Citrix is announcing the end of support for Program Neighborhood in all future online plug-in releases. The Citrix online plug-in v11.0 is the last version to use Program Neighborhood. Classic Program Neighborhood will be supported through the second quarter of 2010.

The Citrix online plug-in v11.0 is the last version to use Program Neighborhood and it no longer installs Program Neighborhood by default (you are required to do this: msiexec.exe /I C:\xenapphosted.msi ADDLOCAL=PN). Version 11.1 no longer includes Program Neighborhood at all (neither do subsequent versions). While Program Neighborhood will still be supported in both of those versions, customers are encouraged to begin planning to adopt a newer client version or migrate to Citrix Receiver. With the v11.2 online plug-in release, Program Neighborhood will no longer be supported.

PN Replacement:

Citrix encourages customers to leverage the Citrix Receiver as the best practice for delivering simple and consistent access to corporate desktops and applications from any device that the employee chooses to use. Receiver automates plug-in updates by checking the server for new versions as they become available. For customers who do not implement Citrix Receiver, newer versions of the Citrix online plug-in will be introduced periodically to include enhancements to the interface and core functionality.

Impact:

The Citrix online plug-in requires customers to install and configure the XenApp Web Interface service in their environment. XenApp Web Interface was not a requirement for Program Neighborhood, therefore, customers must plan for this change to their XenApp infrastructure. Program Neighborhood allows users to connect directly to a specific XenApp server by allowing them to specify the server’s address. This feature is used mostly for diagnostic purposes. Even though this feature will also no longer be available, Citrix is investigating development of alternative diagnostic tools to provide similar functionality.

NB – note that there are different installation packages for ESX4 & ESX 4.1

The below script can be used to install dell openmanage 6.3 on vSphere4. You will need to run this from the console.

# Script to install Dellopman v6.3, configure firewall and set SNMP on vSphere 4
# AE 26/11/10
#
# Replace X.X.X.X with SNMP Trap IP
#
# copy openmanage tar to localhost storage. Open putty connection and change to that dir.

mkdir /root/OM63
cp *.* /root/OM63
cd /root/OM63
tar -zxvf *.*

echo '*** Installing and starting OMSA Agent ***'
/root/OM63/linux/supportscripts/srvadmin-install.sh -x
/root/OM63/linux/supportscripts/srvadmin-services.sh restart

# Open port in firewall for OMSA web interface
echo '*** Opening port 1311 for OMSA web interface ***'
esxcfg-firewall -o 1311,tcp,in,OpenManageRequest

# Configuration of snmp settings
echo '*** Configuring snmp and restarting snmp service ***'
cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.BACKUP
sed -i "s/rocommunity.*/rocommunity public /g" /etc/snmp/snmpd.conf
sed -i "s/trapcommunity.*/trapcommunity public /g" /etc/snmp/snmpd.conf
sed -i "s/trapsink.*/trapsink X.X.X.X /g" /etc/snmp/snmpd.conf
service snmpd restart
chkconfig snmpd on

# Configuration of firewall for snmp
echo '*** Configuring firewall to allow snmp traffic ***'
esxcfg-firewall -e snmpd

Step 1: Prepare AD

Raise Domain Functional Level:

• Open Active Directory Users
•  and Computers.
• Right click on your domain  and select Raise Domain Functional Level
• select Windows Server 2003

Raise Forest Functional Level:

• Open Active Directory Domains and Trusts
• Right Active Directory Domains and Trusts and select Raise Forest Functional Level. NB – Do not right click on your domain this needs to be done at the top level.

