to create a new version for the Operating System

Layer to update the security identifier (SID) values in one of the Sophos configuration files. The following Sophos

knowledge base article explains how to update the security identifier (SID) values in one of the Sophos configuration files.

When do I need to adjust the SID?

If you deploy a Desktop using the Operating System Layer with the Sophos software and the user cannot open the

Sophos Endpoint Security and Control user interface, you need to adjust the SID.

SID adjustment procedure

You can do these steps either before or after importing the gold image into the Unidesk environment. Before you have

imported the gold image into the Unidesk environment, you can do these steps on the gold image. If you have already

imported the gold image, you may do these steps by either editing the latest Operating System Layer revision, or by

creating a new revision of the Operating System Layer.

1. Download the script f ile called UpdateSID.vbs from the Sophos web site. Place this f ile in

the C:\Windows\Setup\Scripts directory. This script is required to f ix the machine ID after a Desktop has been deployed.

2. Edit the C:\Windows\Setup\Scripts\SophosSetup.cmd file, and add the following two lines to the end of the file:

cd \Windows\setup\scripts

cscript.exe UpdateSID.vbs //B

3. If this is a an OS layer version, finalize the version in the usual way.

You can now create Desktops using this version of the Operating System Layer. The Desktops should be able to connect

to the Enterprise Console, register, and update according to the update schedule.

Symantec Endpoint Protection software

http://www.sophos.com/en-us/support/knowledgebase/article/113207.aspx

http://www.sophos.com/en-us/support/knowledgebase/113207.aspx


About deploying Symantec Endpoint Protection software in a Unidesk environment

You can deploy the Symantec™ Endpoint Protection application using any of the following methods.

Install the application on a gold image, then import the gold image into an Operating System Layer.

Install the application as an OS Layer version.

Install the application as part of an Application Layer.

Not e:Not e: On-access scanning is recommended in Unidesk Deployments. You can use the Symantec Shared Insight Cache to

improve performance by avoiding the rescan of files in a Layer after the files have been marked 'clean.'

The following table describes virus scan behavior on Unidesk Desktops.

ScanScant ypet ype

BehaviorBehavior

On-access

Microsoft Windows 7: On-access scans work as expected on all Unidesk Desktops.

ManualMicrosoft Windows 7: If you turn off User Account Control (UAC), a manual virus scan examines only the files

on the virtual machine's boot volume. You should keep UAC enabled when you install the software.

Symantec Endpoint Protection Client and Manager support:

v 12.1.5 (12.1 RU5 build 5337, 12.1.5337.5000)

Install software using Symantec Endpoint Protection Manager

If you are using the Symantec Endpoint Protection Manager to install the Symantec Endpoint Protection Client onto a

gold image or an Installation Machine, follow these steps.

This procedure uses Computer Mode as the deployment method.

1. In the Symantec Endpoint Protection Manager, locate the gold image (if you are using an Operating System Layer) or

the Installation Machine (if you are using an Application Layer or layer revision).

1. Select Clients > Find Unmanaged Computers.

2. Enter the appropriate search criteria in the displayed window.

3. Install the software.

2. Log into the Installation Machine and turn T amper Prot ect ionT amper Prot ect ion off .

3. Turn off the registry entry for “Stealth” protection (shown below). This allows scanning to work even if User Account

Control (UAC) is turned on.

For 32-bit machines:

[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Common]

"ScanStealthFiles" = (REG_DWORD) 0

For 64-bit machines:


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Common]

"ScanStealthFiles" = (REG_DWORD) 0

4. Using regedit, change the Group and Tag values for each ccSettings GUID.

1. Go to [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ccSettings_{GUID}]. If there is more than one

ccSettings_{GUID}, start with the first one.

Not e:Not e: When you first install Symantec, there is one ccSettings_{GUID}, and each time you upgrade the application,

another GUID is added.

2. For each ccSettings_{GUID}, change the GroupGroup value from FSFilt er Bot t omFSFilt er Bot t om to FSFilt er Virt ualizat ionFSFilt er Virt ualizat ion.

3. Then change the TagTag value to an 88 for the first GUID, and add 11 to the value for each succeeding GUID. So, for the

next GUID the value will be 99, the one after that will be 1010, etc.

5. Restart the Installation Machine or Gold image, then restart the Installation Machine as often as necessary until the

post-installation reboot request no longer appears in the Unidesk Manager Console.

6. Turn T amper Prot ect ionT amper Prot ect ion back on.

7. For SEP 12.1.x, use the instructions in the following knowledge base article to prepare the machines to deploy the

software in a VDI environment.

How to prepare a Symantec Endpoint Protection 12.1 client for cloning:

http://www.symantec.com/docs/HOWTO54706

8. Shut down the Gold image and import it in to an Operating System Layer or Finalize IM.

Installation considerations

When you deploy the Symantec Endpoint Protection application, the Unidesk software needs to rebuild the Desktop or

Installation Machine image several times during deployment (depending on how you deploy this application). This behavior is

expected, as the Symantec Endpoint Protection software does not complete the full configuration of boot-level

components during the initial installation.

The Symantec Endpoint Protection software:

Installs some of the required drivers and restarts the Desktop or Installation Machine.

Updates additional components and restarts the Desktop or Installation Machine again.

Completes the installation and restarts the Desktop or Installation Machine one more time.

You will need to manually reboot the machine after the Symantec Endpoint Protection software completes each of the

remaining configuration tasks, which include:

Installation of the required drivers.

Update of additional components required on the boot partition.

Completion of the installation.

You will need to log into the machine and watch the Unidesk Console for System tasks assigned to the Desktop or

Installation Machine. To see these System tasks, expand the Task bar, and click Show Hidden TasksShow Hidden Tasks. Each time a system


task appears for the Desktop or installation machine, manually reboot the machine.

To complete the installation, repeat this process until system tasks no longer appear. If installing on an installation machine,

you are ready to finalize the package.

If you are deploying the Symantec software to Non-persistent Desktops, it must be included when creating the Desktop.

If you add an Application Layer containing Symantec Endpoint Protection to an existing Non-persistent Desktop, two

entries per Desktop will show up in the Symantec Endpoint Protection Manager.

1. In the SEPM console, go to the AdminAdmin page, and select DomainsDomains.

2. Under T asksT asks, select Edit Domain Propert iesEdit Domain Propert ies .

3. In the Edit Domain Properties window, on the default General tab, note the option to Delet e client s t hat have notDelet e client s t hat have not

connect ed f or specif ied t imeconnect ed f or specif ied t ime. A recommended value for large enterprise environments would be 7 to 14 days.

4. For details, see Solution 2 in this SEP article.

If you plan to deploy Symantec Endpoint Protection in a layer please note that the Symantec Help (SymHelp) diagnostic

tool requires that 2 files be placed in the UEP. In order to do, create a script with the following lines and place the path to it

in a script path when applying the Symantec layer.

pushd "C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\IRON"

copy Iron.db Iron.db.save

copy Iron.db.save Iron.db /y

copy RepuSeed.irn RepuSeed.irn.save

copy RepuSeed.irn.save RepuSeed.irn /y

popd

Trend Micro OfficeScan anti-virus software

About deploying Trend Micro OfficeScan software in a Unidesk environment

The following procedures describe how to use an Operating System Layer or an Application Layer to deploy the Trend

Micro™ OfficeScan anti-virus software in the Unidesk environment. These procedures are based on the Trend Micro

documentation for deploying Desktops in a VDI environment.

Please refer to the following Trend Micro document, as it is important to understand their recommendations when

installing the software:

http://esupport.trendmicro.com/solution/en-us/1056314.aspx

For Knowledge base articles and Forum discussions on other Trend Micro products, search the Unidesk site.

Use any of the following methods to deploy the Trend Micro anti-virus software:

Install the software on a gold image and import it to a new Operating System Layer.

Install the software on an OS Layer version.

http://www.symantec.com/connect/articles/duplicate-sep-clients-appear-symantec-endpoint-protection-manager-console

http://esupport.trendmicro.com/solution/en-us/1056314.aspx



Important

If you install Trend Micro OfficeScan on a gold image or OS Layer version, you must run the OfficeScan TCacheGen.exe file

on the gold image or Operating System Layer, and on every Application Layer that uses that gold image or Operating

System Layer.

In addition, whenever you create an Application Layer or layer version, you must run TCacheGen.exe again on every layer

that uses the Operating System Layer containing Trend Micro OfficeScan.

Once you run TCacheGen.exe, do not run the Installation Machine again.

You can copy TCacheGen.exe from the OfficeScan server, as specified in the Trend Micro documentation. Typically, this file

is located in the \\<TrendServerName>\ofcscan\Admin\Utility\TCacheGen folder.

The following version of Trend Micro anti virus has been tested:

Trend Micro OfficeScan Client and Server version 11.

Trend Micro OfficeScan Client and Server version 10.6.


1. Install the Unidesk Tools on the gold image.

This procedure requires that the Globally Unique Identifier (GUID) for the Trend Micro software is removed before you

import the gold image in to an Operating System Layer (see step 4). When you install the Unidesk Tools, a system restart

is required, which creates a new GUID. Therefore, you must install the Unidesk Tools first, allow the installation to restart

the machine, and then remove the GUID that the restart created.

2. For OfficeScan 11, Unauthorized Change Prevention service is not supported by Unidesk. Therefore, this service has to be

disabled for whole OfficeScan Server:

1. In the web console, go to Agent s > Agent ManagementAgent s > Agent Management .

2. Select Of f iceScan ServerOf f iceScan Server. Right-click Of f iceScan ServerOf f iceScan Server and go to Set t ings > Addit ional service set t ingsSet t ings > Addit ional service set t ings. An

Additional service settings window appears.

3. Clear the check box Enable service on t he f ollowing operat ing syst emsEnable service on t he f ollowing operat ing syst ems for Unaut horized ChangeUnaut horized Change

Prevent ion servicePrevent ion service .

3. Install the Trend Micro Micro OfficeScan Client on the Installation Machine. If prompted, restart the Installation

Machine to allow the boot image to rebuild.

4. Copy the TCacheGen.exe file from the OfficeScan server, as documented in step 1 in the Trend Micro documentation.

Typically, this file is located in the \\<TrendServerName>\ofcscan\Admin\Utility\TCacheGen folder.

5. Run the TCacheGen.exe as described in Step 2 of the Trend Micro documentation.

6. Click Remove GUID from the Template and click OK.

7. Shut down the gold image.

8. Create an Operating System Layer using the gold image in the usual way.



Important: Any time you add a version to this layer, you must run the TCacheGen.exe and remove the GUID again. This

ensures that the Desktops that use this layer operate correctly.


1. In the Unidesk Management Console, complete the Create Layer Wizard in usual way.

2. For OfficeScan 11, Unauthorized Change Prevention service is not supported by Unidesk. Therefore this service has to be

disable for whole OfficeScan Server:

1. In the web console, go to Agent s > Agent ManagementAgent s > Agent Management .

2. Select Of f iceScan ServerOf f iceScan Server. Right-click Of f iceScan ServerOf f iceScan Server and go to Set t ings > Addit ional service set t ingsSet t ings > Addit ional service set t ings. An

Additional service settings window appears.

3. Clear the check box Enable service on t he f ollowing operat ing syst emsEnable service on t he f ollowing operat ing syst ems for Unaut horized ChangeUnaut horized Change

Prevent ion servicePrevent ion service .

3. Install the Trend Micro OfficeScan Client on the Installation Machine. If prompted, restart the Installation Machine to

allow the boot image to rebuild.

4. After the Installation Machine restarts, copy the TCacheGen.exe file from the OfficeScan server, as documented in step

1 in the Trend Micro documentation. Typically, this file is located in the \\

<TrendServerName>\ofcscan\Admin\Utility\TCacheGen folder.

5. Run the TCacheGen.exe as detailed in Step 2 of the Trend Micro documentation.

6. Click Remove GUID from the Template and click OK.


Important: Any time you add a version to this layer, you must run the TCacheGen.exe and remove the GUID again. This

ensures that the Desktops that use this layer operate correctly.


Deploy Windows 8.1 applications in Layers

Jun 28 , 2017

To deliver applications on Windows 8.1 via Unidesk Layers, you need to build the applications so they can be centrally

managed. This is because Windows Store Apps are managed via each user's profile and can only be deployed to one user.

Regular Windows Store apps, like Bing Finance and Weather, cannot be sideloaded or layered. You can, however, deliver

centrally managed applications on Windows 8.1 by sideloading Enterprise applications, also called Line of Business (LoB)

applications.

Requirements to run Windows 8.1 Enterprise Line of Business (LoB) apps include:

Apply a Security Certif icate.

(Manual or automatic) During the creation of the application, a security certif icate .cer f ile is created (building a test app

creates a simple certif icate, actual enterprise apps will use more robust certif icates that are applied through GPOs) and

needs to be applied before the app is applied. Install Root Certif icate for LoB apps.

Enable app Sideloading.

Enable Allow all t rust ed apps t o inst allAllow all t rust ed apps t o inst all. This policy setting is under Computer Configuration\Policies\Administrative

Templates\Windows Components\App Package Deployment.

Join a domain.

Make sure the system is in a domain.

Microsoft provides several resources for building Windows Store LoB apps, including:

Design case study: Enterprise line of business Windows Runtime app

Building Windows Store Line-of-Business Applications

Building Windows 8 Line of Business Apps

Microsoft lets you deploy an LoB app by sideloading it for all users or for one user, and you can do either with Unidesk.

Sideloading an app is done by running a few commands in Windows PowerShell.

Sideload the app for all users

You can sideload an app for all users by using the Deployment Image Servicing and Management (DISM) tool. DISM is a

command-line tool that you can use to service a Windows image, either online or offline. You can use DISM to provision a

Windows Store app in an online Windows image for all users who share the computer. To do that, you use the DISM Add-

ProvisionedAppxPackage option, as follows:

1. Log on using an account with administrative privileges on the computer. You must use an administrator account here,

because you are provisioning an app in the image.

2. On the Start screen, type PowerShellPowerShell and press Ct rl/Shif t /Ent erCt rl/Shif t /Ent er.

3. On the User Account Control dialog box, click YesYes.

http://msdn.microsoft.com/en-us/library/windows/apps/jj659079.aspx

http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/DEV-B358#fbid=

http://channel9.msdn.com/Events/TechDays/Techdays-2014-the-Netherlands/Building-Windows-8-Line-of-Business-Apps


4. At the Windows PowerShell prompt, run the following command, where SampleApp is the path and file name of the

package file you created (e.g., c:\myapps\MySample_1.0.0.0_AnyCPU_Debug.appx):

DISM /Online /Add-ProvisionedAppxPackage /PackagePath:“SampleApp” /skiplicense

5. Monitor the installation, and close the Windows PowerShell window after it finishes.

For more about DISM, see the Microsoft Deployment Image Servicing and Management Technical Reference.

Sideload the app for a user

You can sideload the app for the current user account. If another user were to log onto the computer, the app would not

be available to them.

Here are the steps to sideload an app for a user:

1. Log onto the domain using the target account, because you cannot run the sample app by using the built-in local or

domain Administrator account. You can use a standard user account.

2. On the Start screen, type PowerShell and press Enter.

3. At the Windows PowerShell prompt, run the following commands, where SampleApp is the path and name of the

package file you created (e.g., c:\myapps\MySample_1.0.0.0_AnyCPU_Debug.appx):

import-module appx

add-appxpackage “SampleApp”

4. Monitor the installation, and close the Windows PowerShell window after it finishes.

Launch the LoB app

On the Start screen, click the app's tile. You will find it on the far right side of the Start screen. You can also type the app’s

name, and click the tile.

For example, we named our app MySample. On the Start screen, we just type MySample, and then click the MySample tile.

Of course, there is not much to the app, but you have successfully sideloaded it, and sideloading other Windows Store apps

works the same way.

Remove an LoB app from a Unidesk Application Layer

If installed as an Application Layer, removing the Layer from a Desktop will cause the LoB app to stop working, but will still

appear on the start page. When the Layer is removed, the app will no longer be applied to new users, since the DISM action

is no longer executing.

If installed on an Operating System Layer Version:

1. Use the usual provisionapp removal procedures, for example:

Remove-AppxProvisionedPackage -Online -PackageName MyAppxPkg

Or, at a command prompt, type:

http://technet.microsoft.com/en-us/library/dd744256(v=ws.10).aspx


DISM.exe /Online /Remove-ProvisionedAppxPackage /PackageName:microsoft.app1_1.0.0.0_neutral_en-

us_ac4zc6fex2zjp

Try It Out: Sideload Windows Store Apps

Sideload Apps with DISM

Packaging your Windows Store app using Visual Studio 2012

Create an app package

Managing apps

http://technet.microsoft.com/en-us/windows/jj874388.aspx

http://technet.microsoft.com/en-us/library/hh852635.aspx

http://msdn.microsoft.com/en-us/library/hh454036(v=vs.85).aspx

http://msdn.microsoft.com/en-us/library/hh975357(v=vs.85).aspx

http://www.verboon.info/2012/02/managing-windows-8-metro-style-apps-with-dism/


Administer

Jun 28 , 2017


Unidesk Layers

Desktops, Session Hosts, and Collections


Appliance health

Brokers

Users

Troubleshoot

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/unidesk-management-console.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/unidesk-layers.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/desktops-session-hosts-and-collections.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/hosts-and-appliances.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/appliance-health.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/brokers.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/users.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/troubleshoot.html



Jun 28 , 2017

The Unidesk Management Console is a Web-based management application on the Management Appliance that you use

to manage the Unidesk environment. The Unidesk Management Console lets you:

Create and manage virtual Unidesk Machines (Desktops or Session Hosts) for users.

Create and manage operating system and application layers.

Shut down and restart virtual Unidesk Machines.

Manage users and groups who you can assign to Unidesk Machines.

Manage system settings.

Unidesk Management Console basics

To manage items in the Unidesk system, you navigate between different modules in the Unidesk Management Console and

select the appropriate actions. This topic explains how to do the following tasks:

Select modules

To manage the items in a module, select the module in the menu bar. You can select the following modules:

Desktops - allows you to manage Desktops. A Desktop is a virtual machine that a user interacts with on their local

computer.

Session Hosts - allows you to manage Session Hosts. A Session Host is a virtual machine that multiple users interact with

on their local computers.

Layers - allows you to manage Operating System and Application Layers. Operating System and Application Layers are

components in a Unidesk Machine.

Users - allows you to manage local and directory service users, including administrators, in the Unidesk system. It also

allows you to organize users into groups.

System - allows you to perform tasks related to managing and using the Unidesk system.

The following image shows an example of the items in the menu bar.

Select actions

After selecting a module, the Action bar displays the actions associated with the selected module and selected objects. If

you do not select an object, only the Create actions are enabled.

To select an action, complete either of the following tasks:

To create a new item, select the create action in the Action bar.

To modify or manage an existing item, select it and select the appropriate action in the Action bar.

The following image shows an example of the Action bar when the Layers module is the selected module and a layer is

selected. In this example, you can create a layer, modify the selected item, add a version to it, or delete a version. The

Finalize action is not active because you need to start to create an Application Layer or add a version first.

Change Unidesk Management Console views


Change the administrator password

Jun 28 , 2017

Use these steps to change the password for the original Administrator account created for the Unidesk Management

Console.


2. Select User > Administrators.

3. In the list of Administrators select Administrator and click Edit Properties.

4. Enter the new password and type it again in the Conf irm Password f ield.

5. On the Confirm and Complete tab, click Update User.


Change the session timeout

Jun 28 , 2017

You can set a timeout for the Unidesk Management Console so that if there is no user-initiated activity for a specified

length of time, the console ends the session.

Session activity includes user interaction with the console, for example, starting tasks and editing settings. Tasks in progress

will not keep a session from timing out, nor will simply selecting an object or clicking inside the console window.

If you have just installed Unidesk software, the Session Timeout is set to 15 minutes by default. If you have upgraded from

an earlier version of Unidesk, the Session Timeout will be set to zero (0) by default, effectively leaving this function turned

off.

To set a session timeout

1. Select System > Settings and Conf iguration.

2. Scroll to Security Settings.

3. Select Session Timeout , and click the Edit button.

4. Enter the number of minutes after which the session will timeout. Valid values include numbers from 0 - 10000. (A value

of 0 turns off this feature.)

5. Click Save.


Manage your license and software version

Jun 28 , 2017

You can access your Unidesk Version and License information in the About box for the Unidesk Management Console.

There you can see the Unidesk version installed on the Management Appliance, and the details about your license. You can

also opt in or out of generic usage statistics gathering designed to provide you with a better support experience.

View your license and MA software version

To view the License for your deployment:


2. To view the License details, click About in the upper right corner. The license information is displayed.

3. To view the software version installed on the Management Appliance, click the Version tab. The MA Software Version is

displayed.

