TechAgility

Well, I think at last I’ve finally found the time, AND managed to find the specifics of what was holding this up so that I’m currently in the process of syncing the Phone with Exchange remotely via an AG+AAC connection back to the Exchange Server across the SSL VPN.

What transpired is that out Exchange Server has an Equifax Cert, but not a regular Equifax cert, that would be too easy - this is the CA-1 variety that has an expiry of 2020. So as this wasn’t built in to the WM5 device you have to go and install it before ActiveSync will forgive you the errors and actually carry on and do it’s stuff.

Needless to say it’s not that easy - first you have to Application unlock the phone (or run a HTC cert-ed version of Regedit to modify the registry - oops, only had the phone just over a week and I’ve voided the warranty already - a record even for me ;-))) Then you can proceed to download an exported version of the root certificate and run that with explorer to import it.

The real catch here would **appear** to be that you need the Regedit AND the cert to be copied to the Phone and NOT the Storage Card or it will refuse to sort itself out, nor give any error messages. Now just out of curiosity this appears to be remarkably like the behaviour of some software when faced with UNC’s (like MSI’s for example??) they just refuse to play nicely, and only if you’re very lucky will you get the 1037 error or whatever it is that alerts you that it might possibly be because you’re trying to run an MSI from a UNC location……

Go figure, but at least you now know about it? right?

Well my Phone has now synchronized correctly with the Exchange Server while connected via USB to the Laptop and to the Server via SSL-VPN, now I just need to see if it can connect without the bits in the middle……??

Any bets? ;-))

Update: ActiveSync across the wire - still "Waiting for network"  (right!!)  But on the bright side it will now work with any PC when connected through the USB - nearly there…….

written by dcaddick

I’d imagine most people involved with Terminal Servers and/or Citrix Servers will have come across this at some stage, if you haven’t you are missing out, but the thing is that it’s not just for us guys (and gals) to play with - ANY environment that has Roaming Profiles can make use of this to seriously lock down and control Roaming Profiles. In my experience it’s Roaming Profiles that is the biggest piece of crap that IT Support have to contend with, I can’t believe that MS can label their O/S’s as ready for the enterprise while this is still part of the Architecture.

By using this tool to effectively give users controlled Roaming Profiles based on a Mandatory Profile, in conjunction with Folder Redirection and a well defined GPO, you can have a really healthy and robust environment. If you plan it properly, this solution is still relatively straightforward to implement in an existing environment as well.

Have fun……

_______________________________________________________________________________________________________________
From Brian Madden

The Flex Profile Kit from Jeroen van de Kamp and his team in Holland is infamous among server-based computing administrators throughout the world. In a nutshell, it provides a logon and logoff script-based alternative to using roaming profiles in a Citrix or Terminal Server environment.

Version 5 of the kit is now available as an attachment to this article. Direct download here.

Jeroen just finished working on version 5 of the Flex Profile Kit. New features in version 5 include:

• Support for Windows MUI. The multilingual user interface within Windows is now supported.
• Variable support for StoreRoot & StoreFolder. You can specify path variables in the framework.ini configuration file.
• Redundant OPS file removal. When an OPS (profile settings) file is not used anymore, it will automatically be removed.
• OPS file backup is now optional. The backup of the OPS file can now be disabled within the Framework.ini
• Improved FlexRefresh. No more annoying FlexRefresh messages during logon, no more IconSize bug, and FlexRefresh will now also update cursor settings.
• More Flexible Configuration. It is now possible to specify the full path to the other Framework.ini as a third command line option. This allows the possibility of having multiple configurations.
• 2x Faster Logon. Although there have not been too many complaints :-), a bug in the logon process caused it to load the all the OPS files twice (oops!). This has now been fixed, reducing the logon time by 50%!
• A GUI!!! The Flex Framework can now be configured with the FlexConfig.exe tool written by Magnar Johnsen!