Raise Exchange Operational Mode:

• Open Exchange system  (on exchange 2003 server)
• Change from Mixed mode as shown below

Step 2: Install Pre-requisites on Exchange Server

• Install Powershell http://support.microsoft.com/kb/968929
• Open powershell (run as administrator) and run the command ServerManagerCmd -i RSAT-ADDS
• Reboot server

Install filterpack

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5cd4dcd7-d3e6-4970-875e-aba93459fbee&displaylang=en

 Install the following from server manager

Install the “web server” role (and pre-reqs) with

• IIS6 compatibility
• IIS management scripts and tools
• IIS6 management console
• Basic and windows authentication
• .net extensibility (and pre-reqs)
• dynamic content compression
• digest authentication

Under the .net framework 3.0 features add

• HTTP activation (under WCF activation)

Open windows powershell (run as administrator)

• Set-Service NetTcpPortSharing -StartupType Automatic

I would then run a windows update and install any available updates before running the Exchange 2010 setup

Run exchange setup

 

Post install

Make sure you run download the latest updates. Install microsoft updates and check for windows updates.

You may want to create an open mail relay in Exchange to allow other servers to relay mail through your exchange server.

There are 2 steps:-

1. Create a new receive connector in the management console. In the “permission groups” tab, check anonymous permission and put the IP address of the server that you want to permit relay from. In the example below I have called the receive connector “Allowed Relays”

2. Open the exchange management shell and enter the command: Get-ReceiveConnector “Allowed Relays” | Add-ADPermission -User “NT AUTHORITY\ANONYMOUS LOGON” -ExtendedRights “Ms-Exch-SMTP-Accept-Any-Recipient”

** This article needs further work **

Incoming SMTP – 530 5.7.1 errors

By default, Exchange 2007 requires authentication for incoming SMTP sessions and this may cause incoming e-mail to be rejected with “530 5.7.1 Client was not authenticated (in reply to MAIL FROM command))”. The fix is simple: in the Exchange Management Console, click on Server Configuration, Hub Transport and double-click on the default receive connector to view it’s properties. Click the Permissions Group tab, enable the Anonymous Users option and save the changes.

• Create separate drives for system, logs and DBs. Assuming separate RAID arrays or SAN available.
• install exchange
• move DBs & logs onto appropriate drives.
• install sp2
• increase DB limit http://support.microsoft.com/kb/912375
• install vista/win7 OWA patch http://support.microsoft.com/kb/911829
• Setup exchange-oma directory for active sync (not needed on SBS) http://support.microsoft.com/kb/817379
• run windows updates
• install management software (kaseya)

Credit to Alan Hardisty

http://www.it-eye.co.uk/faqs/readQuestion.php?qid=1

The below covers all steps to get activesync working with exchange.

• You need to make sure that you have Exchange Server 2003 Service Pack 2 Installed. To check if you have it installed, open up Exchange System Manager – Start, Programs, Microsoft Exchange, System Manager. Then expand Servers, Right-Click your server and choose Properties. This will display whether you have SP2 installed or not.

• You also need to ensure that TCP Port 443 is open and forwarded on the firewall to your Exchange server. You don’t need to open up any other ports to get Activesync working, just TCP port 443.

• Please check the LAN Adapter Binding order to make sure the NIC that Exchange is bound to is at the top of the list (Start> Run> ncpa.cpl > Advanced> Advanced Settings> Connections).

IIS Settings

Please check and mirror the settings below (Open up IIS, expand the default website then expand the relevant Virtual Directory, right-click on the Virtual Directory and choose properties, then click on the Directory Security Tab):
Exchange 2003 (Not part of Small Business Server):

Exchange Virtual Directory

• Authentication = Integrated & Basic
• Default Domain = NetBIOS domain name
• Realm = domain.com
• IP Address Restrictions = Granted Access
• Secure Communications = Require SSL NOT ticked (very important)

Microsoft-Server-Activesync Virtual Directory

• Authentication = Basic
• Default Domain = NETBIOS domain name
• Realm = NETBIOS name
• IP Address Restrictions = Granted Access
• Secure Communications = Require SSL and Require 128-Bit Encryption IS ticked

Exchange 2003 (Part of Small Business Server):

Exchange Virtual Directory

• Authentication = Integrated & Basic
• Default Domain = NetBIOS domain name
• Realm = domain.com
• IP Address Restrictions = Granted Access
• Secure Communications = Require SSL IS ticked (very important)

