Deploying Citrix NetScaler Insight Center on vSphere 5.x

I must have beat my head against this virtual appliance deployment for a whole day! If you are not familiar with the Citrix NetScaler Insight Center, it “delivers unprecedented visibility and enables real-time control in response to network traffic from a variety of services such as cloud, mobile and virtual desktops. Together NetScaler Insight Center and ActionAnalytics bring visibility and control to the datacenter”. To read more, follow this Citrix link for the skinny:

The initial version of this virtual appliance did not have a version compatible with vSphere, only Citrix Xen Server. In mid June there was a press release announcing a version that would work with vSphere. Looking at the download section you will notice almost all .xva files. My initial reaction was “I need to convert this file to an OVA or OVF”. VMware converter will not convert a .xva file. Citrix XenConvert 2.3.1 is the only tool that will do the conversion to an OVA or OVF. But, the encoding for Citrix product will not work on vSphere. OVF and OVA files generated by Citrix cannot be imported by VMware due to different encoding (utf-16 vs. utf-32). If you try to import the OVA or OVF file into VMware you will get an XML error. I ran across numerous Citrix and VMware posts referring to standing up a XenServer, then do an export or convert. These methods would not work for this virtual appliance.

Looking at the deployment guide from Citrix on how to install this on VMware was a little confusing. It looks like it was written by someone who knew very little about VMware products. Why would you need the VMware OVF tool installed? Reading that made me really wonder how much effort I needed to put into this deployment.

The answer to all of this was a little simpler. Looking at the download section there is one option for a zip package.


This is the latest version that will work for the initial deployment of vSphere. Version 120.13 is what you want to use as of the date of this post. You will also notice that Citrix has posted “In order to upgrade ESX VM from builds before 120.13 release to 120.13+ builds, fresh install of the 120.13+ build is recommended”.

Within this zip file there is an OVF that is encoded to utf-32. Once you download this version it is as simple as deploying a regular virtual appliance. I recommend reviewing the Citrix Reference Architecture while planning your deployment. When you get your virtual appliance up and running, the default username and password are nsroot / nsroot.

VMware permission issues and XenDesktop 7.x

I recently setup a new XenDesktop 7 environment in tandem with my XenDesktop 5.6 FP1 and ran into permission issues. This environment consists of XenDesktop using VMware as the hosting infrastructure and MCS with PvD as the provisioning method. While in XenDesktop 7 I attempted prevision Windows 8.1 and Windows 7 desktops but was met with the following error:

DesktopStudio_ErrorId : UnknownDumScheme
Sdk Error Message : Invalid provisioning scheme
Sdk Error ID : Citrix.XDPowerShell.Broker.UnknownDumScheme,Citrix.Broker.Admin.SDK.SetBrokerCatalogCommand
ErrorCategory : ObjectNotFound
DesktopStudio_PowerShellHistory : Create Machine Catalog ‘Desktops’

Inner Exception:
System.InvalidOperationException Invalid provisioning scheme

I watched the tasks in vCenter as it created new VM’s, but then imidiatly deleted disks. I then checked for orphaned VMDK files and found base disks left over from the provisioning process. I couldn’t figure out what “Invalid provisioning scheme” was. I then went on to attempt a pool of Windows XP x86 desktops and was met with a different error:

ErrorID : Citrix.ManagedMachineAPI.NotAuthorizedForOperationException
TaskErrorInformation : Citrix.ManagedMachineAPI.NotAuthorizedForOperationException: Either the account is not granted sufficient privilege or disabled or username/password is incorrect —> Citrix.ManagedMachineAPI.NotAuthorizedForOperationException: Either the account is not granted sufficient privilege or disabled or username/password is incorrect —> System.Web.Services.Protocols.SoapException: Permission to perform this operation was denied.
at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at VimApi.VimService.CreateVM_Task(ManagedObjectReference _this, VirtualMachineConfigSpec config, ManagedObjectReference pool, ManagedObjectReference host)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.CreateTargetVm(String name, Int32 memory, Int32 cpuCount, Dictionary`2 extraConfig, ManagedObjectReference datastore, String guestId, ICollection`1 deviceList, ManagedObjectReference folderRef, ManagedObjectReference resourcePoolRef, String version)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.CreateVm(String name, IVMMetadata metadata, Int32 cpuCount, Int32 memory, String storageID, ManagedObjectReference resourcePoolRef, NetworkInterfaceDetails nics, Boolean enableNetwork, Boolean tagVm)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.CreateCompleteVM(String name, IVMMetadata metadata, Int32 cpuCount, Int32 memory, String storageId, String dataCenterPath, ManagedObjectReference resourcePool, NetworkInterfaceDetails nics, Boolean enableNetwork, Boolean tagVms, IList`1 disks)
— End of inner exception stack trace —
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.Intercept(Exception e)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VmwareVmManager.CreateCompleteVM(String name, IVMMetadata metadata, Int32 cpuCount, Int32 memory, String storageId, String dataCenterPath, ManagedObjectReference resourcePool, NetworkInterfaceDetails nics, Boolean enableNetwork, Boolean tagVms, IList`1 disks)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VMwareHypervisor.<>c__DisplayClass1c.<BeginCreateCompleteVM>b__1b(VmwareVmManager manager)
at Citrix.HypervisorCommunicationsLibrary.TaskRunItem`2.Run(T manager)
at HypervisorsCommon.HCL.TaskRunner`1.Run()
— End of inner exception stack trace —
at HypervisorsCommon.HCL.TaskScheduler`1.CompleteTask(IAsyncResult result)
at Citrix.PoolManagement.VMManager.VmmImplementation.Vmware.VMwareHypervisor.EndCreateCompleteVM(IHostingUnitConnector hostingUnit, IAsyncResult result)
at Citrix.MachineCreation.NewProvVMSupport.NewProvVMLogic.CreateVmCallback(IAsyncResult result)

What stood out in this error is the account error. It is not very descriptive on which account it was talking about. Was it the AD machine accounts or was it the permissions to the vCenter host? It turns out both of these errors are related to the vCenter host permissions.

XenDesktop 7 requires more permissions for the vCenter host. I have a specific role in vCenter with a Citrix service account (best practice). I still had my initial permissions from my 5.6 FP1 install. Looking at the permissions list in the Citrix eDocs for integration with VMware, it seems that Citrix has added more permissions to the list. This time last year it was not the same. If you look at the permissions list for XenDesktop 7 you will notice the only difference is the “Virtual machine > Configuration > Advanced” user interface. After adding the appropriate permissions I was able to provision any type of Windows OS.

The permissions can be found here for VMware intergration:

Xendesktop 5.6 FP1 –

XenDesktop 7.1 –

Upgrade Citrix license server for XenDesktop 7

I have recently went through the exercise of upgrading my license server to 11.11.1  in preparation of upgrading to XenDesktop 7. There is an addition to the process that is not really explained in the Citrix eDocs that I would like to explain. In this version of the installation they included the Simple License Service.

When you launch the install media, you will notice that it does not give you the option to run the installation for the license server. You must navigate to the Licensing folder on the install media.



When you launch the install, it will give the option to upgrade. If you do not have a license server installed, it will give you the option to install and not upgrade.



During the installation you will get a notice about Citrix article CTX135976. What this is saying is that Desktop Studio will no longer display license usage information. The screen shot below is an example of the license usage information from Desktop Studio. I am using XenDesktop 5.6 FP1 and my Desktop Studio is After the upgrade, my license information will no longer display in this window. I will edit this post is it is available in XenDesktop 7.


After the upgrade you will be prompted to configure the port for the license server. This is for the Simple License Service. You will notice the addition of the Simple License Service in the start menu.