Update your Unidesk license (MA has web access)

If you receive a message that your license needs updating, and your Management Appliance has web access:

1. In the License Expired message, click License. This opens the Update License wizard.

2. Select the f irst choice, Download your license f rom the Unidesk website.

3. Enter your credentials for the Unidesk website.

4. On the Conf irm Your License tab, click Finish.

5. You can return to the Licensing wizard at any time by logging into the Unidesk Management Console and clicking About ,

and then the License tab.

Update your Unidesk license (MA does not have web access)

If you receive a message that your license needs updating, and your Management Appliance does not have web access:

1. Obtain a license f ile from Unidesk Sales or Support, and move the f ile to a drive that the Management Appliance can

access.

2. If the License Expired message, is still open, click License in the message. If not, click About , then the Update Licensebutton. This opens the Update License wizard.

3. Select the second choice, Upload your license f ile f rom a local drive.

4. Click Browse, and select the license f ile.

5. On the Confirm Your License tab, click Finish.

6. You can return to the Licensing wizard at any time by logging into the Unidesk Management Console and clicking About ,

and then the License tab.

Opt in or out of usage statistics for Support

You can opt in or out of allowing generic usage statistics to be sent to Unidesk Support. We strongly recommend getting

more information from Support before opting out. This generic information is used solely to give you the best possible user

experience.


2. Click About in the upper right corner. The About box is displayed.

3. To opt in, make sure the checkbox to Allow usage statistics to be sent to Unidesk is selected.


4. To opt out, deselect the checkbox to Allow usage statistics to be sent to Unidesk.


Manage Unidesk tasks

Jun 28 , 2017

Every time you complete an action that affects the contents or state of a Desktop, Session Host, or layer, you initiate a

task that you can monitor in the Task bar. For example, if you add a version to a layer or shut down a Desktop, the Task bar

displays a task for that action.

Task type Description

User tasksMost tasks are tasks that an administrator initiates. You can filter the Task view to see only the tasks that the currently

logged-in user initiated or you can view tasks that all users initiated.

System

tasks

Tasks that occur automatically, for example, synchronization with a directory service, are system tasks. Because a system

task is not a task that the current user initiates, you must display the All Users view to see these tasks in the Task bar.

Stalled

tasks

Tasks that have been running longer than it normally would take to complete. If you think a stalled task will not finish, you

can cancel it.

Interrupted

tasks

If a system or connectivity occurs, the software maintains information about the state of active tasks before the

interruption occurred. When the problem resolves, the software tries to complete all interrupted tasks.

Use the Task bar to track progress

The Task bar displays information about the status of tasks. This includes tasks that are running, and those that have

completed; tasks initiated by the logged in user, or tasks belonging to all users, including the system. System tasks are tasks

that result from scheduled maintenance.

Task status bar, minimized

A minimized Task status bar is displayed across the bottom of the console.


Taskstatusbar

Description

Task in

progressA rolling marquee of recently completed tasks.

Status

indicator

The color icon next to each task indicates whether the task is progressing or completed normally, or if there are issues

with it. For details, see the Status Indicator table below.

Expander

barOpens and closes the expanded view of Task status.

Task status bar, expanded

When you click the Expander tab to open the Task status bar, a list of the tasks in progress and recently completed is

displayed. By default, this includes tasks for all users, including the system. Tasks owned by the system include scheduled

maintenance tasks.


You can change the Task listing by sorting, filtering, and hiding the tasks included in the grid.

Sorting: Click any column title to display tasks based on that category in ascending or descending order.

Filters: Select a Tasks f ilter and a Users f ilter to control which tasks are displayed. For Filter details, see the table below.

Show Hidden Tasks: Hidden tasks are any running tasks whose Hide check boxes are selected. By default, all system

tasks are marked Hide. When you deselect the Show Hidden Tasks checkbox, any tasks marked Hide are excluded from

the list.

Filters on the Task status bar

Task status details

To see more information about a task, for example, what is happening during a Desktop rebuild, you can open a detailed

status window on the task.

Click the Info button next to the task to open a window with details on Task status.

The task status details window lists any subtasks required to complete a task. Like the Task status bar, you can reorganize

the list by clicking any of the column titles.

Cancel subtasks

You can cancel subtasks individually or all at once:

Click x to cancel individual subtasks.

Click Cancel All to cancel all subtasks that are not yet completed.

Cancel tasks

Most tasks include one or more subtasks. While a task is in progress, you can cancel one or more subtasks, for example, if a

system problem occurs and the subtask is unlikely to complete.

1. Open the Task bar and view the active tasks.


2. Click i to open the information view for a task.

3. Click x next to the subtask you want to cancel (in some cases, the information view displays more than one subtask).

4. When the subtask stops, the Task bar changes its status to Canceled.


Unidesk Layers

Jun 28 , 2017

Layer are components that the Unidesk software uses to deliver a complete virtual machine to an end user. You can create

and manage the following types of layers:

Operating System Layer - The Operating System Layer contains the operating system that the software imports from

a gold image. It can also include configuration settings, printer settings, applications (for example, anti-virus software),

and all other aspects of the gold image at the time of import.

Application Layers - Application Layers contain software programs that you can deploy to any Unidesk Machine

(Desktop or Session Host) with the compatible operating system. A Layer can also include patches or plug-ins for

programs.

Personalization Layer - The Personalization Layer contains a user's personalized data; applications, configuration

settings, and data. When you create a Unidesk Machine, the software creates this layer. As users modify their Unidesk

Machine, the Unidesk Machine stores all of their changes in the Personalization Layer associated with their Desktop or

Session Host.

Creating an Operating System Layer

The following table provides details about each phase in the creation process for Operating System Layers.

Phase Description

Prepare

the

gold

image

You prepare a gold image that is optimized for the Unidesk environment and includes an answer file for unattended setup on

each Unidesk Machine.

Create

the

Layer

You use the Create Operating System Layer wizard to create the Operating System Layer, specify the gold image, and

associate an icon with the Layer. The Boot image is created. The Unidesk software imports the operating system,

configuration settings, and applications from the specified gold image and uses them to create a bootable image.

Creating an Application Layer

The following table provides details about each phase in the creation process for Application Layers.


Phase Description

Not

deployable

The layer is not ready for assignment to Unidesk Machines.

Either the software is in the process of preparing the layer for deployment or a system problem occurred that is

preventing the layer from becoming deployable.

Check the status in the Task bar and in the layer's information view for additional information about the layer's status.

Editing

The software is in the process of creating or changing the layer.

If you are creating an Application Layer, this status usually indicates that the system is waiting for you to install the

application on an Installation Machine and finalize the layer.

Deployable The layer is ready for assignment to Unidesk Machines.

Layer version status description

The following table describes the status messages for layer versions. To see these status messages, open the Information

view for the layer.

Status Description

Editing

One of these conditions exist:

Application Layers - The software is preparing the Installation Machine for installation of the application.

Operating System Layers - The software is importing the files from a gold image before it creates the bootable

image.

This status applies to new Application Layers and all layer versions that you add. The software is waiting for an

administrator to install the software on an Installation Machine. The software then imports the application software into

the layer.

Deployable The layer is available for use when you create Desktops and Application Layers.


Assign the new version of an OS Layer to a collectionand its desktops or session hosts

Jun 28 , 2017

You can assign the new version of an Operating System Layer to a Collection and the Unidesk Machines (Desktops or

Session Hosts) in it, as described below.

NoteUnidesk Machines are locked to the OS layer on which they were created. You cannot switch a Unidesk Machine to a different

Operating System Layer, even if the Layer has the same OS as the one on which the Unidesk Machine was created. So, although you

can move a Unidesk Machine to a new Collection, the new Collection must use the same Operating System Layer as the current

Collection.

To deploy the new Operating System Version to a Collection and its Unidesk Machines:

1. Add the version you want to deploy to an existing Operating System Layer.

2. In the Unidesk Management Console, click Desktops > Collections or Session Hosts > Collections.

3. Select the Collection and click Edit Collection in the Action bar. This opens the Edit Collection wizard.

4. In the OS Assignment tab, select the operating system version that you want to assign to the Collection and its Unidesk

Machines.

5. In the Confirm and Complete tab, verify that the details are correct, enter a comment if required, and click UpdateCollection. If you enter comments, they appear in the Information view Audit History.


Update an OS layer with a new version

Jun 28 , 2017

To upgrade an operating system, add a new version to the Operating System Layer. When you assign the Operating System

Layer to a Unidesk Machine (Desktop or Session Host), you can select the new version that you created.

Before you start

Ensure that the following items are available:

An Installation Machine.

The installation program for the service pack or operating system upgrade.

Optionally, shut down the Unidesk Machine you are changing. Changing the operating system requires the software to

create a new bootable image for the Unidesk Machine. The Unidesk Machine must be in a stopped state for this task to

complete. You can choose to restart the Unidesk Machines after you finish the application assignment.

Add a new version to a layer

1. Select Layers > OS Layers and then select the Operating System Layer for which you are adding a new Version.

2. Select Add Version in the Action bar. This opens the Create OS Version Wizard.

3. In the Version Details tab, enter a version identif ier and select an Installation Machine.

4. If you want a script to run when the Unidesk Machine starts for a user running this operating system version, enter a

version description and a path for the script.

5. In the Conf irm and Complete tab, review the version details, enter a comment if required, and click Create Version. If

you enter comments, they appear in the Information view Audit History.

6. Monitor this task in the Task bar. When prompted to do so, install the new operating system service pack or upgrade on

the Installation Machine.

7. After installing the service pack or upgrade, select the Operating System Layer and select Finalize in the Action bar.

After you create the new version of the Layer, assign it to the Unidesk Machines that require the operating system

upgrade. You must restart the Unidesk Machines before the changes take effect.


When finalizing a Layer, Unidesk checks to see if the Layer is ready. If any tasks remain to be completed, for example,





Layer Integrity Message: The new version version-name of Layer layer-name on Installation Machine (IM) im-name can























ngen update /force

This brings the NGen task to the foreground in the command prompt and lists the assemblies being compiled.

NoteIt’s okay if you see several compilation failed messages




1.

2.

Command COPY

3.

Status COPY

4.




pause.



ngen queue status



Run Scripts


(Desktop or Session Host) is deployed. For example, you can use a script to complete the setup for an application. The .cmd

or .bat file is installed on the Installation Machine.

New Layer Versions - When you create a new Layer Version, the new Version does not inherit the script from the



1. Add the script f ile to the Installation Machine you are using to create the Layer or Layer Version.

Note: To see whether a Layer Version already has a script configured, check by opening the Layer's Information view and

expand the Version entries.

2. Enter the script's path in the Layer or Layer Version's Script Path f ield. For example, enter C:\Scripts\SpecialScript.bat in

the Script Path f ield.



Remove the Layer from the Unidesk Machine and then re-add it.

Click Desktop > Edit Desktop or Session Host > Edit Session Host , select the Application Assignment tab, and

select Repair for the layer.

1.

2.

Command COPY

3.

Status COPY


Upgrade an application

Jun 28 , 2017

You can upgrade an application by installing a new version of it on a new Version of an Application Layer. An Application

Layer can include several Layer Versions, each containing a different application version. You can deploy different Layer

Versions to selected Unidesk Machines (Desktops or Session Hosts).

Before you start

You'll need:

A compatible Installation Machine.

The installation program for the new version of the application.

Application Layers that the new version requires (prerequisite Layers).

If applications af fect boot-level components

Installing applications such as service packs, hot fixes, and antivirus applications can affect boot-level components, which

means you'll need to restart the Installation Machine. This will generate a system task to rebuild the Unidesk Machine's

boot image. Once Unidesk rebuilds the boot image, it shuts down the Installation Machine copies the boot-level

components to the boot volume, and restarts the Installation Machine. You can then finalize the layer or version.

NoteIf the Installation Machine restarts before the boot image rebuild is complete, you will see a STOP message screen. This is

temporary.

About setting a script to run the first t ime the user logs in


(Desktop or Session Host) is deployed. For example, you can use a script to complete the setup for an application. The .cmd

or .bat file is installed on the Installation Machine.

New Layer Versions - When you create a new Layer Version, the new Version does not inherit the script from the


How to set a script


1. Add the script f ile to the Installation Machine you are using to create the Layer or Layer Version.

Note: To see whether a Layer Version already has a script configured, check by opening the Layer's Information view and

expand the Version entries.

2. Enter the script's path in the Layer or Layer Version's Script Path f ield. For example, enter C:\Scripts\SpecialScript.bat in

the Script Path f ield.



How to set a script to run more than once


1. Remove the Layer from the Unidesk Machine and then re-add it.

2. Click Desktop > Edit Desktop or Session Host > Edit Session Host , select the Application Assignment tab, and select

Repair for the layer.

Upgrade an application

1. Select Layers > Application Layers and select an Application Layer.

2. Select Add Version in the Action bar. This opens the Create Application Version wizard.

3. In the Version Details tab, enter a version identif ier. This can be the application version, or anything you choose.

4. (Optional) Type a description of the version.

5. In the OS Layer tab, select the Operating System Layer. The Operating System Layer that is used to create the

Application Layer appears.

6. Select any version of the Operating System Layer.

7. Select an Installation Machine.

8. In the Prerequisite Layers tab, select any Layers required to install the new Application Layer Version.

9. In the Confirm and Complete tab, verify your choices, and click Create Version.

10. Monitor this task in the Task bar. When prompted to do so, install the new operating system service pack or upgrade on

the Installation Machine.

11. After installing the upgrade, select the Application Layer and select Finalize.

When the task is done, you can deploy the new Application Layer Version to Unidesk Machines that have a compatible

Operating System Layer.







Layer Integrity Message: The new version version-name of Layer layer-name on Installation Machine (IM) im-name can





















Open a command prompt as an Administrator.




ngen update /force


NoteIt’s okay if you see several compilation failed messages





1.

2.

Command COPY

3.

Command COPY

4.



pause.



ngen queue status



1.

2.

Command COPY

3.

Status COPY


Edit Layer properties

Jun 28 , 2017

You can change the following properties for an Operating System or Application Layer, including:

The name of the Layer.

The description of the Layer.

The icon associated with the Layer.

To edit Layer properties:

1. Select Layers and select the Operating System or Application Layer that you want to edit.

2. Select Edit Properties. This opens the Edit Layer wizard.

3. In the Layer Details tab, change the name or the description of the Layer.

4. In the Icon Assignment tab, select a new icon from the Layer Icon box or upload a new one.

5. In the Conf irm and Complete tab, enter a comment, if required, and click Update Layer. If you enter comments, they

appear in the Information view Audit History.

The Unidesk Machines (Desktops or Session Hosts) that include this Layer must restart before the changes can take effect.


Assign icons to Layers of Collections

Jun 28 , 2017

When you create or edit an Operating System Layer, Application Layer, or Collection, you can assign an icon to it. Icons help

to identify these items in the Unidesk Management Console.

About editing and assigning icons

When using the Create or Edit wizard for any Layer or Collection, the Icon Assignment tab gives you the opportunity to:

Choose an icon: Use the default icon, choose another icon from the included samples, or upload a custom icon.

Delete an icon you no longer need.

NoteIcons are automatically assigned to Session Hosts and Installation Machines from the appropriate Collection or OS Layer,

respectively.

Default icon

Unidesk uses the following icon by default when you create a Layer or Collection, or delete an icon that is in use.

Recommended icon specifications

The following image specifications are recommended for Unidesk icons. Although other sizes and resolutions are supported,

the file type must be PNG or JPG.

Specif ication Details

File Type PNG or JPG

Size 64 x 64 pixels

Resolution 96 DPI

Preview icon

You can preview a custom icon before applying it:

1. For best results, adjust your icon image to conform to the Recommended icon specif ications above.

2. In the Icon Assignment tab, click Browse.

3. Select the icon image you want to upload and click Open. The image appears along with the other icons, and a preview

is displayed on the right.

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/unidesk-layers/assign-icons-to-layers-of-collections.html#icon-specs


Upload an icon

You can upload a custom icon to add to your collection:

1. Adjust your icon image to conform to these Recommended icon specif ications above.


3. Select the icon image you want to upload, and click Open. The image appears in the icon collection, and a preview of the

icon as it will appear on the selected Layer is displayed on the right.

Note: If you browse and select an icon, but then choose a different one for your Layer, the f irst one you had selected

will not be uploaded. The icon is only uploaded once you have f inalized the Conf irm and Complete tab.

4. To complete the upload, use the Conf irm and Complete tab to f inalize the wizard.

Delete an icon

You can delete an icon, and it will be removed from the database.

Note: The software does not let you delete the following icons shipped with the system:

If the icon is in use by any Layer or Collection, you will receive a warning, and the default icon will be used in its place.

To delete an icon, do the following:

1. In the Icon Assignment tab, select the icon you want to delete.

2. Click the Delete button. This immediately removes the icon from the database, even if you do not complete the wizard.

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/unidesk-layers/assign-icons-to-layers-of-collections.html#icon-specs


Manage an Installation Machine

Jun 28 , 2017

An Installation Machine is a virtual machine that acts as a staging area for the creation of Layers and new Layer Versions.

You need an Installation Machine to create an Application Layer, a new Version of an Application Layer, or an Operating

System Layer Version. The Master CachePoint Appliance hosts all Installation Machines.

When you first create an Installation Machine, it is powered off. When you select an Installation Machine to use in creating

an Application Layer, the Installation Machine is powered on and you can use RDP to log into it and install the Applications

you want to include in the Application Layer.

Log into an Installation Machine

To log into an Installation Machine:

1. Select System > Installation Machines.

2. Hover over the Installation Machine you want to log into and click the i icon. Use the IP Address displayed to connect to

the IM using RDP. The Hyper-V authentication window opens.

3. Enter your directory service credentials. The Windows login screen appears.

4. Enter your Windows Administrator password.

You can now install applications on the Installation Machine.

Delete an Installation Machine

You can delete an Installation Machine from the virtual infrastructure. The Delete action is only active if the Installation

Machine is not in use.

1. Select System > Installation Machines.

2. Select one or more Installation Machines to delete and select Delete from the Action bar.

Result: This action opens the Delete Installation Machines wizard.

3. In the Conf irm and Delete tab, verify that you selected the correct Installation Machines, enter a comment if required,

and click Delete Installation Machines.

NoteIf you delete an OS layer, all associated are deleted as well.


Repair an application

Jun 28 , 2017

As users customize their Unidesk Machines (Desktops or Session Hosts), they can change or remove files that affect how

an application functions. Or, users may uninstall applications that need to be part of the Unidesk Machine, based on

corporate requirements.

To resolve these issues, you can repair the original application as it is configured in an Application Layer.

What happens when you repair an application?

The Edit Desktop and Edit Session Host wizards let you specify applications to repair for one or more selected Unidesk

Machines.

If you select Repair in the Edit Desktop or Edit Session Host wizard's Application Assignment tab, the following actions

occur the next time the Desktop shuts down:

1. The software removes all of the changes for the selected applications from the Personalization Layer, with the

exception of changes made to the Registry hive HKEY_LOCAL_MACHINE\SYSTEM.

2. The software creates a new bootable image for the Unidesk Machine that contains the selected application versions.


Search

Jun 28 , 2017

The Search feature lets you find Desktops, Session Hosts, users, or layers:

Desktops Select the Desktops module or the System > Installation Machines module.

Session Hosts Select the Session Hosts module.

Users

Select the Desktops module.

Use the search feature in the User Assignment tab of the Create or Edit Desktop wizard.

Select the Users module.

Layers Select the Layers > OS Layers or Layers > Application Layers module.

Using the Search box

The Search box is located in the Display tool bar in the Desktops, Session Hosts, Layers, and System > InstallationMachines modules.

To start a search, enter a letter, a word, or a phrase in the Search box and click Search. The Unidesk Management

Console displays the search results in the selected icon or list view.

To refine the search results, use Search for Desktops, Session Hosts, Layers, or users. Avoid using the Search keywords in

the names of any Unidesk object. Using these keywords in names can cause inaccurate search results.

To use advanced search, select the arrow next to the Search box. Advanced search is available in the Unidesk Machines

(Desktops or Session Hosts) modules only. To clear the search result and redisplay the default display click x next to the

Search box.

Search criteria

When you search for items, the search results match the text and keywords that you enter in the Search box.

The following table provides information about the search criteria for each module.


For this module: Your search criteria can match any of these properties:

Desktop or Session Host

Unidesk Machine name.

The login or domain name for the user logged into the Unidesk Machine.

First or Last name of the user assigned to the Unidesk Machine.

Phone number of the user assigned to the Unidesk Machine.

Email address of the user assigned to the Unidesk Machine.

Name of a layer assigned to the Unidesk Machine.

Maintenance schedule that the Unidesk Machine is using.

Name of the CachePoint Appliance assigned to the Unidesk Machine.

Name of a Collection that the Unidesk Machine is assigned to.

Layer (OS and Applications) Layer name.

System > Installation Machine Installation Machine name.

Search rules

The following table provides information about the search rules.


Rule Example

All searches are case-insensitive, including words or phrases enclosed in double

quotes (" ").