Microsoft-Server-Activesync Virtual Directory

• Authentication = Basic
• Default Domain = NETBIOS domain name
• Realm = NETBIOS name
• IP Address Restrictions = Granted Access
• Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

Exchange-oma Virtual Directory

• Authentication = Integrated & Basic
• Default Domain = NETBIOS domain name
• Realm = NETBIOS name
• IP Address Restrictions = Restricted to IP Address of Server
• Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

OMA Virtual Directory

• Authentication = Basic
• Default Domain = NETBIOS domain name
• Realm = NETBIOS name
• IP Address Restrictions = Granted Access
• Secure Communications = Require SSL and Require 128-Bit Encryption NOT ticked

• ASP.NET should be set to version 1.1 for all virtual directories listed above. If you cannot see the ASP.NET tab, you only have v 1.1 installed so do not worry. If any version other than 1.1 is selected, please change it to v 1.1.4322.

• No other virtual directories are involved when using Activesync

• Also, make sure that you have HTTP Keep-Alives enabled

http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/d7e13ea5-4350-497e-ba34-b25c0e9efd68.mspx?mfr=true

• Please also check that Ignore Client Certificates is selected under the IISADMPWD virtual directory / Directory Security Tab / Edit Secure Communications Button. This Virtual Directory may not exist if you have not setup the ability to reset passwords via Outlook Web Access (OWA)

For Small Business Server 2003 Users – please check this MS article – http://support.microsoft.com/kb/937635

Make sure that the name on the SSL certificate you have installed matches the Fully Qualified Domain Name (FQDN) that you are connecting to for ActiveSync

Ensure that the IP for the Default Website is set to All Unassigned and using port 80 (open up IIS, Right-Click the Default Website). If your default website is using any port other than port 80, it simply will not work, so if you have changed this to make something else work, either change it back to port 80 or stop trying to use Activesync! THIS ONE IS IMPORTANT, LOOSEMORES HAD AN INTRANET SETUP ON PORT 80 USING THE IP ADDRESS OF THE STARSKY AND THE DEFAULT WEB SITE WAS SET TO ALL UNASSIGNED IP’S. ABSOLUTELY NOTHING CAN USE PORT 80 EXCEPT ACTIVESYNC

If you make any changes to IIS, you will need to reset IIS settings (IISRESET)

Testing:

If you have got SP2 installed, check on https://testexchangeconnectivity.com to see if everything is working properly by running the Exchange Activesync check. The site is an official Microsoft site specifically for testing Exchange installations and connectivity.

Please select ‘Specify Manual Server Settings’ (Exchange 2003 does not have native Autodiscover enabled so using the Autodiscover settings will fail).

3rd Party SSL Certificate: Do not check the “Ignore Trust for SSL” check box Self-Certified SSL Certificate: Check the “Ignore Trust for SSL” checkbox.

If you are trying to make an iPhone work, then you can also download the free iPhone App ‘Activesync Tester’ and this should identify any problems with your configuration, or download the version for your PC from https://store.accessmylan.com/main/diagnostic-tools

Various Activesync Errors / Solutions:

If you make any changes to IIS settings, please run IISRESET and re-visit https://testexchangeconnectivity.com

Activesync Error 0×86000108: Activesync is unsuccessful and you see the error 0×86000108 on your Windows Mobile Device: Please read the following MS Article which checks that Authenticated Users has write permissions to the %TEMP% directory (usually c:\windows\temp) – http://support.microsoft.com/kb/950796/en-us

Application Event Log 3005 Errors: A lot of 3005 errors can be resolved by changing the Default Website Timeout value from 120 (default) to something greater, such as 480 using IIS Manager.

Inconsistent Sync: If you are getting inconsistent Synchronisation from your device to your Exchange 2003 server, please add the following registry key to the server: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan ProactiveScanning REG_DWORD 1

HTTP 401 Error: If you are getting an HTTP 401 error when testing on https://testexchangeconnectivity.com then you are probably entering an incorrect username or password, or you may have IP Address restrictions setup on your virtual directories (see IIS Settings above).