– The Simple License Service allocates and downloads all the licenses available for a specific product. If you want to allocate and download only some of the licenses for a product, use My Citrix.
– Once you click Allocate and Download, you cannot cancel it. If the Allocate and Download fails, useMy Citrix.
– The Simple License Service does not support redownloading or reallocating of license files. For those features, use My Citrix.
– If you rename the license server, you must reallocate any license files allocated under the old license server name and reinstall the Simple License Service. You cannot use the Simple License Service to reallocate license files. For more information about reallocating files, see Reallocating License Files in Citrix eDocs – Licensing Your Product.
– If the Simple License Service is installed and you upgrade your license server, you must repair the Simple License Service before using it again.


VMware vCenter Server 5.5.0a

As of 10/31/2013 VMware release vCenter 5.5.0a. There are no other corresponding release that came out with this version. It looks like this is a patch to vCenter dealing with log on issues.

The full release notes can be found here.

Issues resolved with this release are as follows

  1. Attempts to upgrade vCenter Single Sign-On (SSO) 5.1 Update 1 to version 5.5 might fail with error code 1603
  2. Attempts to log in to the vCenter Server might be unsuccessful after you upgrade from vCenter Server 5.1 to 5.5
  3. Unable to change the vCenter SSO administrator password on Windows in the vSphere Web Client after you upgrade to vCenter Server 5.5 or VCSA 5.5
  4. VPXD service might fail due to MS SQL database deadlock for the issues with VPXD queries that run on VPX_EVENT and VPX_EVENT_ARG tables
  5. Attempts to search the inventory in vCenter Server using vSphere Web Client with proper permissions might fail to return any results
  6. vCenter Server 5.5 might fail to start after a vCenter Single Sign-On Server reboot
  7. Unable to log in to vCenter Server Appliance 5.5 using domain credentials in vSphere Web Client with proper permission when the authenticated user is associated with a group name containing parentheses
  8. Active Directory group users unable to log in to the vCenter Inventory Service 5.5 with vCenter Single Sign-On
  9. Attempts to log in to vCenter Single Sign-On and vCenter Server might fail when there are multiple users with the same common name in the OpenLDAP directory service
  10. Attempts to log in to vCenter Single Sign-On and vCenter Server might fail for OpenLDAP 2.4 directory service users who have attributes with multiple values attached to their account
  11. Attempts to Log in to vCenter Server might fail for an OpenLDAP user whose account is not configured with a universally unique identifier (UUID)
  12. Unable to add an Open LDAP provider as an identity source if the Base DN does not contain an “dc=” attribute
  13. Active Directory authentication fails when vCenter Single Sign-On 5.5 runs on Windows Server 2012 and the AD Domain Controller is also on Windows Server 2012

Windows 8.1 released today. Does it work with vSphere?

And crowds rejoice over the new Windows 8.1 release. Or do they? Lets see if things work out in a vSphere environment.

I have to honest and say that I did not even test any of the early releases of Windows 8.1 a few months ago. I decided on release day to try things out and here is what I ran in to.

I first tried Windows 8.1 enterprise. There is nothing special about the base deployment of the VM. You select the LSI Logic SAS controller and label the VM with Windows 8. I attempted to use the EFI BIOS with the VM, but it looks like Windows 8.1 is not compatible with this version. Upon setting the BIOS back to default, the VM then booted to the Windows setup fairly quickly. Unfortunately it looks like Windows 8.1 striped out the LSI Logic SAS controller drivers! Even the paravirtual drivers do not work. VMware only provides a floppy drive package for the legacy Bus Logic Parallel drivers. I even attempted to upgrade to hardware ver 9 (seemed to work on VM Workstation) and I ran in to the same issue. I experienced the same issue with Server 2012R2. I tried 8.1 Pro edition as well with no luck!

Turns out, don’t always trust downloads from Microsoft. The downloads I received were fragmented. Check out VMware KB article 1537 to verify the integrity of the download you received from Microsoft. It is best to use the download manager from Microsoft to make sure you receive a good download. Once I received a good download, everything worked great.

Windows 8.1 and 2012R2 run perfectly on vSphere, even with the EFI BIOS.

