WASP MobileAsset SQL error: 26 – Error Locating Server/Instance Specified

When installing the WASP MobileAsset client you may get SQL error 26, error locating server/instance.  If you are not using MobileAsset but get this error with another application that uses SQL database, the problem may have the same simple solution.  As the linked article explains, this specific error has to do with trying to connect to a SQL Server named instance.

The article provided troubleshooting steps that helped me realize that WASP MobileAsset SQL error: 26 – Error Locating Server/Instance Specified was due to the firewall on the PC/ Server hosting the WASP MobileAsset SQL Database.  Since the MobileAsset Client needs remote access to the SQL database, not having the appropriate firewall exceptions will cause you to get this error when trying to authenticate as the firewall will block incoming connections.

Source: SQL Network Interfaces, error: 26 – Error Locating Server/Instance Specified – SQL Protocols – Site Home – MSDN Blogs

Ultimately, what solved the problem for me was the following post:

Four exceptions must be configured in Windows Firewall to allow access to SQL Server:A port exception for TCP Port 1433. In the New Inbound Rule Wizard dialog, use the following information to create a port exception: Select Port Select TCP and specify port 1433 Allow the connection Choose all three profiles (Domain, Private & Public) Name the rule “SQL – TCP 1433″ A port exception for UDP Port 1434. Click New Rule again and use the following information to create another port exception: Select Port Select UDP and specify port 1434 Allow the connection Choose all three profiles (Domain, Private & Public) Name the rule “SQL – UDP 1434 A program exception for sqlservr.exe. Click New Rule again and use the following information to create a program exception: Select Program Click Browse to select ‘sqlservr.exe’ at this location: [C:\Program Files\Microsoft SQL Server\MSSQL11.\MSSQL\Binn\sqlservr.exe] where is the name of your SQL instance. Allow the connection Choose all three profiles (Domain, Private & Public) Name the rule SQL – sqlservr.exe A program exception for sqlbrowser.exe Click New Rule again and use the following information to create another program exception: Select Program Click Browse to select sqlbrowser.exe at this location: [C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe]. Allow the connection Choose all three profiles (Domain, Private & Public) Name the rule SQL – sqlbrowser.exe

Source: .net – SQL Connection Error: System.Data.SqlClient.SqlException (0x80131904) – Stack Overflow

Xenapp 5.0 to Xenapp 7.6 Upgrade / Migration Part 2

This is a follow-up to Xenapp 5.0 to Xenapp 7.6 Upgrade / Migration Part 1.

In the scenario explained in Part 1, we already have a functioning XenApp 5.0 Farm and are moving to XenApp 7.6.  The XenApp 5.0 Farm already has a License Server.  The old License Server in the Farm will not be able to service the new XenApp 7.6 Site because it is an older version.

There are two options when upgrading from Xenapp 5.0 to Xenapp 7.6 in regards to licensing.

  1. You can install a brand new License Server
  2. You can upgrade the old License Server

The second option will not be recommended for our scenario since our Xenapp 5.0 License Server is installed on a XenApp server that is also delivering published desktops to users.  Additionally, it is running on Server 2008 and we want our entire Citrix XenApp 7.6 site to be on Server 2012.  It is possible to upgrade the old License server and leave it on the Server 2008 platform and uninstall all other XenApp 5.0 components but we would like a fresh new install 🙂

Installing a new License Server will not invalidate your old 5.0 Farm License Server so breath easy.  What’s more, the newer License Server version installed with XenApp 7.6 is backwards compatible, meaning that you can point both your Xenapp 7.6 Site and your old Xenapp 5.0 Farm to the same License Server; this is what is recommended as to not infringe on the license agreement.

Once you know which server will be the License Server, you can go to your Citrix account to activate and allocate or reallocate your licenses to the new server using the server host name.  After doing so, the files needing to be imported to the new License Server will be available for download.  All the while, your old License Server is functioning as normal.

You will now have to install the License Server component on the server to which you have allocated the license files.  One thing to keep in mind is that you must install Remote Desktop Services through the Add Server Roles and Features prior to installing the License Server.  Citrix has done an awesome job of adding server roles and features for you during the installation of all other XenApp 7.6 components with the exception of the License Server.  The following video shows how to install Xenapp 7.6 License Server step by step.

After installing the License Server from the XenApp 7.6 installation disc you will need to import license files (downloaded previously from Citrix) through the License Administration Console and select Overwrite License File on License Server.  The LAC login will be the Domain Admin credentials.  After importing, clicking on Reread License Files should make them show up in Dashboard.  For detailed instructions you can Google How to Add Allocated Licenses to the License Administration Console.  The official Citrix support article will walk you through it step by step.

#citrix, #citrix-receiver, #publisheddesktop, #shared-desktop, #storefront, #vda-7-6-0, #virtualization-2, #windows-server, #xenapp-7-6-2

XenApp 5.0 to Xenapp 7.6 Upgrade / Migration Part 1

As far as I know, a simple XenApp 5.0 to XenApp 7.6 upgrade/ migration is not possible; it requires starting a new farm/ site from scratch (the words farm and site will be used interchangeably as they refer to the same general concept).