HTTP 403 Error: Ensure that Forms Based Authentication is NOT turned on under Exchange Virtual Server under Exchange Protocols (Exchange System Manager, Servers, Protocols, HTTP, Exchange Virtual Server properties, Settings Tab). If it is — read http://support.microsoft.com/kb/817379

I have had Activesync work despite seeing “An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body is: HTTP/1.1 403 Forbidden” at the end of the test above. To resolve this, please open up Exchange System Manager, Global Settings, Mobile Services Properties, Device Security Button, Exceptions Button, then add your account to the exceptions list.

HTTP 500 Error: If you still cannot get Activesync to work or keep getting an HTTP 500 error, please follow Method 2 in Microsoft Knowledgebase Article KB883380 (http://support.microsoft.com/kb/883380) and this should resolve the issues. This essentially deletes the Exchange Virtual Directories from the IIS Metabase (which can be corrupted) and rebuilds them. Rebuilding those virtual directories often clears up problems that all the other steps above do not resolve.

If, after following KB 883380, Activesync still does not work and it keeps coming up with HTTP 500 errors, please do the following:

• Disable Forms Based Authentication – Exchange HTTP Protocol (if enabled) • Remove SSL settings from the Exchange IIS virtual directory • Run iisreset • Test Activesync without SSL selected – hopefully this should work or give the OK result • If okay – right-click on the Exchange Virtual Directory and select all Tasks> Save Configuration to a file. Name the file Exchange and save to the desktop • Run Regedit (and be extremely careful here as you can kill your server very easily) then right-click on My Computer and select Export. Name the file as ‘EntireRegistry’ and save the backup of the registry to the desktop • In regedit – locate HKLM \ System \ CurrentControlSet \ Services \ MasSync \ Parameters and delete the ExchangeVDir key from the right-hand pane. • Close Regedit • Right-click on the default-website and select New> Virtual Directory fom File. Browse to the desktop and click on the Exchange.xml that you created above, then click on Read file, select Exchange from the ‘Select a configuration to import’ section and click on OK. Select ‘Create a new virtual Directory’ and name the directory ‘exchange-oma’ and click OK. • Right-click on Exchange-OMA virtual directory you just created and click Browse – you should see OWA open up happily • Open Regedit and add the ExchangeVDir key back that you recently deleted as a String Value and then change the value to read /exchange-oma • Close regedit • Enable SSL and require 128-Bit Encryption on the Exchange Virtual Directory to ensure it is secure once again • Enable Forms Based Authentication (if you want to use it) on Exchange > Protocols> HTTP • Make sure that Integrated Authentication is enabled on the Exchange Virtual Directory • Check that the Exchweb virtual directory does not have SSL enabled • Run iisreset • Test Activesync – should hopefully be working now

Configure Lightweight Aeronet

They will use DHCP out of the box but you can manually configure an IP address by running the below….

lwapp ap ip address 192.168.0.200 255.255.255.0
lwapp ap ip default-gateway 192.168.0.254
lwapp ap controller ip address 192.168.0.100
lwapp ap hostname CCFC-AP-200

Distinguish between Autonomous and Lightweight Access Points

The easiest way to distinguish between a regular AP and a LAP is to look at the part number of the AP. Run a show hard and check the output

• LAP (Lightweight AP Protocol [LWAPP])—Part numbers always begin with AIR-LAPXXXX.
• Autonomous AP (Cisco IOS® Software)—Part numbers always begin with AIR-APXXXX.

The Cisco Aironet 1000 Series LAPs are an exception to this criteria. The part numbers of the 1000 series LAPs are:

• AIR-AP1010-A-K9 for a 1010 LAP
• AIR-AP1020-A-K9 for a 1020 LAP
• AIR-AP1030-A-K9 for a 1030 LAP

Below is a sample config for use with ESX/ESXi
!

! *** NEED TO CHECK telnet/http ACCESS RIGHTS ON THIS ***

!

! Script to configure Dell Powerconnect 5424 for ESX/iSCSI – AE Jan 2010

! Ports 1-16 = vlan 100 = iSCSI network

! Ports 17-19 = vlan 101 = vMotion

! Ports 20-24 = Aggregated Uplink

!