Searching for Firefox or firefox displays all items

whose names contain either word.

Searching for words or phrases enclosed in double quotes results in an exact

match.

Searching for "MS Word," displays items whose

names include the words MS Word but not WordPad.

If, in a keyword search, you specify a name that includes words separated by

spaces, search finds only the items whose names include the same words

separated by spaces.

If you specify a name that includes words separated by spaces and then enclose

any part of the name in double quotes, search finds only the items whose

names include the same words separated by spaces as long as they also include

the double quotes.

Searching for Layer: antivirus t displays items whose

names include the words antivirus test and antivirus

trial, but not antivirustest.

Searching for Layer:"antivirus" test displays items

whose names include the words "antivirus" test but

not antivirus test.

AND is implied in all searches except for those enclosed in double quotes.

Searching for Windows Server, the search looks for

words or phrases that include Windows AND Server.

Therefore, the search results could include the

following layers:

Windows Server 2012

Windows Server 2008

Windows Nano Server

The search results would not include a layer named

Windows for Finance because its name does not

include "Server."

Search uses an implied wildcard at the beginning and end of the words you enter

in the Search box.

Searching for Word displays all items whose names

include MS Word, Word for Windows, and WordPad.

Search keywords

You can use one or more keywords to refine the search results for Desktops or Session Hosts. To enter multiple keywords,

separate each keyword and value with a space, as shown in the following example:

layer:chrome group:sales

In this example, the search results display all of the machines that are using the layer, chrome, and have owners that are

members of the group, sales.

The following table provides information about the supported keywords.

Use... To search for...

CachePoint:<text>

Unidesk Machines that are assigned to a CachePoint Appliance with a name that includes the specified text.

Example: Searching for CachePoint:NYO displays Unidesk Machines (Desktops or Session Hosts) assigned to

any of the following CachePoint Appliances: Master-CP-NYO, CP1-NYO, and CP2-NYO.


CachePoint:<"text">

Desktops or Session Hosts that are assigned to a CachePoint Appliance with a name that matches the

specified text exactly.

Example: Searching for CachePoint:"CP1-NYO" displays Unidesk Machines that are assigned to a CachePoint

Appliance named CP1-NYO.

Layer:<text>

Unidesk Machines that have an assigned layer with a name that includes the specified text.

Example: Searching for Layer:SQL displays Unidesk Machines that have any of the following layers assigned to

them: MySQL, OracleSQL, SQL Server.

Layer:<text>;<version>

Unidesk Machines that have an assigned layer with a name that includes the specified text or version number.

You can enter any type of version number, for example, 5, 5.1, or 5.1.4.

Example: Searching for Layer:SQL;5.displays Unidesk Machines that have any of the following layers assigned

to them: MySQL, version 5, OracleSQL, version 15, SQL Server 5.1.

Layer:<"text">;

<"version">

Unidesk Machines that have an assigned layer with a name that matches the specified text or version exactly.

Example: Searching for Layer:"SQL";5.5 displays Unidesk Machines that have the following layer version

assigned to them: SQL, version 5.5.

Group:<text>

(Desktop modules only)

Desktops that have owners who are members of a group with a name that includes the specified text.

Example: Searching for Group:Sales displays Unidesk Machines whose owners belong to any of the following

groups: Sales-NorthAmerica or Sales-Europe.

Group: <"text">


Desktops that have owners who are members of a group with a name that matches the specified text exactly.

Example: Searching for Group:"Sales-Asia" displays Unidesk Machines whose owners belong to the Sales-Asia

group.

MaintenanceSchedule:

<text>

Unidesk Machines that are using a maintenance schedule with a name that includes the specified text.

Example: Searching for MaintenanceSchedule:weekend displays Unidesk Machines that are using any of the

following maintenance schedules: weekend-marketing, weekend-accounting.

MaintenanceSchedule:

<"text">

Unidesk Machines that are using a maintenance schedule with a name that matches the specified text exactly.

Example: Searching for MaintenanceSchedule:"weekend-management" displays Unidesk Machines that are

using a maintenance schedule named weekend-management.

ChangesPending:<yes

| no>

Unidesk Machines that have configuration changes pending and need to restart to have the changes take

effect.

The values for this keyword include:

1, true, yes, or y.

0, false, no, or n.

Examples: Searching for any of the following keywords displays Unidesk Machines that have pending

configuration changes and need to restart:

ChangesPending:1

ChangesPending:true

ChangesPending:yes

ChangesPending:y

Searching for any of the following keywords displays Unidesk Machines that do not need to restart (no

configuration changes are pending):

ChangesPending:0

ChangesPending:false

ChangesPending:no



ChangesPending:no

ChangesPending:n


Search filters

To refine the search display, use any or all of the following filters:

Filter list: The Filter list allows you to select a category that defines the type of items the Unidesk Management

Console displays when a search matches your search criteria. The options in the Filter list change depending on the

displayed page.

View Flagged Items: If you select View Flagged Items before starting a search, the search displays only those items that

match the search criteria and are also f lagged items.

Advanced search

The Desktop and Session Host modules include Advanced search that lets you locate Unidesk Machines using complex

search queries.

Search criteria

Advanced search lets you to find Unidesk Machines using one or more of the criteria described in the table below. If you

specify more than one criteria, the search will be treated as an AND.


Advancedsearch criteria

Description

Contain these

words

One or more words (or partial words) included in any of the Unidesk Machines search properties.

To match a specific word or phrase exactly, enclose the value in double quotes (" ").

Have owners in

this group


Full or partial name of the group that includes the Desktop owners. If you type a portion of the name, all groups

containing this string will be included in the results, whether they are local Unidesk or LDAP groups. For example, if

you search on CHI, Desktops with owners in both the LDAP group CHIGROUP and the Unidesk group ICHI will be

included in the results.

You can use the Browse button to select the group. If you select an LDAP group, the group's Distinguished Name

appears in the field. For example, if you select CHIGROUP, a name like the following would appear in the field:

CN=CHIGROUP,OU=CHI,DC=mycompanydom3,DC=local

Are hosted

on CachePointFull or partial name of the CachePoint Appliance assigned to the Unidesk Machine.

Use

this maintenance

schedule

Full or partial name of a maintenance schedule.

Are using this

CollectionFull or partial name of a Collection.

Are using this

layer

Full or partial name of a layer. You can specify a version.

To add more layers to the query, click And.

When you specify multiple layers, the search results display the Unidesk Machines that contain ALL of the specified

layers.

Have pending

configuration

changes

Yes - finds Unidesk Machines that need to restart because they have pending configuration changes.

No - finds Unidesk Machines that do not have pending configuration changes.

N/A - this criteria is not applicable to your search.

Using advanced search

1. In the Desktop or Session Host module, click the down arrow next to the Search box.

2. Specify values for any or all of the advanced search criteria.

3. Click Search.

Example

Assume that you've assigned new versions of the QuickQuote and AddUp Application Layers to all of the Sales Unidesk

Machines in the New York territory. You want to find the Unidesk Machines that have not yet restarted and received the

new configuration.

To find these Unidesk Machines only, you specify the following advanced search criteria:


For this search criteria: You enter...

Contain these words Sales-

Are hosted on CachePoint NYO

Use this layerQuickquote Version 2

Addup Version 2

Have pending configuration changes Yes

This search query finds all of the Unidesk Machines that:

Have the word, Sales- in their name. For example, Sales-BobWilson and Sales-SallySeashell.

Are hosted on CachePoint Appliances that have NYO in their names. For example, NYO-CP-Master and NYO-CP1.

Use version 2 of the layers, QuickQuote and AddUp.

Have pending configuration changes and need to restart — that is, the Unidesk Machines have not yet restarted after

you assigned new layers to them.

Search query example

The following example shows how Unidesk constructs a search query based on the search criteria specified in the advanced

search example.

Sales- CachePoint:NYO Layer:quickquote;C=Version:2 Layer:addup;Version:2 NeedsRestart:yes


Desktops, Session Hosts, and Collections

Jun 28 , 2017

A Unidesk Desktop or Session Host is a virtual machine composed of an Operating System layer and Application Layers. You

create the Operating System Layer and Application Layers, and assign them to Desktops and Session Hosts, as needed.

A Desktop also includes a User Personalization Layer. Unidesk creates the Personalization Layer, one for each Desktop, and

you can create two types of Desktops, Persistent or Non-persistent. In the case of a Persistent Desktop, the

Personalization Layer stores all changes made by the Desktop’s user, including files and installed applications. In a Non-persistent Desktop, the Personalization Layer is cleared on each Desktop reboot or log off, unless you are using RDS in

which case it is cleared only on a log off. Desktops can be deployed to a connection broker such as Microsoft’s RDCB or

can simply be deployed to the virtual infrastructure and accessed via a connection client like RDP.

How it works

The Unidesk software lets you make the following choices when deploying new Desktops and Session Hosts:

Choose a Unidesk Collection, and:

For Desktops, choose a user or group.

For Session Hosts, choose the number of them to create.

Specify a cluster or server where the Desktops or Session Hosts will be hosted, and a Virtual Switch (network).

NoteYou can now create Unidesk Desktops on clustered hosts that do not have active CachePoints, as long as there is one host in the

cluster with an active CachePoint. This minimizes both the storage requirements and the need for more resources, allowing you to

create Desktops across multiple hosts using fewer CachePoints.

Assign an Operating System Layer.

Assign one or more Application Layers.

Specify Desktop or Session Host settings, for example, CPUs, memory, storage allowance for user data, page f ile size,

and core dump type.

Maintenance schedule for updating Layers and other tasks that may require rebooting the Desktop or Session Hosts.

A Desktop or Session Host behaves in the same manner as any other Desktop virtual machine or Session Host, with the

following exceptions:

When changes to the configuration result in the need to rebuild the bootable image, Unidesk places the Desktop or

Session Host in Maintenance Mode while the rebuild is in progress.


Manage Desktops

Jun 28 , 2017

About changing Desktop Layers and attributes

About managing a Desktop's bootable image

The components that comprise a Desktop come from a variety of Layers. For example:

An Operating System Layer includes the operating system that the software imports from a gold image. The gold image

might include applications, as well.

Individual Application Layers include applications that you create as separate components.

When you create a Desktop, you specify virtual machine settings for CPUs, memory, network adapters and disk storage.

Each Desktop has a configuration associated with it. The configuration references all of the components and versions that

define what end users interact with when they use the Desktops. If the configuration changes, the software needs to

create a new bootable image that matches the new configuration.

A Desktop receives new bootable image when it is shut down or during a restart. The Unidesk software uses the new

configuration to create a new bootable image.

Changes that affect the Desktop bootable image

Any time a user makes a change to a Desktop, the Desktop sends this information to the server or cluster that is hosting it.

Based on the content of the messages it receives, the server or cluster determines whether it needs to create a new

bootable image for the Desktop.

A Desktop requires a new bootable image when you change the configuration, or when a change to the Desktop affects

system-level files, for example, when adding new services, changing services to start automatically, or modifying system

boot files.

Note: Typically, changes to keys in the HTLM\SYSTEM\CurrentControlSet\Services key cause the Desktop to receive a new

bootable image.

The configuration for a Desktop changes when any of the following events occur:

Changes to the Desktop affect system-level f iles. (for example, adding new services, changing services to start

automatically, or modifying system boot f iles).

You assign a new application to a Desktop.

You remove an application from a Desktop.

You add a new version of an existing application.

You update a version of an existing application or the operating system.

You change the priority order of applications assigned to one or more Desktops.

Changes implemented during a Desktop shut down

If a Desktop requires a new bootable image, the Desktop must remain in a shut down state while the CachePoint

Appliancecreates the image. If a user initiates a system restart and the Desktop requires a new bootable image, the

Desktop remains in a shut down state until the CachePoint Appliance finishes creating the bootable image. While this


action is in progress, users can experience a one minute delay in the system restart. They may also notice that the Desktop

is in a powered-off state during this time.

It is important that no one attempts to power on the Desktop while the CachePoint Appliance is creating the bootable

image.Attempting to start the Desktop while the CachePoint Appliance is creating the image can result in the Desktop not

being able to restart.

Example

A user installs a new application on the Desktop. The installation program prompts the user to restart the computer to

complete the installation. After the user clicks OK to restart the computer, she watches the Desktop shut down and

restart. During the restart, the screen is blank. When the screen remains blank longer than usual, the user contacts the

Desktop administrator.

The Desktop administrator logs in to the Unidesk Management Console and notices that status of the Desktop

is Creating image, indicating that the Desktop needs a new bootable image. The administrator asks the user to wait for

a few minutes and explains that changes to the Desktop resulted in the need to create a new system image.

After a short wait, the Desktop restarts normally.

IP address assignment for Desktops

When you create a Desktop, the software uses DHCP to acquire an IP address for it. If you look at the settings for the

Desktop, however, the Internet Protocol settings for the Desktop show that a specific IP address is assigned to it, as

shown in the following illustration. This assignment is normal behavior. Do not change these settings.

How Desktops obtain IP addresses

Each time a Desktop boots, a custom DHCP client runs during the early stages of the start-up process. This client is

responsible for renewing or rebinding the current IP address, if possible. If the current IP address is not available, the custom

DHCP client obtains a new address for the Desktop. There is no need for you to change any of the Internet Protocol

properties.

Because the software uses an internal ID, not the IP address, to identify the Desktop, communication is not affected if

the Desktop's IP address changes.

View the Desktop's configuration

Desktop visualization panel

The Desktop Visualization panel provides a graphic display of a desktop configuration while you create and edit a desktop.

As you select layers and settings for the desktop configuration, the Desktop Visualization panel displays the layers, in order

of priority, and all of the desktop settings.

The priority order for layers is the order in which the desktop deployment process applies the layer, from the highest priority

(applied last) to the lowest.

Desktop views

https://www.unidesk.com/sites/default/files/support/learn/3.4.3_for_Hyper-V/desktop_address.png


If you select multiple Desktops for editing, you can choose which one to display in the Desktop Visualization panel. Just

expand the list at the top of the panel and select a Desktop.

Update a Desktop's applications

Before you start

If you are adding applications to the Desktops, make sure the Application Layers you need are available in the Layers

> Application Layers module, and that they use the same OS Layer as the Desktops to which you want to assign them.

Assign a new Operating System Layer Version to Desktops

You can update the operating system assigned to one or more Desktops by creating a new Layer version containing the

operating system update and assigning the new version of the Layer to the Desktop's Collection. As part of this process,

the Unidesk software creates a new bootable image for the Desktop. The Desktop must be stopped for this task to

complete.

The new Layer version is assigned to the Desktop based on the Desktop's maintenance schedule. To view and edit the

Desktop's maintenance schedule:

1. In the Unidesk Management Console, click Desktops > Desktops and select the Desktop.

2. Select Edit Desktops in the Action bar.

3. In the Maintenance Schedule tab, you can view and edit the deployment method for Desktop changes.

Select or create a maintenance schedule. A maintenance schedule deploys changes during a specif ied time frame. For

more about maintenance schedules, click here.

As soon as possible. This option deploys the configuration changes after you shut down the Desktops. Selecting this

option overrides the current maintenance schedule.

Defer deployment until a specified date and time. This option defers deployment of configuration changes until the

specified time elapses. At that time, Unidesk deploys the configuration changes if the Desktops are shut down.

Selecting this option overrides the current maintenance schedule.

4. In the Confirm and Complete tab, enter a comment about the upgrade, if required, and click Update Desktop.If you

enter comments, they appear in the Information view Audit History. Unidesk deploys the configuration changes as

specified by your Maintenance Schedule selection.

Assign new applications or updates to Desktops

You can Edit Desktops from the Desktop module or by selecting the Desktops' Collection in the Collections module. The

changes will be applied in accordance with the selected maintenance schedule option. Desktops are always restarted

during updates.

1. Create a new Application Layer or Layer Version.

2. Select the Desktops that you want to edit from the Desktops module, or right-click the Desktops' Collection in the

Collections module to update all machines at one time.

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/desktops-session-hosts-and-collections/manage-unidesk-collections.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/desktops-session-hosts-and-collections/schedule-desktop-or-session-host-maintenance.html



3. Select Edit Desktops in the Action bar.

4. In the Application Assignment tab, expand the item for the application that you want to upgrade and select the

appropriate version.

5. In the Maintenance Schedule tab, select a deployment method for the configuration changes. You can deploy them in

any of the following ways:

Select a maintenance schedule. A maintenance schedule deploys changes during a specif ied time frame. For more

about maintenance schedules, click here.

As soon as possible. This option deploys the configuration changes after you shut down the Desktops.



specified time elapses. At that time, Unidesk deploys the configuration changes if the Desktops are shut down.


Defer deployment until the user logs out or reboots. A maintenance schedule deploys changes when the user logs out

or reboots the Desktop.

6. In the Confirm and Complete tab, enter a comment about the upgrade, if required, and click Update Desktop.If you

enter comments, they appear in the Information view Audit History. Unidesk deploys the configuration changes as


Edit Desktop attributes

Desktop settings you cannot change

You cannot change the following settings when you modify a Desktop:

Size of the storage for user data (the Personalization Layer)

Desktop type, Persistent or Non-persistent

Connection broker

Operating System Layer

Move the Desktop to a different Collection

Requirements

You can move a Desktop to a different Collection as long as the new Collection has the following settings in common with

the Desktop's current Collection:

Connection broker, if one is selected

Collection Type, Persistent or Non-persistent


Note: In an RD Connection Broker (RDCB) collection, a user can have only one Desktop. If you attempt to move a Desktop

into an RDCB collection where there is already a Desktop owned by that user, the Desktop will not be moved.

You can Edit Desktops from the Desktop module. The changes will be applied in accordance with the selected maintenance

schedule option. Desktops are always restarted during update. As with any other Desktop edit, selecting a new Collection



creates a task that will rebuild the Desktop and move it into the new Collection at the next Maintenance Window.

Change the Desktop name

When you create Desktops, you either enter a name for it or allow the system to generate names for you. The Desktop

name must be unique to the host that is storing it and adhere to the following standards: When the software creates the

Desktop, it uses the specified or generated name as follows:

Uses the name for the Desktop that the Unidesk Management Console displays.

Creates a virtual machine with the specif ied name.

Uses the name as the DNS name assigned to the virtual machine in the virtual infrastructure.

Uses the name as the Windows machine name.

If you change the name of a Desktop after you create it, the change affects only the name that the Unidesk

Management Console displays. The virtual machine name, the DNS name associated with the Desktop, and the Windows

machine name do not change. If you want the names to match, you must change the names manually.

To change the name of a Desktop:

1. You can Edit Desktops from the Desktop module or by selecting the Desktops' Collection in the Collections module.

2. Select the Desktop Details tab, and change the Desktop Name.

3. Select the Conf irm and Complete tab, and click Update Desktop.

Configure a network connection for Desktops

By default, the setting for a Desktop's network connection is the same as the network assigned to the gold image that

you used to create the Operating System Layer.

Depending on the organization of your virtual infrastructure, you may want to configure specific Desktops to use different

network connections.

You can set the network connection when you create Desktops or you can change the network connection for deployed

Desktops.


2. In the Desktop Details tab, select different values for the Virtual Switch and VLAN Tags, as needed. If you need to add

new VLAN Tags, click the Manage button and use the wizard to do so.

3. Complete the create or edit task.

4. If you modif ied an existing Desktop, restart it to ensure the changes take effect.

Change the Physical Attributes of a Desktop

You can change the physical settings of the virtual Desktop at any time. For example, if you are installing an application

that requires additional memory, you can adjust these settings, as required.


2. Select Edit in the Action bar. The Edit Desktop wizard opens.

3. Select the Desktop Settings tab and change the settings as necessary.

Non-persistent Desktop - Delay before shutdown

When you shut down a Non-persistent Desktop, there is a 5-second delay to ensure that the logoff message makes it


through the RDS integration services. You can change the length of the delay by editing the Registry

value System\CurrentControlSet\Services\Uniservice\ShutdownDelayMS.You must make this change in the Operating

System Layer or in an Application Layer.

Restart or shut down a Desktop

Restart Desktops

Use the Restart/Shut Down action in the Desktops module to start a Desktop that is shut down or to have changes to

the Desktop take effect.

During the restart process, the Unidesk software instructs the virtual infrastructure to perform a clean shut down of the

virtual machine, if it is still running, and then starts it again.

Before you start

Before restarting a Desktop, verify that the screen saver is disabled. The Desktop does not shut down properly if the

screen saver is enabled.

During a restart

If you make changes to a Desktop while it is running (for example, you change the application assignment), the software

will wait for the Desktop to shut down before completing the tasks required to rebuild the Desktop.

When you initiate a restart of a Desktop, the software deploys the queued changes once the Desktop shuts down. The

desktop is restarted after it the rebuild is complete.

You can monitor the detailed view of the Restart task in the Task bar to see the sub tasks related to creating the new

bootable image.