Free vSphere hands on labs

The vSphere HOL portal was announced last year from VMware. This year the labs from VMworld 2013 are now available for everyone to enjoy.

The lab setup is the exact same thing you would see at VMworld. There is a ton of useful resources for learning. You can do a basic install of vSphere and tinker with most of the advanced options. I encourage all who are looking into VMware products to try out a demo in the portal!

Some of the topics include:

– Applied Cloud Operations
– vSphere Distributed Switch from A to Z
– vSphere Performance Optimization
– Business Continuity and Disaster Recovery In Action
– vCloud Automation Solutions
– Virtual Storage Solutions
– vSphere Big Data Extensions
– vSphere and vSOM 101
– VMware IT Business Management
– vCloud Suite Use Cases – Infrastructure Provisioning (IaaS)
– vCloud Suite Use Cases – Application Provisioning (PaaS)
– vCloud Suite Use Cases – Control & Compliance
– vCloud Suite Use Cases – Quality of Service
– vCloud Suite Use Cases – Business Critical Applications
– vCloud Suite Use Cases – Business Continuity & Disaster Recovery
– Horizon View from A to Z

Hardware vendor VIB depots

Did you know you can update your hardware with VMware Update Manager? Each vendor has a depot URL that ties into VUM.

In VUM, navigate to Configuration – download settings – add download source, enter the URL. Here is a list of vendors I have gathered so far:



IBM: Unfortunately they do not have a direct URL to tie in with UM. Updates are obtained by searching “fix central” on the IBM website.

Cisco: I have not found one yet. Since everything is updated in UCS, this VIB directory may not exist.

I will attach a script later to include all or one.

VMworld 2013 wrap up

Another year has gone by along with the 10th annual VMworld. This years VMworld was held in San Francisco. I believe the event will be held in the same location for the foreseeable future.
It was great to meet up with so many other experts in the virtualization space. I had a chance to meet up with guys like the vTexan Tommy Trogden from EMC, Chad Sakac from EMC and David Robertson from SimpliVity. It was also nice to finally meet Scott Lowe and let him know how much I appreciate the books he has written.
The new version of vSphere 5.5 saw some great improvements. I’m still on the fence with the whole NSX appliance. It has some impressive capabilities, but it doesn’t quite fit for the company I am with at the moment. I’m a little shy with buying into 1.0 products anyway. I attended the deep dive on vCenter and noticed some welcome changes to SSO (no more DB). I was hoping that the vsan would be GA, but it is just a beta program for now.
The solutions exchange:
Had the chance to meet up with the guys from Zerto. They had a great booth with very knowledgeable guys. I hate going up to some booths that have 90% booth babes and they have to get a tech who is overwhelmed. At the Zerto booth everyone was able to answer questions. Wednesday was a fun day wearing my Zerto shark print shirt “your not going to need a bigger boat”. I heard they were a buzz with my tweet “I don’t always fail over. But when I do, I use Zerto. Stay protected my friends”. Be sure to check out the new 3.0 release of the product. I believe it has something for everyone in the DR space.
SimpliVity had a great product. I thought the replication and dedup technology they are using is awesome. The technology is called Omnistack. I’m looking forward to seeing more from these guys.
GigaMon has a great virtualization network visibility product. We just bought into the 2.0 release of the product. I had a chance to meet up with some of the really smart guys who work on the product day to day.
Nutanix has a great product going, really something I have not seen from other vendors. It was 4 VMware hosts in 1 with a replication technology across hosts in a small form factor. Really great option for those who don’t need to invest in a SAN. Manny Carral did a great job of explaining it all. I also have to say thanks for providing the vExpert personalized glass!
I have worked with Fusion IO in the past using the PCI based cards. I’m not sure why I missed the IO turbine product. Derek Clark did a great job walking me through the product. This is something I am looking forward to testing in my Cisco UCS environment.
I also had to check out the guys at Violin Memory. They have an impressive all flash array. I had a chance to talk to existing customers at the Violin Memory party on Tuesday and they all had great things to say about the product. It is always nice to get honest opinions from customers.