! Replace….

! X.X.X.X = IP address of switch vlan100

! Y.Y.Y.Y = IP address of switch vlan101

! ZZZZ = enable password (must be 8 chars!)

! WWWW = telnet password

! UUUU = hostname

! V.V.V.V = default gateway

!————————————————————-

hostname UUUU

port jumbo-frame
spanning-tree mode rstp

interface range ethernet all

No port storm-control broadcast enable

flowcontrol on

spanning-tree portfast

exit

vlan database

vlan 100-101

exit

int vlan 100

ip address X.X.X.X 255.255.255.0

name iSCSI

exit

int vlan 101

name vMotion

ip address Y.Y.Y.Y 255.255.255.0

exit

interface range ethernet g(1-16)

switchport access vlan 100

exit

interface range ethernet g(17-19)

switchport access vlan 101

exit

interface port-channel 1

switchport mode trunk

switchport trunk allowed vlan add 100

switchport trunk allowed vlan add 101

exit

interface range ethernet g(21-24)

channel-group 1 mode on

exit

username admin password ZZZZ level 15

ip default-gateway V.V.V.V

enable password level 15 YYYY

line telnet

password ZZZZ

exit

voice vlan oui-table remove 00036b

voice vlan oui-table remove 00096e

voice vlan oui-table remove 0001e3

voice vlan oui-table remove 000fe2

voice vlan oui-table remove 0060b9

voice vlan oui-table remove 00d01e

voice vlan oui-table remove 00e075

voice vlan oui-table remove 00e0bb

no iscsi enable

no iscsi target port 860

no iscsi target port 3260

exit

copy running-config startup-config

Summary Checklist

• Check Virtualisation Technology is enabled in the BIOS
• Download and install latest version of ESXi
• Patch
• Configure (static IP, DNS, NTP, vSwitch, root password and license)
• Install VMA
• Configure Hardware Health Monitoring

Step 1: Installation:

• Check that “virtualization technology” is enabled in the BIOS
• If you need to store files greater than 256GB then I would recommend creating 2 virtual disks in the RAID controller BIOS. One for the OS and one to use as a data store. Note that by default the installation of ESXi will format the virtual disk with a 1MB block size.
• Remember to check that virtualisation support is enable in the BIOS.

Where possible download the vendors version of ESXi. For example Dell provide their own customized ISO that contains Dell specific settings for SNMP etc.

(Alternatively you can use the Dell Uniform Server Configurator – you will still need the Dell ESXi ISO however.

http://www.it-book.co.uk/739/deploy-an-esxi-via-dell-unified-server-configurator)

After downloading the ISO from the Dell Website I have booted the server off it and installed ESXi.

After reboot you will get a screen similar to the below showing the current IP address of the ESXi box. In this case it has picked up an IP address from DHCP.

Step 2 – Patching

I recommend running the VMware vSphere Host Update utility to install the latest patches.

 

Step 3 – Configure

If you haven’t got the Vmware VI client installed on your PC already you will then want to download the VI client to enable you to manage this server. You can get this by opening a web browser and entering in the IP of the ESXi server (as shown in the diagram above).

Click on the link highlighted above and install the VI client. Note that this downloads the client from the web and not from this server. It may take a few minutes.

Once installed open the vi client and connect to the ESXi server IP as shown below. Note the default username is root with no password.

You may now want to customise your install.

Set static IP:

Note that if the static IP is different you will need to re-launch the vi client and connect to the new IP.

Configure DNS:

Add other NICs to vSwitch:

This will improve performance and add a degree of fault tolerance with the network cards.

Setup NTP:

Note that VMs will likely pickup the time from the ESXi server so it is important the time is correct

Change Root Password:

License VMware:

You will need to Registerwith Vmware and they will email you a license. Once you have this you can enter this on the below screen.

 

Step 4 – Post Installation

I recommend installing the vMA and setting up hardware monitoring. Please click on the hyperlinks for more information.