Steps

1. Select Desktops and select one or more Desktops.

2. Select Restart/Shut Down in the Action bar. This opens the Shut Down wizard.

3. In the Restart or Shutdown tab, select the Restart option.

4. In the Confirm and Complete tab, enter a comment that explains why the restart is necessary, if required.If you enter

comments, they appear in the Information view Audit History.

5. Click Restart/Shut Down Desktop. The Unidesk software causes the virtual infrastructure to restart the appropriate

virtual machines.

6. Monitor the Task bar to see when this task completes. If the software needs to create a new bootable image for the

Desktop, the restart takes a few extra minutes to complete.

7. When the restart task completes, notify the end users that their Desktops are available for use.

Shut down Desktops

Use the Restart/Shut Down action in the Desktops module to shut down a Desktop.


You may need to shut down Desktops for maintenance purposes, to update a Desktop's configuration, or to prevent end

users from selecting a specific Desktop.

Before you start

Before shutting down a Desktop, verify that the screen saver is disabled. The Desktop does not shut down properly if the

screen saver is enabled.

Steps

1. Click Desktops , select the Desktops you want to shut down, and click Restart/Shut Down. This opens the Shutdown

Wizard

2. In the Restart or Shutdown tab, select Shut Down. If the selected Desktops are integrated with a connection broker,

the Put in Maintenance Mode option becomes active.

3. If you do not want to put the Desktops in Maintenance Mode, clear Put in Maintenance Mode.

4. If needed, enter a comment that describes why the shutdown is necessary. If you enter comments, they appear in the


5. Click Restart/Shut Down Desktop.

During a shutdown

If you make changes to a Desktop while it is running (for example, you change the application assignment), the software

will wait for the Desktop to shut down before completing the tasks required to create a new bootable image for the

Desktop.

When you initiate a shutdown of a Desktop, the software deploys the queued changes once the Desktop shuts down. You

can monitor the detailed view of the Shut Down task in the Task bar to see the sub tasks related to creating the new

bootable image.

Improve Windows 8.1 Desktop login times

If you want to speed up login times for Windows 8.1 Desktops, you can disable some of the more costly and less necessary

GUI actions.

Turn off new user arrows

You can turn off new user arrows, by making the following Registry edits:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\EdgeUI

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EdgeUI

DisableHelpSticker DWORD

0 = Enable help tips

1 = Disable help tips

Turn off startup animation

You can turn off startup animation with these Registry edits:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System


EnableFirstLogonAnimation DWORD

0 = Disable first sign-in animation

1 = Enable first sign-in animation

Disable bootlog and boot animation

You can disable bootlog and boot animation.

1. Open a command window.

2. Enter these commands:

bcdedit /set {default} bootlog no

bcdedit /set {default} quietboot yes

Disable lock screen

Disable lock screen:

1. Open the Group Policy Editor by right-clicking Computer.

2. Select Conf iguration > Administrative Templates > Control Panel > Personalization3. Set Do not display the lock screen to Enabled.

If you prefer to make this change by editing the Registry:

1. In the Registry, under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalizationcreate a new

DWORD (32-bit) Value named NoLockScreen with a value of 1.

2. Restart the system.

Troubleshooting Desktops

What if a Desktop doesn't start?

If a user reports that a Desktop is not starting as expected, log in to the Unidesk Management Console and check the

status of the Desktop.

If the status indicates the creation of a new bootable image is in progress, ask the user to wait for a few minutes. A

bootable image can take 5 - 30 minutes to rebuild. Do not try to power on the machine or take any other action in the

virtual infrastructure.

If the Desktop does not restart within a reasonable amount of time, contact Technical Support.

Delete a Desktop

Delete one or more Desktops

1. Select the Desktops tab, and then the Desktops subtab.


2. Select one or more Desktops.

3. Select Delete in the Action bar. This opens the Delete Desktop wizard.

4. In the Confirm and Complete tab, verify that the list of selected Desktops is correct.

5. Enter a comment that explains why the deletion is necessary, if required.

6. Click Delete Desktops. The Desktops are deleted.

7. Monitor the Task bar to see when this task completes.


Manage Session Hosts

Jun 28 , 2017

About changing Session Host Layers and attributes

About managing a Session Host's bootable image

The components that comprise a Session Host come from a variety of Layers. For example:

An Operating System Layer includes the operating system that the software imports from a gold image. The gold image

might include applications, as well.

Individual Application Layers include applications that you create as separate components.

When you create a Session Host, you specify virtual machine settings for CPUs, memory, network adapters and disk

storage.

Each Session Host has a configuration associated with it. The configuration references all of the components and versions

that define what end users interact with when they use the Session Hosts. If the configuration changes, the software

needs to create a new bootable image that matches the new configuration.

A Session Host receives new bootable image when it is shut down or during a restart. The Unidesk software uses the new

configuration to create a new bootable image.

Changes that affect the Session Host bootable image

Any time a user makes a change to a Session Host, the Session Host sends this information to the server or cluster that is

hosting it. Based on the content of the messages it receives, the server or cluster determines whether it needs to create a

new bootable image for the Session Host.

A Session Host requires a new bootable image when you change the configuration, or when a change to the Session Host

affects system-level files, for example, when adding new services, changing services to start automatically, or modifying

system boot files.

Note: Typically, changes to keys in the HTLM\SYSTEM\CurrentControlSet\Services key cause the Session Host to receive a

new bootable image.

The configuration for a Session Host changes when any of the following events occur:

Changes to the Session Host affect system-level f iles. (for example, adding new services, changing services to start

automatically, or modifying system boot f iles).

You assign a new application to a Session Host.

You remove an application from a Session Host.

You add a new version of an existing application.

You update a version of an existing application or the operating system.

You change the priority order of applications assigned to one or more Session Hosts.

Changes implemented during a Session Host shut down

If a Session Host requires a new bootable image, the Session Host must remain in a shut down state while the CachePoint

Appliance creates the image. If a user initiates a system restart and the Session Host requires a new bootable image, the


Session Host remains in a shut down state until the CachePoint Appliance finishes creating the bootable image. While this

action is in progress, users can experience a one minute delay in the system restart. They may also notice that the Session

Host is in a powered-off state during this time.

It is important that no one attempts to power on the Session Host while the CachePoint Appliance is creating the

bootable image. Attempting to start the Session Host while the CachePoint Appliance is creating the image can result in

the Session Host not being able to restart.

Example

A user installs a new application on the Session Host. The installation program prompts the user to restart the computer

to complete the installation. After the user clicks OK to restart the computer, she watches the Session Host shut down

and restart. During the restart, the screen is blank. When the screen remains blank longer than usual, the user contacts

the Session Host administrator.

The Session Host administrator logs in to the Unidesk Management Console and notices that status of the Session

Host is Creating image, indicating that the Session Host needs a new bootable image. The administrator asks the user to

wait for a few minutes and explains that changes to the Session Host resulted in the need to create a new system

image.

After a short wait, the Session Host restarts normally.

IP address assignment for Session Hosts

When you create a Session Host, the software uses DHCP to acquire an IP address for it. If you look at the settings for

the Session Host, however, the Internet Protocol settings for the Session Host show that a specific IP address is assigned

to it, as shown in the following illustration. This assignment is normal behavior. Do not change these settings.

How Session Hosts obtain IP addresses

Each time a Session Host boots, a custom DHCP client runs during the early stages of the start-up process. This client is

responsible for renewing or rebinding the current IP address, if possible. If the current IP address is not available, the custom

DHCP client obtains a new address for the Session Host. There is no need for you to change any of the Internet Protocol

properties.

Because the software uses an internal ID, not the IP address, to identify the Session Host, communication is not affected

if the Session Host's IP address changes.

View the Session Host's configuration

Session Host visualization panel

The Session Host Visualization panel provides a graphic display of a Session Host configuration while you create and edit a

Session Host.

As you select layers and settings for the Session Host configuration, the Session Host Visualization panel displays the

layers, in order of priority, and all of the Session Host settings.

The priority order for layers is the order in which the Session Host deployment process applies the layer, from the highest

https://www.unidesk.com/sites/default/files/support/learn/3.4.3_for_Hyper-V/desktop_address.png


priority (applied last) to the lowest.

Session Host views

If you select multiple Session Hosts for editing, you can choose which one to display in the Session Host Visualization panel

of the Unidesk Management Console. Just expand the list at the top of the panel and select a Session Host.

Update a Session Host's applications

Before you start

If you are adding applications to the Session Hosts, make sure the Application Layers you need are available in the Layers

> Application Layers module, and that they use the same OS Layer as the Session Hosts to which you want to assign

them.

Changing a Session Host's properties will create a new bootable image for the Session Host, and it must be in a stopped

state for this task to complete. You can shut down the Session Hosts either before you start editing their properties, or

restart the Session Hosts after you select the new properties.

Assign a new Operating System Layer Version to Session Hosts

You can update the operating system assigned to one or more Session Hosts by creating a new Layer version containing

the operating system update and assigning the new version of the Layer to the Session Host's Collection. As part of this

process, the Unidesk software creates a new bootable image for the Session Host. The Session Host must be stopped for

this task to complete.

The new Layer version is assigned to the Session Host based on the Session Host's maintenance schedule. To view and edit

the Session Host's maintenance schedule:

1. In the Unidesk Management Console, click Session Hosts > Session Hosts and select the Session Host. Or, right-click the

Collection in the Collections module to update all machines in the Collection at one time.

Or, click the Collection to select all Session Hosts in the Collection.

2. Select Edit Session Hosts in the Action bar.

3. In the Maintenance Schedule tab, you can view and edit the deployment method for Session Host changes.

Select or create a maintenance schedule. A maintenance schedule deploys changes during a specif ied time frame. For

more about maintenance schedules, click here.

As soon as possible. This option deploys the configuration changes after you shut down the Session Hosts. Selecting

this option overrides the current maintenance schedule.


specified time elapses. At that time, Unidesk deploys the configuration changes if the Session Hosts are shut down.


4. In the Confirm and Complete tab, enter a comment about the upgrade, if required, and click Update Session Host.If

you enter comments, they appear in the Information view Audit History. Unidesk deploys the configuration changes as

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/desktops-session-hosts-and-collections/manage-unidesk-collections.html




Assign new applications or updates to Session Hosts

You can edit Session Hosts from the Session Host module, or by selecting the Session Hosts' Collection in the Collections

module. The changes will be applied in accordance with the selected maintenance schedule option. Session Hosts are

always restarted during update.

1. Create a new Application Layer or Layer Version.

2. Select the Session Hosts that you want to edit from the Session Hosts module or by selecting the Session Hosts'

Collection in the Collections module.

3. Select Edit Session Hosts in the Action bar.

4. In the Application Assignment tab, expand the item for the application that you want to upgrade and select the

appropriate version.

5. In the Maintenance Schedule tab, select a deployment method for the configuration changes. You can deploy them in

any of the following ways:

Select a maintenance schedule. A maintenance schedule deploys changes during a specif ied time frame. For more

about maintenance schedules, click here.

As soon as possible. This option deploys the configuration changes after you shut down the Session Hosts.



specified time elapses. At that time, Unidesk deploys the configuration changes if the Session Hosts are shut down.


Defer deployment until there are no more sessions or the Session Host is rebooted. A maintenance schedule deploys

changes when the session count becomes zero or when the Session Host is rebooted.

6. In the Confirm and Complete tab, enter a comment about the upgrade, if required, and click Update Session Host.If

you enter comments, they appear in the Information view Audit History. Unidesk deploys the configuration changes as


Edit other Session Host attributes

Before you start

Modifying Session Host properties requires the software to create a new bootable image for the Session Host, and the

Session Host must be in a stopped state for this task to complete. You can either shut down the Session Hosts you are

planning to modify before you start editing their properties, or you can choose to restart the Session Hosts after you

select the new properties.

Session Host settings you cannot change

You cannot change the following settings when you modify a Session Host:





User Data Storage size

Move the Session Host to a different Collection

Requirements

You can move a Session Host to a different Collection as long as the new Collection has the following settings in common

with the Session Host's current Collection:


Select a different Collection for the Session Host

1. In the Unidesk Management Console, select the Session Hosts that you want to edit from the Session Hostsmodule.

2. Click Edit Session Hosts.

3. Select the Collection Reassignment tab, and choose an eligible Collection from the list.

4. Select the Conf irm and Complete tab, and click Update Session Host .

As with any other Session Host edit, selecting a new Collection creates a task that will rebuild the Session Host and move it

into the new Collection at the next Maintenance Window.

Change the Session Host name

When you create Session Hosts, you either enter a name for it or allow the system to generate names for you. The Session

Host name must be unique to the host that is storing it and adhere to the following standards: When the software creates

the Session Host, it uses the specified or generated name as follows:

Uses the name for the Session Host that the Unidesk Management Console displays.

Creates a virtual machine with the specif ied name.

Uses the name as the DNS name assigned to the virtual machine in the virtual infrastructure.

Uses the name as the Windows machine name.

If you change the name of a Session Host after you create it, the change affects only the name that the Unidesk

Management Console displays. The virtual machine name, the DNS name associated with the Session Host, and the

Windows machine name do not change. If you want the names to match, you must change the names manually.

To change the name of a Session Host:

1. In the Unidesk Management Console, select the Session Hosts that you want to edit from the Session Hostsmodule.

2. Click Edit Session Hosts.

3. Select the Session Host Details tab, and change the Session Host Name.

4. Select the Conf irm and Complete tab, and click Update Session Host .

Configure a network connection for Session Hosts

By default, the setting for a Session Host's network connection is the same as the network assigned to the gold image

that you used to create the Operating System Layer.

Depending on the organization of your virtual infrastructure, you may want to configure specific Session Hosts to use

different network connections.


You can set the network connection when you create Session Hosts or you can change the network connection for

deployed Session Hosts.

1. In the Unidesk Management Console, select the Session Hosts that you want to edit from the Session Hostsmodule or

by selecting the Session Hosts' Collection in the Collections module and click Edit .

2. In the Session Host Details tab, select different values for the Virtual Switch and VLAN Tags, as needed. If you need to

add new VLAN Tags, click the Manage button and use the wizard to do so.

3. Complete the create or edit task.

4. If you modif ied an existing Session Host, restart it to ensure the changes take effect.

Change the Physical Attributes of a Session Host

You can change the physical settings of the virtual Session Host at any time. For example, if you are installing an application

that requires additional memory, you can adjust these settings, as required.

1. In the Unidesk Management Console, select the Session Hosts that you want to edit from the Session Hostsmodule or

by selecting the Session Hosts' Collection in the Collections module.

2. Select Edit in the Action bar. The Edit Session Host wizard opens.

3. Select the Session Host Settings tab and change the settings as necessary.

Restart or shut down a Session Host

Restart Session Hosts

Use the Restart/Shut Down action in the Session Hosts module to start a Session Host that is shut down or to have

changes to the Session Host take effect.

During the restart process, the Unidesk software instructs the virtual infrastructure to perform a clean shut down of the

virtual machine, if it is still running, and then starts it again.

Before you start

Before restarting a Session Host, verify that the screen saver is disabled. The Session Host does not shut down properly if

the screen saver is enabled.

During a restart

If you make changes to a Session Host while it is running (for example, you change the application assignment), the

software will wait for the Session Host to shut down before completing the tasks required to create a new bootable

image for the Session Host.

When you initiate a restart of a Session Host, the software deploys the queued changes once the Session Host shuts

down. After building the new bootable image, the software initiates the restart.

You can monitor the detailed view of the Restart task in the Task bar to see the sub tasks related to creating the new

bootable image.

Steps

1. Select Session Hosts and select one or more Session Hosts.


2. Select Restart/Shut Down in the Action bar. This opens the Shut Down wizard.

3. In the Restart or Shutdown tab, select the Restart option.

4. In the Confirm and Complete tab, enter a comment that explains why the restart is necessary, if required.If you enter

comments, they appear in the Information view Audit History.

5. Click Restart/Shutdown Session Host . The Unidesk software causes the virtual infrastructure to restart the

appropriate virtual machines.

6. Monitor the Task bar to see when this task completes. If the software needs to create a new bootable image for the

Session Host, the restart takes a few extra minutes to complete.

7. When the restart task completes, notify the end users that their Session Hosts are available for use.

Shut down Session Hosts

Use the Restart/Shut Down action in the Session Hosts module to shut down a Session Host.

You may need to shut down Session Hosts for maintenance purposes, to update a Session Host's configuration, or to

prevent end users from selecting a specific Session Host.

Before you start

Before shutting down a Session Host, verify that the screen saver is disabled. The Session Host does not shut down

properly if the screen saver is enabled.

Steps

1. Click Session Hosts , select the Session Hosts you want to shut down, and click Restart/Shut Down. This opens the

Shut Down wizard

2. In the Restart or Shutdown tab, select Shut Down. If the selected Session Hosts are integrated with a connection

broker, the Put in Maintenance Mode option becomes active.

3. If you do not want to put the Session Hosts in Maintenance Mode, clear Put in Maintenance Mode.

4. If needed, enter a comment that describes why the shutdown is necessary. If you enter comments, they appear in the


5. Click Restart/Shut Down Session Host .

During a shutdown

If you make changes to a Session Host while it is running (for example, you change the application assignment), the

software will wait for the Session Host to shut down before completing the tasks required to create a new bootable

image for the Session Host.

When you initiate a shutdown of a Session Host, the software deploys the queued changes once the Session Host shuts

down. You can monitor the detailed view of the Shut Down task in the Task bar to see the sub tasks related to creating

the new bootable image.

Delete a Session Host

Delete one or more Session Hosts


1. Select the Session Hosts tab, and then the Session Hosts subtab.

2. Select one or more Session Hosts.

3. Select Delete in the Action bar. This opens the Delete Session Host wizard.

4. In the Confirm and Complete tab, verify that the list of selected Session Hosts is correct.

5. Enter a comment that explains why the deletion is necessary, if required.

6. Click Delete Session Hosts. The Session Hosts are deleted.

7. Monitor the Task bar to see when this task completes.


Manage Unidesk Collections

Jun 28 , 2017

You can browse and search, edit, or delete Collections.

Browse and search Unidesk Collections

Search for Collections

1. In the Unidesk Management Console, select Desktops > Collections or Session Hosts > Collections.

2. Search by a word in the Collection name:

1. Type a word in the Search box and click Search.

3. Search by a specif ic Operating System Layer and Version

1. Click the Down-arrow next to the Search button to open the Advanced Search window.

2. Enter the Operating System Layer name.

3. Enter the Layer version (optional).

4. Click Search.

View the Unidesk Machines (Desktops or Session Hosts) in one or more Collections

You can quickly see which Unidesk Machines are in one or more Collections. This is especially helpful when you have large

numbers of Unidesk Machines and Collections, and you want to browse or search on a more manageable number

of Unidesk Machines.

To view the Unidesk Machines in one or more Collections:


2. Select the Collection whose Unidesk Machines you want to see, and click View Desktops or View Session Hosts. To

select more than one Collection, use CTRL-Click. This displays the Desktops or Session Hosts tab with only the Unidesk

Machines belonging to the selected Collection(s).

View and Edit Unidesk Collection Details

View Unidesk Collection Details

You can view detailed information about a Collection, including the Collection Name, broker, Collection Type, description,

Desktop or Session Host count, and Audit History.


2. Click the i on the Collection icon to see the details.

Edit a Unidesk Collection

You can change the settings for a Unidesk Collection by editing it.

To edit a Unidesk Collection:


2. Select the Collection, click Edit Collection, and change the following settings, as needed.

Name and Description tab - Edit the description. Select a different icon for the Collection.

Broker and Entitlements - Change the Groups and Users entitled to access this collection. To see a list of entitled


users and groups, check the Visualization panel to the right.

OS Assignment - Choose a different version of the Operating Layer for this collection. (You cannot change

the Operating System Layer itself , just the version.) Expand the Layer to see the versions that have been added.

3. On the Confirm and Complete tab, click Update Collection.

Delete a Unidesk Collection

Before you start

Before you can delete a Unidesk Collection, the Collection must not contain any Desktops or Session Hosts. If there are

any Desktops or Session Hosts in the Collection you must remove them.

Delete a Unidesk Collection

To delete a Unidesk Collection:


2. Select the Collection and click Delete.

3. On the Confirm and Complete tab, verify that you've selected the correct Collection, and type a comment (optional).

4. Click Delete Collection.


Use Windows Remote Assistance to manageDesktops

Jun 28 , 2017

Windows Remote Assistance provides a mechanism included with Microsoft Windows to provide help desk, remote control

support for Windows Desktops. Remote Assistance is enabled using Group Policy Objects and the client is accessed from

Windows Help. In this article we will outline options for designing the Remote Assistance process as well as the steps

requires to deploy and use Remote Assistance in your organization.