The general sessions:
I attended several sessions this year. Okay, maybe 3 a day. It’s just so hard to stay away from the solutions exchange. Each session I attended had great speakers. No one was boarding and it did not feel like it was a heavy marketing campaign. I loved the VDI smack down session, but I was hoping there would be panelist from each product (View and XEN). It was Ruben Spruijt who specializes in VDI deployments and he did a great job walking thru the differences in each product.
The “ask the vExperts” session was awesome. It’s good to see the front line guys get asked questions by the community and give feedback on what they see in the field. After that session I picture Duncan as a mad scientist in a VMware lab somewhere cooking up new stuff.

The labs:
The guys did a great job on the labs this year. I find that every year they find some way to improve on top of a great platform. The lab menu in the VMware program did not seem very well structured, but when you sit down at the lab console the menu was great. I found everything organized in a manageable order. I loved that they had hot spot areas you could sit down at and work on some of the labs. This was a great option for those who did not want to wait in line. I had an inside tip that the labs would be available after VMworld in a beta formate. I wonder if will conflict with the VMware Connect training offering.

The VMworld party:
This was the first year that VMware held the grand party at the AT&T park. The event just got so big that they had to find a new venue. Going into the stadium was a nightmare. Everyone on twitter complained that the event sucked. People waiting in lines for 30 minutes for a hot dog (I did that too). After the crowds disbursed around the stadium it was not so bad. I think by the end of the night everyone enjoyed the event. I really enjoyed Train. I especially loved the cover songs they did.
I couldn’t win any of those carnival games. I saw guys with bags of stuffed animals. I guess it’s a good thing I didn’t have all that stuff to take back with me on the plane.

I wonder what the breaking point will be for VMware to decide on having VMworld twice a year on separate coasts? It would be something nice to see. Overall I enjoyed my 5th VMworld and I am hoping to return next year.

VMworld 2013 and Zerto

It’s that time of year again. Grab your shopping carts and run through the gauntlet of vendors at this years VMworld. For me, my first stop will be the DR section. In that section I am looking forward to seeing the demonstrations from Zerto. If you don’t know about Zerto, they provide enterprise-class disaster recovery and business continuity solutions for virtualized data centers and cloud environments.

zerto logo




I recently ran a POC with the product and was quite impressed. I have used the VMware SRM product before and the fail over / fail back options are very similar. You can schedule a live or test fail over at any time. For me, SRM is not an option. With XYZ storage vendor on one end and ZYX storage vendor on the other, storage replication is not an option. VMware Site Recovery Manager has a growing list of supported SAN vendors to provide that SAN replication. Or your storage vendor might just offer to sell you a replacement for that other SAN. Whether that would be cost effective depends on many things: maintenance renewals on the SAN, the cost of the SAN, re-platform costs, training costs, data tiering options. All vs that number of virtual machines you would need to protect in your virtual infrastructure with Zerto. The other question you should ask yourself is “If my environment is highly virtualized (let’s say 80% or more) would it be cost effective to replace the SAN so I can use tools like EMC recovery point and SRM just to replicate that leftover 20% of physical assets along with my virtual infrastructure?”. Of course if those 20% of physical assets are business critical you might say yes. But if you can get away with using a clustering technology across datacenters or a server based replication technology, all you would need is Zerto for your virtual infrastructure. One thing I love about Zerto is that you can replicate virtual machines from something high end in one site to something low end in another. Let’s say an an IBM DS8000 in production to a Dell MD3000 iSCSI array in DR. You can even change the provisioning formats on the fly of the virtual machines. Of course careful planning must be made for performance when choosing these options.

There is also the free vSphere replication option.  I have not used this myself, but I do plan on scheduling some testing. There are some big difference between vSphere replication and Zerto. I’m sure there will be some improvements to vSphere replication in ver 5.5.

I don’t want to get into a step by step instillation in this post. I had a similar experience to Justin Paul when using the product. It is very easy to use and has a lot of great options. Make sure to stop by the booth at VMworld and check them out.