Here’s a quick shot of the new GUI:

written by dcaddick

OK, even I have to admit this is a real stretch from my regular Tech spiel, but this photo of the new Chevrolet Camaro Concept caught my eye, and it didn’t hurt that it was the Aussie Engineers who’d help the Yanks get it together ;-). Mind you they always seem to take it just that further than is needed…….?

More can be found here.

Chevrolet Camaro Concept                                     GMH-Vauxhall Monaro

Here in the UK most of us would have at some stage seen the way Clarckson, et al (on TopGear) really had to admit they did like the GMH-Vauxhall Monaro, even though they really didn’t want to simply because it was from Australia.

Now if you want an idea of how the Vauxhall range might develop? This is what was shown not too long ago back in Australia as a concept car, not sure about the Purple colour but not a bad effort at all for a sporty looking mid size?

written by dcaddick

It seems recently we are getting quite a number of potentially new customers asking us to help with issues that they seem to have had some difficulty getting on top of. Generally the quickest and easiest way is just to fire up the trusty GoToAssist session and have a real "look" at what their issue is, that’s when the fun starts. 
;-))

But what has really prompted this blog is that when I did my first Citrix Admin course (It was on Winframe 1.6 back in 1996) it was really hammered in to us that you needed a Home Drive and a TS Profile Path - both of these were paramount - otherwise you were asking for trouble. Now it seems that this message has been missed time and time again, when we have been looking at clients problems we find that this is something that has been missed.

Don’t forget that when logging on to a Terminal Server if there is no Terminal Server Profile Path set, then by default this session will utilize the MS Profile Path (if it is set), and only then - if there are no paths set it will just use the Locally created Profile. The main danger with this is that if typically Terminal Servers/Citrix Servers are positioned under a separate OU in the AD with a much more restrictive template that locks down things like Wallpaper, Screensaver, etc. If the same profile is used for both you are inviting trouble of the kind where users may be getting strange and inconsistent errors that would appear to defy logic.
MS Article - Terminal Services Client Roaming Profile Is Inconsistent or Overwritten

So, we were looking at this users issues when one of the first things we discovered was the lack of TSProfile Path, and as a consequence there were 300 odd users who had been connecting in to 4 Load Balanced Servers and each Server had some 150 - 200 Local Profiles under each C:\Documents and Settings representing nearly 500Mb of wasted space. In addition to this, the Admins were finding that occasionally they would have to "setup" the users Outlook Profile… but could never quite understand why.
The first step is to create the Roaming Profile Path and then leave everything alone for a while so that as users log in and out the Local Profile will copy itself back up to the new location - hopefully this way you won’t have to rebuild each users Profile from scratch? If you are concerned about a single point of failure then consider creating a DFS Share? and hang the Roaming Profiles off that.

Once the Roaming Profiles have been created in the Share location (you might want to monitor this?) you can then return to the Terminal Server/Citrix Servers and start clearing out the Local Profiles. From this point you might want to consider installing UPHClean from MS and then set the system to delete the Cached Profile on logout - this can either be set manually from the Registry or via the GPO.

So that’s how it should be done…..  Unfortunately in the above scenario we were trying to fix a crisis, and were being somewhat "led" by the Admin and it when I was told that the "Terminal" share for the TSProfiles was being replicated across the Domain Controllers I just took it at face value.
After quite a bit of time trying to get to the bottom of an inconsistent error, I had nailed it down to a possible DNS issue as the TSProfile path was using a DNS alias to reference both the Domain Controllers where the TSProfile Path was being replicated - remove the DNS alias, and set it with one of the DC’s and it worked a treat.

What it actually turned out to be was that the Admin had created two TSProfile Path’s under each DC, and had failed to actually set the DFS Replication, hence the  inconsistent error, it was almost as bad as no TSProfile Path being set…….  Grrrrr!!!!  
And don’t forget to consider Folder Redirection?  
Profile and Folder Redirection In Windows Server 2003

Don’t let TSProfiles get you down……??

written by dcaddick