To learn more about the Windows Remote Assistance feature, see these Microsoft articles:

Offering Remote Assistance

Step by Step Guide to Remote Assistance

Turn Remote Assistance On

Remote Assistance is enabled by configuring the Remote Assistance Policies found in ComputerConfiguration>Administrative Templates>System>Remote Assistance. The configurable policies are:

1. Allow only Vista or later connections

2. Turn on session logging

3. Turn on bandwidth optimization

4. Customize warning messages

5. Solicited remote Assistance

6. Offer remote Assistance

The two settings that are required are 5 and 6.

http://technet.microsoft.com/en-us/library/cc505914.aspx

http://technet.microsoft.com/en-us/library/bb457004.aspx


These settings can be defined in the OS Layer or an application Layer or as a Domain GPO. I would recommend using email

if using 5- Solicit or Easy Connect if using 6-Offer.

Solicited Remote Assistance

With solicited Remote Assistance the user initiates the session. This can be performed using email or by saving a file to a

share. Email is probably the best method to transport the invitation file. to the support representative. To configure

Solicited Remote Assistance via email update the GPO settings as seen below:

Unsolicited Remote Assistance

Most organizations will likely want to enable unsolicited remote assistance. In this model, the support representative enters

the computer name into the Remote Assistance tool and it connects directly to the Desktop. The user must accept

assistance and accept remote control if that is desired.

To enable unsolicited Remote Assistance, modify the Offer Remote Assistance GPO settings as seen below:


Remember to add your "Help Desk" Active Directory group into the helpers dialogue. Click 'Show" next to Helpers and enter

Domain\Group.

Use Remote Assistance to manage Windows 7 Desktops

Remote Assistance is very easy to use. However initiating the connection from the user side is much harder than doing so

from the support side. Both methods are discussed here. Administrators will want to create shortcuts with the appropriate

command line to make it easy to initiate a session.

Solicited Remote Assistance

The process to initiate a session from the user side is as follows:

1. User opens the Remote Assistance shortcut

2. This open an email with the invitation attached

3. User adds the support representative email address and sends email

4. Support rep receives email and opens invitation

5. User reads password to support rep

6. Support rep type password into utility

7. User accepts the connection

8. Support rep requests control as desired

9. User assents to control

You can see this method has many steps.

To keep it this short, you must create a shortcut to run the Remote Assistance utility directly jumping to the email

attachment. To do this, create a shortcut in the desired location with a command line of "msra.exe /email". When opened


this will directly create the invitation opened in an email. The shortcut should be installed in the same Layer where you add

the GPO settings if using a Layer, or just on the Operating System Layer if using a Domain GPO.

Unsolicited Remote Assistance

This is by far the easier method. The process to initiate a session from the user side is as follows:

1. Support rep opens the Remote Assistance utility

2. Support rep types in the users computer name

3. The user accepts the connection

4. Support rep requests control as desired

5. User assents to control

To keep it this short you must create a shortcut to run the Remote Assistance utility on the support reps computer directly

opening the Remote Administration utility to the request computer name form.. To do this create a shortcut in the desired

location with a command line of "msra.exe /offerRA".


Edit Layer and Collection icons

Jun 28 , 2017

When you create or edit an Operating System Layer, Application Layer, or Collection, you can assign an icon to it. Icons help

to identify these items in the Unidesk Management Console.

About editing and assigning icons

When using the Create or Edit wizard for any Layer or Collection, the Icon Assignment tab gives you the opportunity to:

Choose an icon: Use the default icon, choose another icon from the included samples, or upload a custom icon.

Delete an icon you no longer need.

NoteIcons are automatically assigned to Session Hosts and Installation Machines from the appropriate Collection or OS Layer,

respectively.

Default icon

Unidesk uses the following icon by default when you create a Layer or Collection, or delete an icon that is in use.

Recommended icon specifications

The following image specifications are recommended for Unidesk icons. Although other sizes and resolutions are supported,

the file type must be PNG or JPG.

Specif ication Details

File type PNG or JPG

Size 64 x 64 pixels

Resolution 96 DPI

Assign or delete an icon

Preview an icon

You can preview a custom icon before applying it:


For best results, adjust your icon image to conform to the Recommended icon specifications above.


2. Select the icon image you want to upload and click Open. The image appears along with the other icons, and a preview

is displayed on the right.

Upload an icon

You can upload a custom icon to add to your collection:

1. Adjust your icon image to conform to the Recommended icon specif ications above.


3. Select the icon image you want to upload, and click Open. The image appears in the icon collection, and a preview of the

icon as it will appear on the selected Layer is displayed on the right.

Note: If you browse and select an icon, but then choose a different one for your Layer, the f irst one you had selected

will not be uploaded. The icon is only uploaded once you have f inalized the Confirm and Complete tab.

4. To complete the upload, use the Confirm and Complete tab to f inalize the wizard.

Delete an icon

You can delete an icon, and it will be removed from the database.

Note: The software does not let you delete the following icons shipped with the system:

If the icon is in use by any Layer or Collection, you will receive a warning, and the default icon will be used in its place.

1. In the Icon Assignment tab, select the icon you want to delete.

2. Click the Delete button. This immediately removes the icon from the database, even if you do not complete the wizard.

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/desktops-session-hosts-and-collections/edit-layer-and-collection-icons.html#icon-specs

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/desktops-session-hosts-and-collections/edit-layer-and-collection-icons.html#icon-specs


Schedule Desktop or Session Host maintenance

Jun 28 , 2017

A maintenance schedule controls when a Unidesk administrator deploys layer assignment changes or configuration changes

that require a rebuild of the bootable image. A maintenance schedule includes one or more maintenance windows, or time

periods, within which Unidesk can shut down Desktops or Session Hosts and deploy configuration changes to them. When

configuring this window, you can specify whether or not to wait for users to log off before shutting down the Desktops or

Session Hosts.

About maintenance schedules

Unless you configure the settings, Unidesk assigns a default maintenance schedule to all Desktops or Session Hosts when

you create them. You can modify the system default maintenance schedule but you cannot delete it. If you don't want to

use the default maintenance schedule, you can create custom maintenance schedules and use them instead.

You create or edit maintenance schedules using the System > Settings and Configuration options. Once you have

created a maintenance schedule, you can assign it to any Desktop or Session Host when you create or edit the Desktop or

Session Host.

NoteThe time that maintenance schedules use is based on the system clock of the Management Appliance. The system clock on

Desktops, Session Hosts, or CachePoint Appliances does not affect maintenance schedules.

What happens during a maintenance window?

During a maintenance window, Unidesk:

Determines whether any of the Desktops or Session Hosts using the maintenance schedule have outstanding

configuration changes.

Unidesk includes all outstanding configuration changes when it rebuilds the Desktop's or Session Host's bootable image.

Therefore, if you edit the Desktop or Session Host multiple times before a maintenance window occurs, Unidesk

incorporates all of these changes into the new bootable image.

Starts to shut down these Desktops or Session Hosts (if they are not already shut down) and rebuild their bootable

images.

Unidesk shuts down four Desktops or Session Hosts at a time on each CachePoint Appliance and starts rebuilding the

bootable images for these Desktops or Session Hosts. As one rebuild completes, Unidesk shuts down the next Desktop

or Session Host in its queue and starts to rebuild its bootable image.

When a maintenance window ends, deployment tasks that are already in progress continue until complete. If Unidesk did

not have sufficient time to start all of the outstanding deployment tasks, it waits until the next maintenance

window occurs and starts those tasks during that time.

Maintenance schedule overrides


You can override a maintenance schedule in the following ways:

Deploy changes as soon as possible.

Unidesk tries to start the deployment tasks as soon as it can, instead of waiting for a maintenance window to

occur.Unidesk shuts down the Desktops or Session Hosts and deploys the configuration changes, even if users are still

logged on to the Desktops or Session Hosts.

Deploy changes at a specified time.

Unidesk deploys the changes after the specified time occurs instead of waiting for a maintenance window to occur. At

that time, Unidesk shuts down the Desktops or Session Hosts and deploys the configuration changes, even if users are

still logged on to the Desktops or Session Hosts.

Deploy changes after the user logs off or restarts a Desktop or Session Host.

This option allows the user to control when Unidesk deploys configuration changes. Unidesk waits for the first time

when a user logs off or restarts the Desktop or Session Host, instead of waiting for a maintenance window to

occur.Unidesk deploys the configuration changes as soon as the user logs off or restarts the Desktop or Session Host.

After you select a maintenance schedule override, it remains in effect until the next time Unidesk rebuilds the bootable

images for the Desktops or Session Hosts. Afterward, the selected maintenance schedule applies to future changes.

Effect of shutting down Desktops or Session Hosts outside of a maintenance schedule

If you shut down Desktops or Session Hosts outside of the time periods specified in a maintenance schedule, Unidesk does

not deploy pending configuration changes unless you select one of the maintenance schedule override options.

Instead, Unidesk waits until the next maintenance window in the schedule occurs before starting the deployment tasks.

For example, if the maintenance schedule for a Desktop specifies that deployment tasks should occur between 6 PM and

11 PM and you shut down the Desktop at 5 PM, Unidesk waits until 6 PM occurs before starting deployment tasks for that

Desktop.

Configure maintenance schedules and windows

Create a maintenance schedule

You can create or edit maintenance schedules by using System > Settings and Configuration. Once the maintenance

schedule has been created, you can assign the new maintenance schedule to Desktops or Session Hosts when you create

or edit them.

To create a maintenance schedule.

1. Select System > Settings and Conf iguration and scroll to the Maintenance Schedule Configuration options, and click

Add. This opens the Create Maintenance Schedule window.

2. Enter a name for the schedule.

3. Add a maintenance window.

1. Click Add below the Maintenance Windows box.

2. Select the start and end day for the maintenance window. If you want to constrain the maintenance window to a

single day, select that day as both the start and end day. For example, selecting Monday through Monday defines a

maintenance window for that day only.

3. Select the start and end time for each day in the maintenance window.


4. Click Apply.

5. Repeat these steps to add additional maintenance windows.

4. For Desktops, specify when you want Unidesk to deploy configuration changes during a maintenance window (not

applicable for Session Hosts):

After the user is logged off for at least 10 minutes: If you select this option, logged-on users must log off and

remain logged off for at least 10 minutes before Unidesk deploys configuration changes to those Desktops or

Session Hosts. If a user remains logged in, Unidesk waits for the next maintenance window before it tries to deploy

the configuration changes. Unidesk deploys configuration changes to any selected Desktop that has no active users.

As soon as possible: If you select this option, Unidesk shuts down Desktops or Session Hosts and deploys the

changes, even if users are still logged on.

5. Click Create.

6. Complete the wizard to save the new maintenance schedule.

Specify a custom maintenance schedule for selected Desktops or Session Hosts

Use the System > Settings and Configuration module to create a custom maintenance schedule. After you create a

custom maintenance schedule, you can assign it to any Desktop or Session Host in the Unidesk environment.

To assign a custom maintenance schedule to a Desktop or Session Host, do the following:

1. Create a new maintenance schedule using the System > Settings and Conf iguration options as described in Create a

maintenance schedule.

2. When creating or editing a Desktop or Session Host, select the Maintenance Schedule tab.

3. On the Maintenance Schedule tab, select the new maintenance schedule from the list.

4. Complete the wizard to save the new maintenance schedule. The wizard does not save the new maintenance schedule

until you complete the wizard.

View maintenance schedules


2. Navigate to Maintenance Schedule Configuration.

3. Select a maintenance schedule from the list. The schedule displays the Maintenance schedule name and the

Maintenance windows.

Schedule Desktop or Session Host maintenance

Once created, you can assign a maintenance schedule to any Desktop or Session Host, and manage the schedule using

System > Settings and Configuration.

Modify a maintenance schedule

Use the following procedure to modify the maintenance windows in a maintenance schedule.

1. Select System > Settings and Conf iguration, scroll to the Maintenance Schedule Configuration options and select

the schedule you want to modify from the schedule list.

2. Click Edit .

3. Click Modify. This action opens the Modify Maintenance Schedule window.

4. If you want to change the name for the schedule, enter a new name for the schedule.

5. Select a maintenance window that you want to change and click Modify.

6. Select the days of the week and the time frame for the maintenance window. If you want to constrain the

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/desktops-session-hosts-and-collections/schedule-desktop-or-session-host-maintenance.html#create-maintenance-schedule


maintenance window to a single day, select that day in both day lists. For example, selecting Monday through Monday

defines a maintenance window for that day only.

7. Click Apply.

8. Click Save.

Add maintenance windows to a maintenance schedule

Use the following procedure to add maintenance windows to a maintenance schedule.

1. Select System > Settings and Conf iguration, scroll to the Maintenance Schedule Configuration options and select a

schedule from the schedule list.

2. Click Edit .

3. Click Modify. This action opens the Modify Maintenance Schedule window.

4. Click Add.

5. Select the days of the week and the time frame for the new maintenance window. If you want to constrain the

maintenance window to a single day, select that day in both day lists. For example, selecting Monday through Monday

defines a maintenance window for that day only.

6. Click Apply.

7. Click Save.

Delete a maintenance window in a maintenance schedule

Use the following procedure to delete a maintenance window in a maintenance schedule.

1. Select System > Settings and Conf iguration, scroll to the Maintenance Schedule Configuration options and select a

schedule from the schedule list.

2. Click Edit .

3. Click Modify.

4. Select one or more maintenance window windows and click Delete.

5. When prompted to confirm whether you want to delete the selected windows, click Save.

6. Complete the wizard to save the changes.


Unidesk for Hyper-V Backup and Recovery

Jun 28 , 2017

This document explains how to back up and recover Unidesk appliances and Persistent Desktops.

Backups for the Management Appliance and Master CachePoint Appliance

Basic recovery for these components can be achieved by creating backups of the files that make up the Management

Appliance and Master CachePoint Appliance on the Hyper-V host where they were installed using a frequency that is based

on the desired RPO. The Management Appliance is fairly small and easy to back up. The size of a Master CachePoint

Appliance can be between 120 GB and 250 GB or more. Creating full backups for CachePoint Appliances takes longer than

backing up the Management Appliance.

There are many options for backing up by using backup products designed for Windows Server 2012 R2. You can use

Windows Server Backup which is included with Server 2013 R2. Of course, you can also use third party products like VEEAM

to do your backups with more options but beware many virtual machine backup products may not be suited to backup

layer disks used by Unidesk because they are not uniquely attached to a virtual machine.

Management Appliance Backup

The management appliance is a normal virtual machine, it can be backed up by backing up the file system of the Hyper-V

server it is installed on or using a VM image backup.

Master CachePoint Appliance Backup

The Master CachePoint Appliance is a normal virtual machine but it also manages the master copy of all the layer disks in

Unidesk. Therefore to properly backup the MCP you must also backup these extra disk files.

Backup File Structure

Looking at the drive used for Unidesk in Hyper-V. First under the MCP Name is the appliance virtual machine.

Then, under the UnideskLayers folder we have all of the layer disks for that CP and in the case of the MCP it is the master

copy of all the layer disks.


To properly backup the MCP you must back up both of these. The easiest way to do this is to back up the file system

rather than backing up the MCP as a VM and then adding in the UnideskLayers folders from the file system though that is

possible.

Backups for secondary CachePoint Appliances

How you decide to back up desktops and CachePoint Appliances depends a great deal on your RTO and whether you can

provide a recovery desktop immediately while you recover the user’s normal desktops.

Recovery of a CachePoint Appliance

In order to recover a CP appliance and the desktops managed by that appliance in Hyper-V you must make regular backups

of the appliance and the User folders. The OS and App layers can be copied from the MCP if necessary but you will want

to document which layers you need. Unidesk has reporting tools to help with this.

Recovery of a CachePoint Appliance and Its Desktops using SAN snapshots

If your organization’s RTO is very short (for example, one hour), recovering an entire CachePoint Appliance and its desktops

from a backup is impossible. In this case, the only viable option is to use SAN-based snapshot technology for the

CachePoint appliance and its CP and Boot Volumes/Folders. This approach allows you to recover back to the latest

snapshot very quickly. Just remember that the Management Appliance database must be in sync with the snapshot. You

should create snapshots on a frequent enough basis to ensure that you don't have to use a very old snapshot, ensuring

that Management Appliance database will still match the database on the CachePoint Appliance after it is restored.

If you lose desktops from the CachePoint Appliance after completing a snapshot restore you should be able to delete the

object in the UMC and then recreate the desktops.

Unidesk Persistent Desktop and Session Host Backups

To back up Unidesk Persistent Desktops or Session Hosts, there are two separate disks that should be backed up for each

Desktop or Session Host; the boot disk and each UEP disk. These disks are located in two places. Boot disks are located

the folder you defined for boot disks and the UEP disk is stored under UnideskLayers\User folder structure as seen below.


NoteYou should not use Hyper-V checkpoints to save the state of a Persistent Desktop or Session Host, either manually or via a backup

product. Starting in 3.1, when a Persistent Desktop or Session Host is edited, all checkpoints will be deleted, and the changes they

contain will be merged into the machine's Personalization Layer.

Recovery of a single Desktop or Session Host

Recovery of a single Desktop or Session Host is easy as long as it is still available in the UMC. Just restore the two vhdx files

that make up the writable portion of the Desktop or Session Host (see the beginning of this section), then REBIC the

Desktop or Session Host.


Backup Example Using Windows Server Backup

Jun 28 , 2017

Windows Server Backup (WSB) is an included product with Server 2012 R2. WSB offers the ability to backup the Windows

Server itself as well as the Unidesk virtual appliances and virtual desktops. If a low RTO is desired consider backing up the

entire Windows server as well as the Unidesk appliance and desktop components.

If you only need backups in order to recreate virtual desktops without redoing all the work done to create the

infrastructure and layers you can choose to just backup the Unidesk Management Appliance and MasterCachePoint

including the UnideskLayers folder. This would allow you to restore these files on a new Hyper-V host, import the

appliances and then create and manage new or existing Desktops or Session Hosts if they are on hosts/storage that did

not fail.

WSB can be configured to write to a locally mounted volume or a network share. When using a locally attached volume

there are two operational modes possible; one where backup owns the entire volume and one where the backup shares

the volume. If the backup is allowed to own the volume then block level incremental backups are possible so that you can

restore back to any previous backup. If the entire volume is not dedicated to backup then only a single backup is retained.

If you choose to backup to a Windows Share only a single backup is retained as well.

Installing Windows Server Backup

There are two ways to install the backup utility. You can add the Windows Server Essentials Experience Role, then add the

Windows Server Backup feature or you can use PowerShell to just install Windows Server Backup directly.

The PowerShell command is: Install-WindowsFeature Windows-Server-Backup.

Setting up the backup

The first step in setting up the backup after installing the software is to create a volume or share to backup to. In my lab I

created a new LUN and masked the LUN to my Hyper-V host. I then opened Windows Server Backup and clicked on

Backup Schedule to define the backup.

On the first screen choose custom


Then in select items for backup choose the folders for the MA and MCP if you are backing up only the MA and MCP. If you

are backing up a Secondary CP choose the folders for the CP Appliance which will include the CP itself and all of the layers

and include the boot drive location you defined when you created the CP. This will of course backup the boot disks. If you

do not want to back up the APP and OS layers for a secondary CP you can add exclusions for these folders in the

advanced settings tab of the selection dialog.

First select the items to back up

If you are backing up an SCP and you decide not to backup the layers then you must do two things. First document which

layers have been deployed to the CP on a regular basis and add an exclusion to not back up the layers.

To add an exclusion click on advance settings then Exclusions and Add Exclusion.

Then choose backup times. Here you can choose once a day or multiple times a day. If you want to backup the MA and

MCP less frequently choose once a day and then edit the scheduled task created for the backup after completing the

process.


Next you specify the location type that matches your plan. The first option dedicates the entire LUN or drive to backups

and allows for multiple backups to be kept. The second choice works the same way but it can share the drive. The second

option runs slower. The third option is for storing backups on a file share. Using this option you will only have one copy of a

backup.

If using a volume you will see


That’s it. Now wait for a backup to run and check the status.

Recover the MA, MCP or a Secondary CP

How you approach recovery of the MA and MCP depend on the failure scenario. If for some reason the appliance

becomes corrupted you can just restore the files from backup. If you have to recover the entire host. You will first recreate

or recover the host. If you have used bare metal backup and have restored everything on the C drive including the Hyper-V

configuration then you can restore the files for the MA and MCP and everything will work. If you are backing up Secondary

CPs you will want to use this option otherwise adding all the desktops back in to Hyper-V will be very difficult.

If you are creating a new Hyper-V host and installing Hyper-V from scratch then you will also install the Unidesk Hyper-V

Agent (setup_Unidesk_Hyper-V_Agent.exe) from the Unidesk Installation media and then restore the MA and MCP from

backup. Then import both appliances back into Hyper-V.

If you have restored the entire host or created a new host and need to import a secondary CP and its desktops, we provide

a utility called the “Unidesk Hyper-V Load Utility”. This utility will read throught the boot drive folder and add import all the

desktops it finds into Hyper-V.

To restore the MA and MCP from backup follow this procedure.

Select Recover.

Choose this server.

Caricature

Choose the desired date and time of the backup if you have a choice.