It might be possible to upgrade to XenApp 7.6 from a newer release of XenApp such as 6.5 but this post relates specifically to moving from XenApp 5.0 to Xenapp 7.6.

Consider the following scenario:

Company XYZ has a XenApp 5.0 Farm to provide users with published desktops.  The plan is to build another Citrix Farm using Xenapp 7.6 that will be running in the same Domain as the current 5.0 Farm and to slowly transition all users to the new farm.

Should we be concerned about any conflicts that may rise due to having two separate Citrix Farms on two different Xenapp versions running side by side on the same Domain?  The answer is no.  Both can co-exist.

Assuming the Domain Controller/s, File Server/s, and Print Server/s are already in production, we start by understanding what other infrastructure must be in place for a simple Xenapp 7.6 deployment.

The 7.6 Farm will be composed of the following:

  • Delivery Controller
  • SQL Express
  • License Server
  • StoreFront
  • XenApp Worker/s (Virtual Deliver Agent)

Both Farms will share the following:

  • Domain Controller
  • File Server
  • Print Server

On the 5.0 Farm, Citrix Profile Management 3.2.2 and document redirection are configured through Group Policy.

On the new 7.6 Site, Citrix Profile Management can be configured using Citrix Policies or Group Policy.  In this scenario, Group Policy is already applied but as a best practice, user profiles for the new 7.6 site should be kept in a separate share than those of the old 5.0 Farm.

The Citrix 5.0 Farm is running on Server 2008 while the XenApp 7.6 Site will be installed on Server 2012 R2.

SSL Certificate Error – Security Errors on Patient Portal

The following is an update to SSL Certificate Error – Security Errors on Patient Portal

Previously users were receiving SSL Certificate Errors when attempting to access a site that was trusted.  The SSL Certificate Error reads as follows:

Your connection is not private.  Attackers might be trying to steal your information from anysite.com (for example, passwords, messages or credit cards).

Advanced

This server could not prove that it is anysite.com; its security certificate is not trusted by your computer’s operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. Proceed to anysite (unsafe)

Net:: ERR_CERT_AUTHORITY_INVALID

The issue was resolved by downloading the appropriate certificate from the Certificate Authority that issued it and installing it locally (on the machine receiving the error) in Trusted Root Certificate Authorities.

#certificate-error, #err_cert_authority_invalid, #security-2, #ssl-error, #your-connection-is-not-private

Windows 8 BitLocker Pre Boot Authentication

Bitlocker and Windows 8 Group Policy

Bitlocker and Windows 8 Group Policy

Healthcare institutions can no longer say they don’t have a need for drive encryption.  Federal laws will only get tougher as the years go by and we are having to encrypt everything ePHI.  Now that many of us are on Windows 8 we have a “free” encryption option that is built in, Bitlocker.

With Bitlocker you can encrypt files and folders, partitions or the entire system drive.  It is recommended for Healthcare institutions to enable pre-boot authentication; in case of theft or loss, a pin must be entered at startup in order to continue the boot process.

However, in order to set up a pin for pre-boot authentication, we must first make some changes to Local Group Policy in Windows 8.  The image shows the two options I have configured for a Surface Pro running Windows 8.

We can find the Local Group Policy Editor clicking on the Windows logo and searching for gpedit.  Windows will populate search results with the appropriate application.

Once Local Group Policy Editor is open, under Computer Configuration we expand Administrative Templates > Windows Components > Bitlocker Drive Encryption > Operating System Drives.

From there, for tablets such as the Surface Pro, we enable Enable use of BitLocker authentication requiring preboot keyboard input on slates.

We then enable Require additional authentication with the following settings:

  • Check the box Allow BitLocker without a compatible TPM
  • Do Not Allow TPM
  • Require startup PIN with TPM
  • Do not allow startup key with TPM
  • Do not allow startup key and PIN with TPM

Once that is configured, setting up BitLocker with pre-boot authentication in Windows 8 is simple.  All one has to do is right-click over the C: drive and select Turn On BitLocker.  You will be asked to enter a PIN and either save the Recovery Key to a file that you can store in a USB drive or send it to the printer to keep in a safe place.  Best of luck 🙂

sysadmin logo t-shirt clean windows
sysadmin logo t-shirt clean windows by systemadmin
Check out other Sysadmin T-Shirts at zazzle.com

XenApp 7.6 Site/ Farm Planning

citrix 7.6 site planning

citrix 7.6 site planning

It is easier, in some ways, to implement Citrix XenApp 7.6 from scratch rather than perform an upgrade or migration.  Lab tests performed required the creation of a new Domain Controller, File Server and Print Server; our XenApp lab implementation also required a Delivery Controller, License Server, StoreFront and Virtual Delivery Agent.  The greater workload paid off because Citrix site design and deployment procedures and troubleshooting were more straight forward.  Now that we are getting closer to upgrading our production environment we must take into account the various IT resources and services already in place and determine what and how they will be affected.