Select Files and Folders.

Here you can specify the folder for the MA or the MCP or the root of both to restore both.

Then choose to overwrite the existing files in the original location.


Make sure that the selected paths are correct and perform the recovery operation. Remember to also create the boot disk

folder if this was not included in the backup/recovery path.

Recover a Desktop or Session Host

To recover a single Desktop or Session Host from backup you will be restoring just the three disks that make up the

writable portion of a desktop. These are the boot disk and the personalization disk. This assumes the Desktop or Session

Host is still defined in Hyper-V and all we want to do is to roll back to an earlier version of the machine.

Note to perform this operation, you must backup the Desktop or Session Host servers and Secondary CPs.

Select Recover.

Choose this server.


Select Files and Folders


Under Items to recover first select the UEP disk under UnideskLayers\User

Then choose to overwrite the existing files in the original location

Ensure the confirmation screen looks correct then recover the UEP disk.


Now perform the process again for the boot disk.

Then you can start the desktop, log in, and test.

Unidesk Hyper-V Load Utility

If you have a whole host failure and you do not keep bare-metal backups to recover from, you can still recover the Unidesk

MA, CP and Desktops from backup. Create a new Hyper-V host. Use the same hostname as the failed host. Install the

Unidesk Hyper-V agent. Restore the Boot folder and CP appliance folder from backup. Then use the Unidesk Hyper-V Load

Utility to import the applances and desktops from the storage folders.

To install the utility download the zip and first check its properties to “unblock” the file if it is blocked.


On the Hyper-V server that you will restore on, create a folder off the root of the C drive with no spaces in the name and

unpack the zip file into that folder.

Then run the utility as administrator (LoadDesktops.exe).

Choose get for the desired folders then click save to save this information to the files used by the scripts. Then you can

either test or run. Test will create a log of what the utility would do if it were run but it will not import any VMs. Press run

when you are ready to import the appliances and desktops.



Jun 28 , 2017

Manage Hyper-V hosts

Manage appliances

Manage network storage

Open firewall ports for Unidesk


http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/hosts-and-appliances/manage-hyper-v-hosts.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/hosts-and-appliances/manage-appliances.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/hosts-and-appliances/manage-network-storage.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/hosts-and-appliances/open-firewall-ports-for-unidesk.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/hosts-and-appliances/unidesk-for-hyper-v-backup-and-recovery.html


Manage Hyper-V hosts

Jun 28 , 2017

You can add a Hyper-V host to the Unidesk environment, and then configure your CachePoint Appliances to use the new

host. If this is a new Unidesk deployment, follow the instructions for Installing Unidesk appliances.

Before you start

Unidesk requirements

Once you have the required hardware in place, please be sure to meet the following detailed requirements before running

the Unidesk Installer.

Windows Server 2012 R2 system (with Hyper-V Role enabled), or Hyper-V Server 2012 R2.

The .NET Framework 4.5 Features selected on the server.

Credentials required

You need the credentials for the server Administrator. You can either log in as Administrator or as a User with Administrator

privileges.

Port opened by the Unidesk Installer

The Unidesk Installer opens a port on the local server's firewall for the TCP protocol. This port is used for communications

between the Hyper-V Agent service and the Unidesk Appliances. By default this is port 8014, but you can change the port

number during installation.

Use host names in the Unidesk environment

You can set up your environment to use host names in addition to IP addresses so that a change in an IP address will not

affect communications between the Management Appliance and its CachePoint Appliances.

If you set the host name on your Hyper-V server, Unidesk will automatically use it instead of the IP address. Then the IP

address can change without causing any problems, as long as the host name does not change.

Similarly, if you set a host name for you MA and use it when you register the host (via the Unidesk installer, or manually as

described next) then you can change the IP address of the MA without issues, as long as the host name does not change.

Add and remove Hyper-V hosts

Add a new host to the environment

You can add a new host to the environment by installing the Unidesk Hyper-V Agent on the server, and registering the host

with your Management Appliance.

1. Download the Hyper-V Agent Installer from the Unidesk Hyper-V Download Center onto one of the local drives on your

new Hyper-V server.

2. Run the installer and when prompted, enter the host name or IP address of your Management Appliance. This installs the

Hyper-V agent on the host, and registers the host with the Management Appliance.

3. If the host is being added to a cluster, the Unidesk Management Appliance must be restarted to recognize the cluster

configuration change.



Remove a host f rom the environment

Requirement

Before you can delete a host, any appliances or Unidesk Machines (Desktops or Session Hosts) running on it must be

removed.

Delete a host

1. Log into the Unidesk Management Console, and select System > Manage Appliances.

2. Click Remove Hosts. Hosts that are not in use for Unidesk appliances or Unidesk Machines are active on the list. Others

are crossed off .

3. Select the host(s) to delete and click Remove.

4. On the Conf irm and Complete tab, verify the selected hosts, and click Remove Hosts.

5. If the host is being removed from a cluster, the Management Appliance must be restarted to recognize the cluster

changes.

Manage host IP address changes

Troubleshooting issues due to host IP address changes

If the Management Appliance IP address changes

Issue: Things will continue to operate, but you may not see some updates from the Hyper-V agent, for example,

updates about storage being added or removed.

Solution: To avoid problems, simply restart the Management Appliance.

If the Agent IP address changes

Issue: The Management Appliance will not be able to communicate with the agent, so it won’t be able to deploy or edit

Unidesk Machines among other issues.

Solution: Restart the Agent (or reboot the Hyper-V server).

If both the Management Appliance and Agent IP addresses change

Issue: The Management Appliance will not be able to communicate with the agent, so it won’t be able to deploy or edit

Unidesk Machines among other issues.

Solution: Re-register the Agent with the Management Appliance, as described below.

Re-register a host with the Management Appliance, if needed

You can avoid the need to re-register hosts with the Management Appliance by setting up your environment to use host

names, as described earlier in this topic. If you are not using host names, and the Unidesk Hyper-V Agent loses

communication with the Management Appliance, you can recover communications. The way to do this depends on which

IP address changes.

If both the Management Appliance and Agent IP addresses change, you can re-register the host with the Management

Appliance.

Open a new command prompt as Administrator.

Change to the directory:

1.

2.


C:\Program Files (x86)\Unidesk\Hyper-V Agent

Run the command:

Uni.HyperVAgent.exe register /m:MA-IP-address /u:username-for-UMC /i

Where username-for-UMC is the name of a Unidesk Management Console user.

Enter the UMC password for the specified user when prompted.

Command COPY

3.

Command COPY

4.


Manage appliances

Jun 28 , 2017

After you deploy and power on the Management Appliance and CachePoint Appliances, you can edit settings for each of

them, mainly using the Linux command line. If you are not comfortable using this command line, please contact Support for

assistance. For CachePoint Appliances, you can also edit the name and boot image location where new Unidesk Machines

(Desktops or Session Hosts) will be created.

Configure log file retention

You can configure the retention settings for the virtual appliance Log files.


2. In the Log File RetentionSettings box, click Edit .

3. Enter the number of days to retain logs on the system.

4. Enter the maximum disk space size, in MB, for all logs.

5. Optionally, enter a comment that describes the changes you made. If you enter comments, they appear in the


6. Click Save to save the new changes or click Cancel to exit Edit mode without saving any changes.

Monitor the Health of your Unidesk Appliances

View the status of your Unidesk appliances

1. Select System > Manage Appliances to monitor the status and health of the Unidesk virtual appliances.

2. Click i next to the name of the Management Appliance to view appliance details.

CachePoint Appliance status messages

The following table provides information about the status messages for the CachePoint Appliance.


Status Description

Not

provisioned

A virtual appliance does not exist yet. This status indicates that a configuration issue may exist.

This condition can occur on the Master CachePoint Appliance the first time you log in to the Unidesk Management

Console if the initial provisioning tasks are still in progress.

It can also occur if the task that creates the virtual appliance fails. In that situation, you need to edit the CachePoint

Appliance to finish provisioning it.

Never

started

A virtual appliance exists but provisioning is not complete and the virtual appliance is not running. This status indicates

that the final provisioning steps are not complete or an operational issue may exist.

This condition can occur during provisioning while the CachePoint Appliance is formatting its cache and preparing to

start for the first time.

Started, no

health status

The CachePoint Appliance was running for less than three hours, which is not enough time to collect and report

meaningful performance information.

RunningPerformance for this CachePoint Appliance is within acceptable operational limits. You can continue to assign Unidesk

Machines to it.

Not

operational

The CachePoint Appliance is powered off or completely nonfunctional. No other Unidesk components can

communicate with it.

Manage a CachePoint Appliance

Edit CachePoint Appliance properties

CachePoint name - Changing the name of the CachePoint will also update the name of the CachePoint virtual machine, as

it appears in the Hyper-V manager, but it will not change the location of the CachePoint virtual machine files and Layers.

Boot image location - Changing the location of the boot image will change the location in which all future Unidesk

Machines are created. Changing the boot image location does not alter the location of existing Unidesk Machines. Unidesk

Machines created using the previous location will continue to be manageable by Unidesk.

To edit CachePoint properties, do the following:

1. Log in to the Unidesk Management Console.

2. Select System > Manage Appliances.

3. Select the CachePoint Appliance to edit, and select Edit Properties. This opens the Edit CachePoint wizard.

4. Change the name as needed.

5. Choose a new location for Unidesk Machines boot images, as needed.

6. In the Confirm and Complete tab review the settings that you have specif ied and if you would like, enter a comment for

the Audit History. Click Update CachePoint .

Change CachePoint Appliance settings

You can change the following CachePoint settings as described.

IP Address


1. In Hyper-V, select the CachePoint Appliance, and if it is not running, power it on.

2. Using either the Hyper-V console or SSH, log into the appliance as administrator (default password Unidesk1) This opens

the Setup Utility.

3. At the Setup utility's Action prompt, enter C (for Configure Networking), and press Return.

4. At the next prompt, type D for Dynamic (DHCP) or S for Static. If you choose Static, you will need to provide the IP

address, subnet mask, and default gateway.

5. When prompted, enter Y to save settings.

6. At the Action prompt, enter Q to quit.

7. Restart the appliance.

CachePoint's IP Address for its MA

If the IP address for the Management Appliance changes, run this procedure on each CachePoint Appliance so it can

communicate with the Management Appliance again.

1. In Hyper-V, select the CachePoint and power it on.


the Setup Utility.

3. In the Setup utility enter M for Modify.

4. Enter the MA's IP address, and then Y to confirm it.

5. Enter Y to exit the Setup utility.

Administrator password

1. In Hyper-V, select the appliance, and if it is not running, power it on.


the Setup Utility.

3. At the Setup utility's Action prompt, enter P (for Password change), and press Return.

4. When prompted, enter the new password, and then confirm the password. A message confirms that the ** Passwordchanged successfully.

5. Press the Enter key to continue.


root password*

If you are comfortable using Linux, use SSH to log into the appliance as root (for the default password, please contact

Support), and enter Linux commands to change the root password. If you need the root password or are not used to

changing the root password via Linux commands, the Unidesk Support team would be happy to help.

NTP configuration*

Using the Hyper-V console or SSH, log into the appliance as root (for the default password, please contact Support). This

brings you to the Linux command line.

Open the NTP configuration file for editing.

Disable or enable the NTP daemon, by changing which command is commented out. This example enables NTP.

1.

2.

3.

Command COPY


# chkconfig ntpd off

chkconfig ntpd on

Edit the NTP clock server(s) to use by adding and subtracting servers.

# Use public servers from the pool.ntp.org project

# Please consider joining the pool

(http://www.pool.ntp.org/join.html).

server 0.centos.pool.ntp.org



Type Ctrl-X, and choose Y to save the file, then reboot the appliance.

For more about configuring NTP

1. Register with the Redhat Customer Portal.

2. See the RedHat NTP documentation.

Time and Date*

1. Using the Hyper-V console or SSH, log into the appliance as root (for the default password, please contact Support). This


2. Enter the date command. For example:

4.

Code COPY

5.

Command COPY

http://www.redhat.com/

https://access.redhat.com/home


# date 03271327

* This procedure requires you to log into the appliance as root, use the Linux command line, and/or edit a Linux .config file.

If you are not familiar with Linux, our Support team will be happy to do this for you.

Configure a Management Appliance

Change Management Appliance settings

You cannot edit Management Appliance properties, but you can change the following Management Appliance settings as

described.

ImportantIf you change the Management Appliance's IP address, you must also log into each CachePoint and change the address that

the CachePoint has for the Management Appliance.

You can change the following CachePoint settings as described below.

IP Address

1. In Hyper-V, select the CachePoint Appliance, and if it is not running, power it on.


the Setup Utility.

3. At the Setup utility's Action prompt, enter C (for Configure Networking), and press Return.

4. At the next prompt, type D for Dynamic (DHCP) or S for Static. If you choose Static, you will need to provide the IP

address, subnet mask, and default gateway.

5. When prompted, enter Y to save settings.


7. Restart the appliance.

8. Change the MA IP address on each CachePoint. (See below.)

Administrator password

1. In Hyper-V, select the appliance, and if it is not running, power it on.


the Setup Utility.

3. At the Setup utility's Action prompt, enter P (for Password change), and press Return.

4. When prompted, enter the new password, and then confirm the password. A message confirms that the ** Passwordchanged successfully.

5. Press the Enter key to continue.



NTP configuration*

Using the Hyper-V console or SSH, log into the appliance as root (for the default password, please contact Support). This


Disable or enable the NTP daemon, by running the chkconfig ntpd command with the value set to off or on. For

example, this command enables the NTP daemon:

# chkconfig ntpd on

Open the NTP configuration file (/etc/ntp.conf) for editing using either emacs or vi. For example:

# emacs /etc/ntp.conf

Edit the NTP clock server(s) to use by adding and subtracting servers in the list at the bottom of the configuration file.

1.

2.

Command COPY

3.

Command COPY

4.

Command COPY


# Use public servers from the pool.ntp.org project.

# Please consider joining the pool

(http://www.pool.ntp.org/join.html).




Type Ctrl-XCtrl-C, and choose Y to save the file.

Reboot the appliance.

For more about configuring NTP

1. Register with the Redhat Customer Portal.

2. See the RedHat NTP documentation.

Time and Date*

1. Using the Hyper-V console or SSH, log into the appliance as root (for the default password, please contact Support). This


2. Enter the date command. For example:

# date 03271327

* This procedure requires you to log into the appliance as root, use the Linux command line, and/or edit a Linux .config file.

If you are not familiar with Linux, our Support team will be happy to do this for you.

5.

6.

Command COPY

http://www.redhat.com/

https://access.redhat.com/home


Manage network storage

Jun 28 , 2017

You can make network storage locations that have been set up in your environment available to Unidesk Appliances using

HyperV clusters and hosts. You can also remove or change the availability of these storage locations in the Unidesk

environment.

View network storage

You can see all storage locations available to hosts registered with the Unidesk Management Appliance.


2. Click the i next to the Management Appliance, and scroll to the list of Hosts and Storage.

3. Expand each cluster and host to see which network shares are assigned to each.

Add a network share to the Unidesk environment

To add network storage locations to the Unidesk environment:

Select System > Manage Appliances.

Click Manage Network Storage on the action bar. This opens the Manage Network Host wizard.

Click New, and type the name of the network storage location, in the format:

\\server.example.com\share

Click Add. By default, the share is assigned to all hosts registered with the Management Appliance.

Move (migrate) storage

Moving a Unidesk CachePoint (CP) from one database to another using standard Hyper-V tools is problematic because the

layers created by the CP are independent disks and not attached to the CP appliance. If the CP is moved with a storage

Move using the Hyper-V manager or SCVMM, the layers will be left behind. All the desktops using the CP will have the

wrong path to the layer files since the layers will no longer reside under the CP.

If you want to change your storage, create a new CP on the destination storage and create new, Non-Persistent

desktops.

Change network share host assignments

By default, when you add a network share to the Unidesk environment, all hosts that are registered with the Management

Appliance have access to it. You can deselect specific hosts so they no longer have access to the share.


1.

2.

3.

Code COPY

4.


2. Click Manage Network Storage on the action bar. This opens the Manage Network Host wizard.

3. In the Storage Assignments tab, expand the share so you can see all clusters and hosts with access to the share.

4. Deselect any hosts that you do not want to access the share.

5. Click the Next arrow, and click Submit Network Storage Changes.

Remove a network share from the Unidesk environment

You can remove a network share from the Unidesk environment, as long as the storage location is not in use by any Unidesk

Desktops, Session Hosts, or CachePoints. To remove a network share from the Unidesk environment:


2. Click Manage Network Storage on the action bar. This opens the Manage Network Host wizard.

3. Select the storage location, and click Remove. The network storage location is crossed off , but not yet removed.

4. If you decide not to remove the storage location, click the Restore button.

5. To save any changes, click Submit Network Storage Changes.


Open firewall ports for Unidesk

Jun 28 , 2017

When setting up the Unidesk environment, you need to open the following ports in your firewall for internal connections,

including those between:

The Unidesk Admin User and the management consoles you'll use.

Each virtual appliance and the various appliances and services with which it needs to communicate.

Admin User

Open the following ports in your firewall for the Unidesk Admin User to use when connecting to the Unidesk Management

console.

Destination Activity Protocol Ports

Any Unidesk appliance VMware Studio Console (Ships with Unidesk. Lets you manage appliance settings.) TCP 5480

Management Appliance Unidesk Management Console TCP 80, 443

Management Appliance

Open the following ports in your firewall for internal connections between the Unidesk Management Appliance and each

of the destinations listed below.



CachePoint Appliance ActiveMQ Service TCP 61616

CachePoint Appliance NFS TCP, UDP 111, 2049, 892, 662

NFS TCP 32803

NFS UDP 32769

Management Appliance ActiveMQ Console TCP 8161

Management Appliance Log deliveries from Unidesk Hyper-V Agent and Broker Agent TCP 8787

Management Appliance Log deliveries from users TCP 8888

Unidesk Hyper-V Agent Communication TCP8014*14243**

Unidesk Broker Agent Communication TCP 8015*

AD-DC/LDAP LDAP TCP 389, 636

* The agent installer enables this port by default. When installing the Unidesk Broker Agent, if you specify a different port,

you must remember to use the new port number when configuring the Broker settings in the Unidesk Management

Appliance (System > Settings and Configuration).

** This port must be opened manually before installing the agent, and it is not configurable.


Open the following ports in your firewall for internal connections between each CachePoint and the destinations listed

below.



Management Appliance ActiveMQ Service TCP 61616

Management Appliance NFS TCP, UDP 111, 2049, 892, 662

NFS TCP 32803

NFS UDP 32769

CachePoint Appliance ActiveMQ Console TCP 8161

Log Delivery TCP 8888

Unidesk Hyper-V Agent Communication TCP 8014*

Unidesk Broker Agent Communication TCP8014*14243**

* The agent installer enables this port by default. When installing the Unidesk Broker Agent, if you specify a different port,

you must remember to use the new port number when configuring the Broker settings in the Unidesk Management

Appliance (System > Settings and Configuration).

** This port must be opened manually before installing the agent, and it is not configurable.

Gold Image virtual machine

Open the following port in your firewall for internal connections between the Unidesk Gold Image virtual machine and the

Unidesk Management Appliance.


Management Appliance Unidesk Tools TCP 80

Desktop

Open the following port in your firewall for internal connections between each Unidesk Desktop and the

destination Management Appliance and CachePoint Appliances.



CachePoint Appliance, Management Appliance uniservice TCP 61616



Jun 28 , 2017

This document explains how to back up and recover Unidesk appliances and Persistent Desktops.

Backups for the Management Appliance and Master CachePoint Appliance

Basic recovery for these components can be achieved by creating backups of the files that make up the Management

Appliance and Master CachePoint Appliance on the Hyper-V host where they were installed using a frequency that is based

on the desired RPO. The Management Appliance is fairly small and easy to back up. The size of a Master CachePoint

Appliance can be between 120 GB and 250 GB or more. Creating full backups for CachePoint Appliances takes longer than

backing up the Management Appliance.

There are many options for backing up by using backup products designed for Windows Server 2012 R2. You can use

Windows Server Backup which is included with Server 2013 R2. Of course, you can also use third party products like VEEAM

to do your backups with more options but beware many virtual machine backup products may not be suited to backup

layer disks used by Unidesk because they are not uniquely attached to a virtual machine.

Management Appliance Backup

The management appliance is a normal virtual machine, it can be backed up by backing up the file system of the Hyper-V

server it is installed on or using a VM image backup.

Master CachePoint Appliance Backup

The Master CachePoint Appliance is a normal virtual machine but it also manages the master copy of all the layer disks in

Unidesk. Therefore to properly backup the MCP you must also backup these extra disk files.

Backup File Structure

Looking at the drive used for Unidesk in Hyper-V. First under the MCP Name is the appliance virtual machine.

Then, under the UnideskLayers folder we have all of the layer disks for that CP and in the case of the MCP it is the master

copy of all the layer disks.


To properly backup the MCP you must back up both of these. The easiest way to do this is to back up the file system

rather than backing up the MCP as a VM and then adding in the UnideskLayers folders from the file system though that is

possible.

Backups for secondary CachePoint Appliances

How you decide to back up desktops and CachePoint Appliances depends a great deal on your RTO and whether you can

provide a recovery desktop immediately while you recover the user’s normal desktops.

Recovery of a CachePoint Appliance

In order to recover a CP appliance and the desktops managed by that appliance in Hyper-V you must make regular backups

of the appliance and the User folders. The OS and App layers can be copied from the MCP if necessary but you will want

to document which layers you need. Unidesk has reporting tools to help with this.

Recovery of a CachePoint Appliance and Its Desktops using SAN snapshots

If your organization’s RTO is very short (for example, one hour), recovering an entire CachePoint Appliance and its desktops

from a backup is impossible. In this case, the only viable option is to use SAN-based snapshot technology for the

CachePoint appliance and its CP and Boot Volumes/Folders. This approach allows you to recover back to the latest

snapshot very quickly. Just remember that the Management Appliance database must be in sync with the snapshot. You

should create snapshots on a frequent enough basis to ensure that you don't have to use a very old snapshot, ensuring

that Management Appliance database will still match the database on the CachePoint Appliance after it is restored.

If you lose desktops from the CachePoint Appliance after completing a snapshot restore you should be able to delete the

object in the UMC and then recreate the desktops.

Unidesk Persistent Desktop and Session Host Backups

To back up Unidesk Persistent Desktops or Session Hosts, there are two separate disks that should be backed up for each

Desktop or Session Host; the boot disk and each UEP disk. These disks are located in two places. Boot disks are located

the folder you defined for boot disks and the UEP disk is stored under UnideskLayers\User folder structure as seen below.


NoteYou should not use Hyper-V checkpoints to save the state of a Persistent Desktop or Session Host, either manually or via a backup

product. Starting in 3.1, when a Persistent Desktop or Session Host is edited, all checkpoints will be deleted, and the changes they

contain will be merged into the machine's Personalization Layer.

Recovery of a single Desktop or Session Host

Recovery of a single Desktop or Session Host is easy as long as it is still available in the UMC. Just restore the two vhdx files

that make up the writable portion of the Desktop or Session Host (see the beginning of this section), then REBIC the

Desktop or Session Host.


Backup Example Using Windows Server Backup

Jun 28 , 2017

Windows Server Backup (WSB) is an included product with Server 2012 R2. WSB offers the ability to backup the Windows

Server itself as well as the Unidesk virtual appliances and virtual desktops. If a low RTO is desired consider backing up the

entire Windows server as well as the Unidesk appliance and desktop components.

If you only need backups in order to recreate virtual desktops without redoing all the work done to create the

infrastructure and layers you can choose to just backup the Unidesk Management Appliance and MasterCachePoint

including the UnideskLayers folder. This would allow you to restore these files on a new Hyper-V host, import the

appliances and then create and manage new or existing Desktops or Session Hosts if they are on hosts/storage that did

not fail.

WSB can be configured to write to a locally mounted volume or a network share. When using a locally attached volume

there are two operational modes possible; one where backup owns the entire volume and one where the backup shares

the volume. If the backup is allowed to own the volume then block level incremental backups are possible so that you can

restore back to any previous backup. If the entire volume is not dedicated to backup then only a single backup is retained.

If you choose to backup to a Windows Share only a single backup is retained as well.

Installing Windows Server Backup

There are two ways to install the backup utility. You can add the Windows Server Essentials Experience Role, then add the

Windows Server Backup feature or you can use PowerShell to just install Windows Server Backup directly.

The PowerShell command is: Install-WindowsFeature Windows-Server-Backup.

Setting up the backup

The first step in setting up the backup after installing the software is to create a volume or share to backup to. In my lab I

created a new LUN and masked the LUN to my Hyper-V host. I then opened Windows Server Backup and clicked on

Backup Schedule to define the backup.

On the first screen choose custom


Then in select items for backup choose the folders for the MA and MCP if you are backing up only the MA and MCP. If you

are backing up a Secondary CP choose the folders for the CP Appliance which will include the CP itself and all of the layers

and include the boot drive location you defined when you created the CP. This will of course backup the boot disks. If you

do not want to back up the APP and OS layers for a secondary CP you can add exclusions for these folders in the

advanced settings tab of the selection dialog.

First select the items to back up

If you are backing up an SCP and you decide not to backup the layers then you must do two things. First document which

layers have been deployed to the CP on a regular basis and add an exclusion to not back up the layers.

To add an exclusion click on advance settings then Exclusions and Add Exclusion.

Then choose backup times. Here you can choose once a day or multiple times a day. If you want to backup the MA and

MCP less frequently choose once a day and then edit the scheduled task created for the backup after completing the

process.


Next you specify the location type that matches your plan. The first option dedicates the entire LUN or drive to backups

and allows for multiple backups to be kept. The second choice works the same way but it can share the drive. The second

option runs slower. The third option is for storing backups on a file share. Using this option you will only have one copy of a

backup.

If using a volume you will see


That’s it. Now wait for a backup to run and check the status.

Recover the MA, MCP or a Secondary CP

How you approach recovery of the MA and MCP depend on the failure scenario. If for some reason the appliance

becomes corrupted you can just restore the files from backup. If you have to recover the entire host. You will first recreate

or recover the host. If you have used bare metal backup and have restored everything on the C drive including the Hyper-V

configuration then you can restore the files for the MA and MCP and everything will work. If you are backing up Secondary

CPs you will want to use this option otherwise adding all the desktops back in to Hyper-V will be very difficult.

If you are creating a new Hyper-V host and installing Hyper-V from scratch then you will also install the Unidesk Hyper-V

Agent (setup_Unidesk_Hyper-V_Agent.exe) from the Unidesk Installation media and then restore the MA and MCP from

backup. Then import both appliances back into Hyper-V.

If you have restored the entire host or created a new host and need to import a secondary CP and its desktops, we provide

a utility called the “Unidesk Hyper-V Load Utility”. This utility will read throught the boot drive folder and add import all the

desktops it finds into Hyper-V.

To restore the MA and MCP from backup follow this procedure.

Select Recover.

Choose this server.

Caricature



Select Files and Folders.

Here you can specify the folder for the MA or the MCP or the root of both to restore both.

Then choose to overwrite the existing files in the original location.


Make sure that the selected paths are correct and perform the recovery operation. Remember to also create the boot disk

folder if this was not included in the backup/recovery path.

Recover a Desktop or Session Host

To recover a single Desktop or Session Host from backup you will be restoring just the three disks that make up the

writable portion of a desktop. These are the boot disk and the personalization disk. This assumes the Desktop or Session

Host is still defined in Hyper-V and all we want to do is to roll back to an earlier version of the machine.

Note to perform this operation, you must backup the Desktop or Session Host servers and Secondary CPs.

Select Recover.

Choose this server.


Select Files and Folders


Under Items to recover first select the UEP disk under UnideskLayers\User

Then choose to overwrite the existing files in the original location

Ensure the confirmation screen looks correct then recover the UEP disk.


Now perform the process again for the boot disk.

Then you can start the desktop, log in, and test.

Unidesk Hyper-V Load Utility

If you have a whole host failure and you do not keep bare-metal backups to recover from, you can still recover the Unidesk

MA, CP and Desktops from backup. Create a new Hyper-V host. Use the same hostname as the failed host. Install the

Unidesk Hyper-V agent. Restore the Boot folder and CP appliance folder from backup. Then use the Unidesk Hyper-V Load

Utility to import the applances and desktops from the storage folders.

To install the utility download the zip and first check its properties to “unblock” the file if it is blocked.


On the Hyper-V server that you will restore on, create a folder off the root of the C drive with no spaces in the name and

unpack the zip file into that folder.

Then run the utility as administrator (LoadDesktops.exe).

Choose get for the desired folders then click save to save this information to the files used by the scripts. Then you can

either test or run. Test will create a log of what the utility would do if it were run but it will not import any VMs. Press run

when you are ready to import the appliances and desktops.


Appliance health

Jun 28 , 2017

Unidesk checks Appliance Status each hour, and updates the Status column on the System > Manage Appliances page.

Every three hours Unidesk also checks to see if any appliance's health has changed, and if so, sends an email to

administrators.

Unidesk appliances run a service to evaluate their own health and report health status. The results indicate whether an

appliance might be in need of attention.

Check appliance status

To see the status of your appliances:

1. Select System > Manage Appliances. The Status column lists the status of each virtual appliance.

2. If the Status is Needs Attention, you can learn more about why the appliance has been f lagged by clicking the next to

the appliance name. Click Needs Attention status for more about what can cause this status.

Appliance status conditions

Here are the possible appliance conditions:


Status Description

Not

provisioned

A virtual appliance does not exist yet, and there may be a configuration issue.

This status can occur for the following reasons:

The first time you log into the Unidesk Management Console, the initial provisioning tasks for the Master CachePoint

Appliance are still in progress.

The task that creates the virtual appliance fails. In that situation, you need to edit the CachePoint Appliance to finish

provisioning it.

Never

started



This condition can occur during provisioning while the CachePoint Appliance is formatting its cache and preparing to start

for the first time.

Started, no

health

status



Running Performance for this Appliance is within acceptable operational limits.

Needs

attention

Any of the following appliance health factors indicate that the appliance may need attention:

High swap memory usage - If an appliance is using more than 50% of its swap memory, the appliance is flagged

as Needs attention. For help with this issue, contact Unidesk Support.

Low disk space - If an appliance has less than 5% of its disk space free, its Status is listed as Needs attention. For help

with this issue, contact Unidesk Support.

Connectivity failure - Unidesk evaluates connectivity between the Management Appliance and your CachePoints every

five minutes, and if there is a failure, changes the Status to Needs attention.

If one CachePoint is having a connectivity issue, reboot the appliance. If all of your CachePoints are having connectivity

issues, reboot the Management Appliance. If the problem persists, contact Unidesk Support.

Powered

OffThe CachePoint Appliance is powered off or nonfunctional. No other Unidesk components can communicate with it.


Monitor Unidesk virtual appliances

Jun 28 , 2017

Unidesk checks Appliance Status each hour, and updates the Status column on the System > Manage Appliances page.

Every three hoursUnidesk also checks to see if any appliance's health has changed, and if so, sends an email to

administrators.

Unidesk appliances run a service to evaluate their own health and report health status. The results indicate whether an

appliance might be in need of attention.

Check appliance status

To see the status of your appliances:

1. Select System > Manage Appliances. The Status column lists the status of each virtual appliance.

2. If the Status is Needs Attention, you can learn more about why the appliance has been f lagged by clicking the i next to

the appliance name. Click Needs Attention status for more about what can cause this status.

Appliance status conditions

Here are the possible appliance conditions:

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/appliance-health/monitor-unidesk-virtual-appliances.html#needs-attention


Status Description

Not

provisioned

A virtual appliance does not exist yet, and there may be a configuration issue.

This status can occur for the following reasons:

The first time you log into the Unidesk Management Console, the initial provisioning tasks for the Master CachePoint

Appliance are still in progress.

The task that creates the virtual appliance fails. In that situation, you need to edit the CachePoint Appliance to finish

provisioning it.

Never

started



This condition can occur during provisioning while the CachePoint Appliance is formatting its cache and preparing to start

for the first time.

Started, no

health

status



Running Performance for this Appliance is within acceptable operational limits.

Needs

attention

Any of the following appliance health factors indicate that the appliance may need attention:

High swap memory usage - If an appliance is using more than 50% of its swap memory, the appliance is flagged

as Needs attention. For help with this issue, contact Unidesk Support.

Low disk space - If an appliance has less than 5% of its disk space free, its Status is listed as Needs attention. For help

with this issue, contact Unidesk Support.

Connectivity failure - Unidesk evaluates connectivity between the Management Appliance and your CachePoints every

five minutes, and if there is a failure, changes the Status to Needs attention.

If one CachePoint is having a connectivity issue, reboot the appliance. If all of your CachePoints are having connectivity

issues, reboot the Management Appliance. If the problem persists, contact Unidesk Support.

Powered

OffThe CachePoint Appliance is powered off or nonfunctional. No other Unidesk components can communicate with it.


Emails about CachePoint service issues

Jun 28 , 2017

You can receive email messages regarding issues with a CachePoint Appliance by configuring email notifications in

the Unidesk Management Console. The Management Appliance then sends emails to the list of addressees if an

internal CachePoint Appliance service failure causes desktops to become unusable. The affected CachePoint

Appliance initiates a restart of the affected service.

If the service continues to fail, the CachePoint Appliance initiates a complete restart of the virtual appliance. In most cases,

restarting the service or the affected CachePoint Appliance is sufficient.

The CachePoint Appliance tries to restart the service three times during a 60-minute time frame. If the service continues to

fail, the CachePoint Appliance tries to restart itself. If the restarts do not resolve the issue, you receive an email notification

indicating that an issue still exists.

Configure the Management Appliance to send email notices

To receive these messages, configure the Management Appliance to send email messages to the designated addresses

whenever there is an issue with a CachePoint service. You can configure email notifications to inform you in case there are

issues with services running on your CachePoint Appliances.

Events that can trigger an email notice

When you configure email notifications, you will receive an email for any of the following events:

Tests of the email notif ication connection.

An internal failure occurs on a CachePoint Appliance that requires an automatic restart.

Log f iles are exported.

Connection issues between Desktops or Session Hosts and CachePoint Appliances occur.

Types of email notifications

Emailnotif ication

Description

CachePoint service

failures

The Management Appliance sends an email message to the designated addresses when an internal service

failure occurs and the affected CachePoint Appliance tries to restart the service or the CachePoint Appliance.

Exporting log filesWhen you export logs for Desktops or the virtual appliances, the software sends the specified recipients an email

notification that includes a link to the log files. For details, click here.

Connection issues

If a Desktop or Session Host loses its connection to its assigned CachePoint Appliance, the Desktop or Session

Host contacts the Management Appliance to either obtain a new IP address for the CachePoint Appliance or to

confirm that it has the correct IP address.

If the Desktop or Session Host has the correct address but cannot communicate with its CachePoint Appliance,

the Management Appliance sends an email notification the first time it tries to communicate with the CachePoint

Appliance.

When you receive this message, verify that the CachePoint Appliance is operational and available on the network.




To setup email notifications, do the following:


2. Navigate to Notif ications Settings and click Edit .

3. In the Mail Server box, enter the name of your email server or the name of the SMTP relay server.

4. In the Mail Server port, enter the number of the port that the email server uses for communication.

5. In the User Name box, enter the username for the email account you want to use for sending notif ications. For example,

[email protected].

6. In the Password box, enter the password for the email account.

7. In the From box, enter an email address to identify the source of the email message. For example, if you enter

[email protected], the email message displays the following in the From box of the received notif ication:

Unidesk Management Appliance [[email protected]]

8. In the Recipient List box, enter the email addresses that should receive notif ications. Use a comma or semicolon to

separate the email addresses.

9. Click Test Email Conf iguration to verify that the settings for the email server and account work correctly. If the test

succeeds, the software displays a success message and sends the recipients a confirmation email.

10. Enter a comment, if necessary, and click Save to save the email settings. If you enter comments, they appear in the


CachePoint Appliance Notifications

Messages sent

The CachePoint Appliance sends the following types of email notifications for service failures:

Internal CachePoint Appliance failure — When an internal service failure on one or more CachePoint Appliances occurs,

an email notif ication alerts you to the problem and informs you that a restart of the service or CachePoint Appliance is

going to occur.

Restart completion — After the restart completes, an email notif ication informs you that the restart of the affected

service or CachePoint Appliance completed successfully.

Restart failed — If the service or CachePoint Appliance restarts do not resolve the issue, an email notif ication alerts you

that the issue still exists and human intervention is required to resolve it.

Actions to take

After being notif ied about a restart, monitor the CachePoint Appliances in the Unidesk Management Console and the

virtual infrastructure to verify that the CachePoint Appliances are operational before trying to access the affected

desktops.

If you encounter any problems with one or more desktops after the restart completes, use the Desktops > Restore

action in the Unidesk Management Console to return the desktop to a previous, operational state.

If you want to change the number of times the Management Appliance tries to restart the CachePoint Appliances,

contact Technical Support.

If the service or CachePoint Appliances restarts fail to resolve the issue, contact Technical Support for assistance.


Monitor tasks

Jun 28 , 2017

Use the Task bar to monitor Unidesk management tasks. You can:

View the status of completed tasks and tasks requiring user action.

View tasks and subtasks.

Hide tasks.

Cancel subtasks.

The Taskbar updates status information every 10 seconds. You can also update status by clicking the Refresh icon.

Task status indicators

The Task bar uses the following status indicators.

NoteThe stalled status icon indicates that at least one task or subtask did not complete. If you think that a given task with this status will

not complete, you should manually cancel the task (as described later in this topic) and then retry the operation. If the problem

persists, contact Technical Support.

View tasks and subtasks

The following table describes the different ways you use the Task bar to view tasks and subtasks.


To do this: Use this:

View the status of completed

tasks or tasks requiring user

action.

Task status bar.

The software displays tasks when they complete or when user action is required in the status area at

the top of the Task bar.

If more than one message is available, use the arrow keys on the right side of the task bar to scroll

through the messages.

Click a message to clear the display. This action removes all messages in the Task status bar.

View a list of all tasks,

completed and active.

Main task view.

The software displays all tasks in the Main task view.

Expand the Task bar to view a list of tasks.

Use the filters to refine the display results.

To view additional details about the subtasks in a task, click the i icon.

View a list of subtasks for a

specific task.

Subtask view.

Click i next to a task in the Main task view to open the Subtask view.

Each entry (or row) in the Information view represents a subtask for the selected task.

Hide active tasks

You can hide tasks for the current session, for example if a large number of tasks are active, or if there

is one that will take a long time. Once you log out and log back in, the Task bar displays all tasks again.

To hide a task, select Hide next to the task.

To display all hidden tasks, select View Hidden Tasks at the top of the Tasks bar. To hide these

tasks again, clear View Hidden Tasks.

To change a task from hidden to displayed, select View Hidden Tasks to display hidden tasks and

clear the Hide checkbox next to the task.

Cancel tasks

Most tasks include one or more subtasks. While a task is active you can cancel one or more of the subtasks that are still in

progress. The main task remains active until all subtasks are completed or canceled.

For example, you might want to cancel a task if a system problem occurs and the task is unlikely to complete successfully.

1. Open the Task bar and view the active tasks.

2. Open the Subtask view for a task (click i).3. Select a subtask and click x .

4. When the subtask stops, the Task bar changes the status of the subtask to Canceled by user.


Brokers

Jun 28 , 2017

You can change the port number for Unidesk Broker Agent, but you'll need to change the setting in two places: On the

broker server, for example, the RDCB server, and in the Unidesk Management Console.

Log in to the Remote Desktop Service system where you installed the Unidesk Broker Agent.

Using regedit, change the value of the following registry entry from the default value of 8015 to the new port number:

\HKEY_LOCAL_MACHINE\

SYSTEM\CurrentControlSet\Services\UnideskBrokerAgent\Parameters\ListeningPort

In the Unidesk Management Console, select System > Settings and Configuration.

Click Edit next to the Broker Settings

In the list of Brokers, select the broker server, and click Modify.

Change the Broker Port to match the value you just set it to in the Registry on the server.

Click Test Connection to verify that the new port is working, and click Apply, then Save.

1.

2.

Code COPY

3.

4.

5.

6.

7.


Users

Jun 28 , 2017

The Unidesk environment can include directory service users and groups, and local Administrators that you create using

the Unidesk Management Console.

Directory service users and groups

The software retrieves information about these users and groups from a remote directory service. To add these users and

groups to the Unidesk directory tree, establish a connection (referred to as a Directory Junction) to a directory server. After

establishing this connection, you can assign Desktops or Session Hosts to the directory service users and groups, add them

to local groups, or assign Administrative roles to users. If you want to change any of the attributes for these users and

groups, you must do so on the directory server.


Manage users and groups

Jun 28 , 2017

Edit users

The only change you can make for a directory service user is assigning or removing roles. To change all other user attributes,

edit them on the remote directory server.

Delete users

To delete a directory service user, remove them from directory server. You cannot use the Unidesk Management Console to

delete directory service users.

Edit a directory junction

To change the settings for a directory junction:

1. Select Users > Directory Service.

2. Select Edit Properties. This opens the Edit Directory Junction wizard.

3. In the Connection Details tab, change any of the connection details for the directory server.

1. Change the name for the Directory Junction. This name becomes the name of the folder that you see in the Unidesk

directory tree view.

2. Change the IP address for the directory server.

3. Change the number of the port that allows communication with the directory server.

4. If you want to use Secure Sockets Layer (SSL) communication, select the SSL checkbox.

5. Click Test Connection to verify that the connection to the directory server is valid. If you chose to use an SSL

connection and certif icate errors occur, the wizard prompts you to confirm whether you want to accept or reject the

certif icate.

4. In the Authentication Details tab, change the credentials for a user who has permissions to search the directory server.

Display the steps.

1. Enter the ID or distinguished name for a user who has permissions to search the directory server. This ID is the Bind

distinguished name (DN). To determine the correct syntax for the Bind DN, see the documentation for your directory

service.

2. Enter the password for Bind DN.

3. Click Test Authentication to verify that you entered the correct values.

5. In the Attribute Mapping tab, enter the names of directory service attributes that you want to map to local attributes.

6. In the Conf irm and Delete tab, verify the Directory Junction settings are correct, enter a comment if required, and click

Update Directory Junction.

If you enter comments, they appear in the Information view Audit History.

Delete a directory junction

Deleting a Directory Junction deletes all of the cached information in the local database that the software retrieved from

the remote directory service.

Conditions for deletion

You can delete a Directory Junction if :

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/users/manage-administrator-roles.html


The Directory Junction does not contain any directory service objects that are imported into the Unidesk directory tree.

No Desktops are assigned to any of the directory service users.

The Directory Junction overlaps another Directory Junction (that is, the same users exist in multiple Directory Junctions). In

this case, you can delete the Directory Junction even if the users are imported or have assigned Desktops as long as they

still exist in another Directory Junction.

NoteIf a user who has been imported, assigned a Desktop, or assigned a role exists in the Directory Junction that is being deleted, and

that user does not exist in another Directory Junction, you will not be able to delete the Directory Junction until that user has been

removed.

When you delete an overlapping Directory Junction, you continue to see the imported users if they exist in other Directory Junctions.

Delete a directory junction

Delete all directory service objects that are members of the Unidesk directory tree. Deleting these objects from

the Unidesk directory tree does not affect the objects in the directory service tree.

Use the following icons to identify these objects:

Select Users > Directory Service.

Select a Directory Junction and select Delete in the Action bar. This opens the Delete wizard.

In the Confirm and Complete tab, verify that the correct directory junction is selected, and click Delete DirectoryJunction.

1.

2.

3.

4.


Change the Administrator password

Jun 28 , 2017

Use these steps to change the password for the original Administrator account created for the Unidesk Management

Console.


2. Select User > Administrators.

3. In the list of Administrators select Administrator and click Edit Properties.

4. Enter the new password and type it again in the Conf irm Password f ield.

5. On the Conf irm and Complete tab, click Update User.


Manage Administrator roles

Jun 28 , 2017

Assigning a role to a user in the Unidesk Management Console allows you to control which Unidesk objects an administrator

can manage.

User roles

The user roles include:

None - These users can use Desktops assigned to them; they cannot log in to the Unidesk Management Console.

Desktop Administrator - These users can log in to the Unidesk Management Console and have limited access to Unidesk

objects.

Administrator - These users can log in to the Unidesk Management Console and can manage all of the Unidesk objects.

If an administrator does not have access to specific modules in the Unidesk Management Console, these modules still

appear in the user interface but the user cannot select any of the actions in these modules.

Permissions for each user role

Roles Module Access

Desktops Layers Users System

None No No No No

Desktop Administrator Yes Yes No Installation Machine

module only

Administrator Yes Yes Yes Yes

Manage Administrator Roles

You can change a user's role if you are logged in as an administrator who has greater permissions than the user's role that

you want to change. If you are logged in as an Administrator, you cannot change the role for the logged-in user.

About assigning roles

The roles that you assign to users control whether they can log into the Unidesk Management Console and manage some

or all of the components in the Unidesk environment.

Assign user roles

1. Select Users > Users.

2. Select a user and select Edit Properties. This opens the Edit wizard.

3. Select one of the following roles from the list:


None - These users can use Desktops assigned to them. They have no management permissions and cannot log into

the Unidesk Management Console.

Desktop Administrator - These users have limited access to management tasks in the Unidesk Management

Console.

Administrator - These users have full access to all management tasks in the Unidesk Management Console.

4. You cannot specify a username and password. When you assign roles to directory service users, they use their login

credentials from the directory service to log into the Unidesk Management Console.

5. In the Confirm and Complete tab, click Create User. If you enter comments, they appear in the Information view Audit

History.


Search for users assigned to Desktops

Jun 28 , 2017

The user assignment search feature is available in the Create Desktops and the Edit Desktop wizards.

1. To use the search feature, enter a full or partial name in the Search box in either of the following locations..

a. The Collect ion AssignmentCollect ion Assignment tab in the Create Desktop wizard.

b. The Collect ion ReassignmentCollect ion Reassignment tab in the Edit Desktop wizard.

2. Click the play icon to start the search. The tree view displays the objects that match your search criteria. You may need

to expand an item in the search results to f ind or select the user, group, or folder that you want.

3. To clear the search result and redisplay the default display that you can browse, click xx next to the Search box to clear it.

The user assignment search feature allows you to search for the name of a user, group, or folder.

You can enter a full or partial name for local objects that you created using the Unidesk Management Console or directory

service objects that are members of a Directory Junction.

You can use the search filter to display only specific types of objects in the search results. Using a filter is useful if you have

a large number of users, groups or folders to search. To use the search filter:

1. Enter the search criteria in the main Search box.

2. Click >> next to the Search box.

3. In the displayed list, select the object type: user, group, or folder. All items are selected by default.

4. Click the play icon to start the search. The wizard displays the objects that match your search criteria AND the selected

filter.

5. To close the f ilter menu, click the down arrow next to the Search box.

When you search for items, the search results match any of the search criteria that you enter in the Search box. The

following table provides information about the search criteria for user assignment searches.


RuleRule ExampleExample

All searches are case-insensitive, including

words or phrases enclosed in double

quotes (" ").

Searching for Roberts or roberts displays all items that contain either word.

Searching for words or phrases enclosed in

double quotes results in an exact match.

Searching for "Marketing Europe" displays items that include the words Marketing Europe

but not Marketing-Europe.

AND is implied in all searches except for

those enclosed in double quotes.

Searching for Accounting Department, the search looks for words or phrases that

include Accounting AND Department. Therefore, the search results could include both of

the following groups:

Accounting Department Chicago

Accounting Department London

The search results would not include an item named Accounting Management because

its name does not include "Department."

Search uses an implied wildcard at the

beginning and end of the words you enter in

the Search box.

Searching for Smith displays all items that include Smith in their names. For example, the

search result could display entries for Robert Smith, John Smith, and Mary Smith.


Troubleshoot

Jun 28 , 2017

Export log files to send to Support

Troubleshoot Application Layers

Troubleshoot Doman join issues


http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/troubleshoot/troubleshoot-applications-layers.html

http://docs.citrix.com/en-us/unidesk/3-4-3-hyper-v/administer/troubleshoot/troubleshoot-domain-join-issues.html


Export log files and send to Support

Jun 28 , 2017

You can export logs for your Unidesk appliances, and send them to the Unidesk Support team via HTTPS or to yourself and

others by email. You can also export logs for an individual Unidesk Machine(Desktop, Session Host, or Installation Machine).

This topic explains what log files are available for export, and which log files are useful for what kinds of issues. It then

explains how to export each of the logs.

Unidesk log files are text files that contain useful information for the Unidesk Support Team when helping you to resolve an

issue. The log files contain details about the operation of each Unidesk virtual machine (VM) and its communication with

other VMs in the Unidesk environment. The exported logs are stripped of any passwords and encryption keys, so none of

your credentials can be compromised.

What virt ual machine files are export ed?What virt ual machine files are export ed?

Each export includes the logs for the selected VM, along with the MA logs. The Database Crash Dump file export is

optional. When you export logs, the Unidesk software creates a gzipped tar file (.tgz) containing the log files for the

selected VM. A task with the URL for each tar file appears in the Task bar.

Virtual MachineVirtual Machine Exported filesExported files

Management Appliance (MA)

The gzipped tar file (.tgz) with:

MA logs

Crash Dump files (optional)



CachePoint logs


MA logs

Desktop or Session Host


Machine logs


MA logs

Installation Machine (IM)


IM logs


MA logs and database dump

To view the log files, download them and extract them using a file compression utility such as the WinZip® product.


What logs should I export f or which issues?What logs should I export f or which issues?

The MA logs are included in the export for any CachePoint(s) or Unidesk Machines because no matter what problem you're

having, you'll need them. When you export logs, you can choose to send them to Unidesk Support and/or to an email

recipient.

For is s ues with.. .For is s ues with.. . Export logs for the.. .Export logs for the.. .

One Desktop or Session Host Desktop or Session Host

Multiple Desktops or Session Hosts CachePoint Appliance(s) for the problem Machines only

Building a Layer Installation Machine (IM)

Management Appliance or database Management Appliance (MA)

Bef ore you st artBef ore you st art

Before you can.. .Before you can.. . You mus t.. .You mus t.. .

Send logs to Unidesk

SupportHave an open Support Case. Create a Support Case explaining the issue you're seeing.

Send email notices Specify your email server in the System > Settings and Configuration > Notifications Settings box.

Export logsMake sure the Log File Retention Settings are configured to keep the logs you need for the length of time

you need.

Export and send CachePoint Appliance andManagement Appliance logs

When you have a problem with more than one Unidesk Machine, you'll need the logs from the CachePoint(s) that they're

on. If you have several CachePoints, don't export them all, as they are large and only the ones with the problem Machines

will be helpful. The MA logs that you need will automatically be exported with the CachePoint logs.

When configuring an export, you can choose to send a copy of the logs to Unidesk Support via HTTPS, or to yourself or

others who need access to the logs via email.

1. In the Unidesk Management Console, select Syst em > Manage AppliancesSyst em > Manage Appliances and click Export Logs. The Export Logs


Wizard opens to the Send Options tab.

2. If you want to send the logs to Unidesk via HTTPS and you have a Unidesk Support Case open, click Send t o UnideskSend t o Unidesk

SupportSupport , choose the support case, and type a description in the Contents f ield.

Not eNot e : This option is only available if you have an open Support Case. You can open one and come back to this screen to

select the option.

3. If you want to send the f iles to yourself or others who need access to the logs, select the Email Email check box and type

the addresses in the Recipients f ield. (Use a comma (,) or semi-colon (;) between addresses.

Not eNot e : This f ield is only active if you've configured an email Notif ication in the System > Settings and Configuration >

Notif ications Settings box.

4. In the Log Selection tab, the MA is selected by default. Select only the CachePoint(s) that have problem Machines, and if

you need to include the Crash Dump Files, select the check box to include those.

Shortcut: If you need to select all or most of the appliances in the list, select the f irst one and press CTRL-A, then

deselect the ones you don't need. However, we recommend selecting only the relevant CachePoints.

5. In the Confirm and Complete tab, click Export Logs to start the export process. The software locates the log f iles on

each of the selected appliances and exports them to a gzipped archive f ile (*.tgz) on the appliance.

Export Desktop logs

If you are having an issue with a Desktop, you can export the log f iles from it. If you are having the same issue with morethan one Desktop, you can save time by exporting the logs for the CachePoint(s) involved instead.1. Select Deskt opsDeskt ops and the Desktop whose log f iles you want to export.

2. Select Rest art /Shut DownRest art /Shut Down and the Shut downShut down option.

3. Select the Desktop and select Desktop Diagnostics in the Action bar. This opens the Desktop Diagnostics wizard.

4. In the Diagnostic Selection tab, select Export Desktop Logs. The options for sending the logs are displayed.




select the option.

6. If you want to send the f iles to yourself or others who need access to the logs, select the EmailEmail check box and type

the addresses in the Recipients f ield. (Use a comma (,) or semi-colon (;) between addresses.)

Not eNot e : This f ield is only active if you've configured an email Notif ication.

7. In the Confirm and Complete tab, click Export Logs. The software locates the log f iles from the desktop and the

Management Appliance and exports them to a gzipped archive f ile (*.tgz).

Export Session Host logs

If you are having an issue with a Session Host, you can export the log files from it. If you are having the same issue with

more than one Session Host, you can save time by exporting the logs for the CachePoint(s) involved instead.

1. Select Session Host Session Host and the Session Host whose log f iles you want to export.

2. Select Rest art /Shut DownRest art /Shut Down and the Shut downShut down option.

3. In the Diagnostic Selection tab, select Export Session Host Logs. The options for sending the logs are displayed.





select the option.




6. In the Confirm and Complete tab, click Export Logs. The software locates the log f iles from the desktop and the

Management Appliance and exports them to a gzipped archive f ile (*.tgz).

Export Installation Machine (IM) logs

If you are having issues creating a Layer, export the logs from the IM you're using.

Bef ore you st artBef ore you st art : You must be using the IM to create a Layer, and the IM must be in a Running state.

1. Select the IM and click Inst all Machine Diagnost ics Inst all Machine Diagnost ics .

2. In the Diagnostic Selection tab, select Export Installation Machine Logs. The options for sending the logs are displayed.




select the option.




5. In the Confirm and Complete tab, enter a comment, if necessary, and click Export Logs. The software locates the log

files from the Installation Machine and the Management Appliance and exports them to a gzipped archive f ile (*.tgz).


Troubleshoot Application Layers

Jun 28 , 2017

This article explains how to troubleshoot typical issues with Application Layers.

Quick review of t he basicsQuick review of t he basics

When a user opens a file on their Unidesk Desktop, the Unidesk software directs Microsoft Windows to open the file from

the Layer with the highest priority. The Personalization Layer, which contains files created or modified on the Desktop, is

always highest priority, so Windows will be directed to the Personalization Layer as the source for those files. If the file isn't

found in the User Layer, the Unidesk software looks for it in the Application Layers. If Windows finds the file in an more than

one Application Layer or Layer Version, it uses the file in the most recently created Application Layer Version. Finally, if

neither the User Layer nor an Application Layer has the file, Unidesk uses the version of the file that’s in the Operating

System Layer, the Layer with the lowest priority.

Note: By default, Application Layer priority is determined by the Layer/Version creation date or modification date. There are

ways override the default priority, as explained later in this article. However, in most cases, this prioritization works well.

Imagine a scenario where the user has installed an application on their Desktop. Because the application is user-installed, it

is stored in the person's Personalization Layer. The application has an old version of foo.dll. If an IT-delivered application (in

an Application Layer) needs a later version of that same dll (foo.dll), the IT-delivered application will not work correctly on

that user’s Desktop. That's because Windows finds the Personalization Layer version of the file and uses that one instead

of the newer version in the Application Layer. The good news is that you can fix an issue like this, as Unidesk gives you a few

ways to control where a file will be delivered from.

When I creat e a new Deskt op, one or more applicat ions do not work correct lyWhen I creat e a new Deskt op, one or more applicat ions do not work correct ly

Administrators often create all of the Application Layers and just start deploying new Desktops with all of the layers. This

can work fine but if it doesn’t, step back and take an incremental approach to isolate the issue.

Can you create a Desktop with just the Operating System Layer and the failing Application Layer? If that doesn’t work

then you have an issue with that particular application. Check the Application Layer Recipes page for details on specif ic

applications. Iif you don’t see your application in the recipes, open a support case.

If you have a clear conflict between 2 layers you have several choices for resolving that conflict. You can:

Combine the conflicting applications in a single Layer, often the simplest solution.

Create one of the Layers using the conflicting Layer as a prerequisite Layer. This is best in case where you need to

deploy and update the applications separately. When you specify a prerequisite layer, the Installation Machine will be

created with both the specif ied OS and the prerequisite Layer installed. You will need to remember to always include

that prerequisite Layer when you update your application.

An applicat ion is not working correct ly on an exist ing Deskt opAn applicat ion is not working correct ly on an exist ing Deskt op

If the application used to work on the Desktop and now it isn’t the solution is often a simple reinstall. Editing the Desktop

and selecting the reinstall checkbox for the failing application simply removes any files from the user layer that are part of

the application layer.

When I deploy a new version of an applicat ion t o a Deskt op it does not work correct ly.When I deploy a new version of an applicat ion t o a Deskt op it does not work correct ly.


Try a reinstall of the application; edit the Desktop and check the reinstall flag on the application that is not working. If that

works this was due to some change on the user Desktop that is incompatible with the new application version. Ask the user

to check that all of their self installed applications are working.

If reinstall did not work, the issue is probably not specific to that user’s Desktop. (Keep in mind that you can roll the

Desktop back to an earlier version of the application to keep the user productive while you do furt. Try deploying the new

version of the application to a newly created Desktop. If it works in the newly created Desktop then you know there is

some conflict with another application layer that was deployed on the user’s Desktop or possibly with something that the

user has installed themselves.

When creat ing a new layer version t he inst all machine says t hat Windows needs t o be act ivat edWhen creat ing a new layer version t he inst all machine says t hat Windows needs t o be act ivat ed

If this is not impacting your layer update, just ignore it! Microsoft is detecting a change in the activation information of the

OS layer and of the application layer that you are updating. This will not have any impact when the application is deployed

to a Desktop because the activation information is in the user layer on the Desktop. If you do require activation to

complete your new layer version (possible if you are installing MSFT patches) then go ahead and activate in the install

machine.


Troubleshoot Domain join issues

Jun 28 , 2017

Debug domain join issues

When a Windows Desktop is created in Unidesk it runs through the Microsoft Windows mini-setup process, which uses a

file called unattend.xml to configure a variety of Desktop settings. We recommend that you use the Unidesk Unattend


Desktop to the domain during creation.

If your Desktop is not joining the domain correctly, here are some common issues and how to solve them.

Keep in mind that while you will look at logs on the Desktop Unattend to identify your problem, you will update the

unattend file in your OS layer or in an application layer to correct it so that newly created Desktops will successfully join

your domain.

First things to check

Check t he Set upact log on t he Deskt op f or errorsCheck t he Set upact log on t he Deskt op f or errorsCheck t he Set upact log on t he Deskt op f or errorsCheck t he Set upact log on t he Deskt op f or errors




Note: Be sure you are not looking at the setupact log in C:Windows\Panther. You want the log file that's in

C:Windows\Panther\UnattendGC.








f ully qualif ied domain namef ully qualif ied domain name: vdidomain.acme.com or vdidomain.localshort domain nameshort domain name: vdiOUOU: acmegrp1Domain accountDomain account : Administrator

1. Open the unattend f ile on the Desktop and check for some common problems. The unattend f ile is located in


c:\windows\panther.

Search for the <JoinDomain> tag and check the fully qualif ied domain name. It should look like one of these examples:



Check the domain specif ication by searching for the Domain tag: <Domain>. The Domain tag must be the short domain

name, not the fully qualif ied domain name.It should look like this:



Check the Username specif ication. It should look like this:





2. Fix any issues you f ind in the unattend.xml, either by editing the f ile manually, or by re-running the Unattend builder. This

involves creating a new version of your OS layer to update the unattend f ile:

a. In the Unidesk Management Console, click Operating System Layer > Add Version. Allow the Operating System Layer

to boot up in the Install Machine, and log in.

b. Once logged in, either edit unattend.xml, or re-run the Unattend builder:

Run Notepad as Administrator, edit C:\Windows\Panther\unattend.xml, and save the f ile.

c. Finalize the layer

3. Deploy a new Desktop with your latest OS version and check for successful domain join.

Check the Netsetup log file for errors















like this:











































container. Windows requires that the default OU be left unspecified, so if you want to put new Desktops into the default

Computers OU, you must delete the <MachineObjectOU> line entirely. Look further up the log file for what the specified

OU is:



Bad domain specified




seconds...




Insufficient user rights






...





Use another approach to domain join: Add a script tothe deployment process


to the deployment process to do the domain join. For more information, see this article



More about how domain join works



And the UnattendedJoin block within it looks like this.

<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64"

publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"

xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-

instance">

<Identification>

<Credentials>




</Credentials>




</Identification>

</component>

T here are f our element s of block t hat need t o be correct :T here are f our element s of block t hat need t o be correct :



not the FQDN. The "Domain" and "Username" tags are joined to create the account that the Desktop will login to the

domain as in order to create the Machine Account. The account must exist and be a domain administrator or a service

account with suff icient privileges to create Machine Account objects. In this example, "company\administrator" logs in

with password "thePassword". Note that the password is stored in the gold as plain text, but is replaced with the string

"*SENSITIVE*DATA*DELETED*" during deployment to preserve security.

3. The "JoinDomain" tag must contain the full domain as a FQDN. The Desktop logs in to and joins this domain using the

credentials described above earlier.


want your Desktops to appear in the default Computers container for your domain, you must delete the entire




Computers container by putting nothing in the "OU to Place Desktops" f ield.)


Desktops that have been created and deleted before), the domain reuses the existing Machine Account in whatever







failure messages.





Unidesk 3.4.4 for Hyper-V · CachePoint Appliance and Layer storage tier: This tier includes the...

Documents

Transcript of Unidesk 3.4.4 for Hyper-V · CachePoint Appliance and Layer storage tier: This tier includes the...