Remote Install Software

So, as the component owner for the Citrix Receiver, for a while I had been testing Citrix Receiver 4.9 LTSR CU2 quiet extensively.

Generally once a new version of Receiver comes out, I spend at least a week testing it in every possible version (laptop, desktop, VM, thin clients) before submitting the app for packaging. Once the packaging team is done, they hand over the installer to me for UAT. This is when I spend another week or two of testing the installer that will essentially hit thousands and thousands of computers both virtual and physical. During this time, I will pick several users and systems to pilot the package and gather feedback.

And that's where few PowerShell commands makes it a little bit easier.

There's the antique way of installing the package. Which kinda looks like this: notify user, hand over or share the package out from a shared location. Make sure user has the rights to install the software. Give user instruction on how to copy and run the program. Check back after a week to make sure if the user was able to follow instruction successfully.

With this method as you can see, we are already loosing a week of going back and forth just trying to install the darn package.

Or the other method is:

1. Notify user that they have been selected to pilot the software
2. Notify user in the event of multiple system, which one will be updated
3. Run a PS command to find out if the user already has the app you intend to install. No point reinstalling the same app. Like that never happens.




In the event if it is too small to see here's what the command is:

Invoke-command -computer Computer 1, Computer 2, Computer 3, etc. {Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*  | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate
| Where-Object {$_.publisher -eq "Citrix Systems, Inc."} | Format-Table -AutoSize }

The Invoke command basically tells each computer to return the value of all the installed software on those machines. 

The second pipeline is to weed out and select only few of the information I really care about from the returned value above.

The third pipeline is from the whole list again I really want info on certain application. In this case, it is application by Citrix such as Citrix Receiver. 

The fourth and the last pipeline is to make the whole list look more pretty. 

Now Instead of typing in computer1, computer2, etc. I could also say read the names off of a text or csv file but since here my pilot user list is relatively small, I chose to type out the name. Do keep in mind, this does increase the chance of typo. 

4. If the intended app is not installed, copy the installer over to the local drive of the system

In this case, I copied them to the local C:\Temp folder.

5. Use PSExec.exe to install the software remotely from your admin machine.

Psexec.exe \\computer1 c:\temp\Citrix\CitrixSystems_CitrixReceiver_14.9.2000.21.exe

6. Once completed, notify the user that their system has been updated and you will check back with them after a certain time to gather feedback.
7. After the certain time gather feedback.

Few things, I can already think.

1. item no. 5 instead of typing in or arrow upping several time and editing the name of the computer have a command that will install the software in iteration and return value.
2. OR simply write a whole script that will do all these items from 3 to 5 in one run taking in the name of the machines from another source. This way, I simply have to copy the machine names into the source file. The script should read off of it, execute the command. If the software I intend to installed is not on already, copy it and install it and return the success/failure value.

Thoughts?!

Camping at the Table Rock State Park


















Traditionally, we have always went for family camping during memorial weekend and this time was no different. Although in hindsight maybe a beach trip would have been a better choice than camping cuz how it had rained almost every evening.

So, this time knowing the weather ahead of time I decided to spend extra on getting a canopy. And boy, I am so glad I did. It meant we were able to stand in shade, keep our food, silverware dry, cook in shade and made the wife happy....=)

We arrived around 6.30ish that evening at the Table Rock State Park. We had reserved campsite 37 with water and electric hookup. We really lucked out on that site. As we were driving thru the sites to get to ours, wife was groaning about how uneven, steep some of the sites seemed. Honestly, there's some slope but nothing too bad. When we arrived at our site, it hadn't started raining yet. So, both wife and I got to work taking advantage of that. I jumped to setup the small tent first so we can put the kids in there while wife kept them busy in the car. After the small one was setup, put the kids in the tent and then wife and I started setting up the canopy. Once those two were done, we started on the big tent primarily the one for sleeping and everything for next three nights.

By the time, we started on the big tent it started raining on us. In a rush and with some confusion, we were able to get it setup albeit some mistakes as clear on the pic above. In the middle of that night, I had to get up and readjust our sons' side of the tent cuz it was leaking. Next morning we realized water had got in on our daughters' side as well.

Where the park is located, there's no restaurant or grocery store within a short distance. There's one restaurant but it closes by about 8/9pm I believe. By the time, we were done setting up tents, it was almost 9pm. Kids were hungry, but more tired than anything. We had to drive 20 minutes into town to pickup pizza.

Next day, we took advantage of many of the activities the park has to offer. There's a play area, it is big and in a pretty decent shape. Because of the continuous rain, the playground appeared somewhat dirty but I believe it actually is kept well. Kids enjoyed burning off steam playing at the playground, watching ducks, visiting the nature center.


And it rained on us that night again. However, this night was a little more festive. I had downloaded few movies on our iPad from Netflix. So, this night during dinner wife and I setup the movie in our small tent and they were thrilled. They loved the whole atmosphere of eating their favorite dish while watching a movie inside a tent.

Next morning, I woke up quite early as usual. Realizing I won't be able to get back to sleep, I decided to take advantage of everyone else sleeping and go for a hike. I would've loved to do the Pinnacle Mountain Trail which takes you all the way to the summit, however I knew I wouldn't have enough time for that hike. It is 4.2 miles one way and very strenuous. Instead I decided to hike the simple Carrick Creek trail.


This trail is a simple 2 miles loop trail starting from the nature center. Earlier we had planned to hike this trail as a whole family. However, part of me wanted to assess what the trail holds for hiking with kids, since I didn't have our trusty Kelty child carrier with us. And boy I am glad I did the hike by myself. Without the child carries, it would've been quiet challenging with a 3 year old. Trying to get up on some parts of the trail, crossing the streams would've been a challenge. And that is always a recipe for disaster and make everyone miserable.

I had an awesome time exploring the trail by myself alone in the morning. Towards the end, I ran into two people on the trail. During this whole time, I was taken by the sound of nature, noise from the waterfalls, and on occasion cars and trucks driving by in distance.




Hiking with Kids

This past Sunday, we went hiking with the kids. I would like to think it is just the beginning of the season and be able to keep up during the summer.

So, first about the hike itself. Gave wife two options, either a) Crowders Mountain which is about 40 minutes from our house or b) Latta Plantation, 5 minutes distance. She wanted something far and challenging. So Crowders it is.

For this hike, I focused on getting the kids moving. While the wife focused on snacks. Unfortunately, that meant I didn't pay attention to amount of snacks and water she packed. She had packed more than necessary amounts of snacks just for the four of us with only one water bottle. We hiked the Backside trail which is a strenuous hike, albeit .90 miles. By the time we made it half way through, wife herself had pretty much finished up all the water.

I was also hoping that I had remembered to bring my towel or bandanna. Carrying the little one on by back going up, I was sweating profusely.

Ian on my back in our trusted Kelty Kids

Hiking up with the kids, as an avid hiker myself I focused on few things. 
1. Made sure the wife is going to be OK to go up herself since her pace is slower compared to mine
2. Get the kids moving at THEIR pace
3. Be silly, have fun.

If I was hiking by myself I would have focused on either speed and length or the natural surrounding itself or both. But here since kids are involved, I decided to trek along at a good pace that our daughter set and just keep moving. While making it fun, pointing at trees, dogs, singing silly songs.



Once we made it to the top, I made it very clear to both kids that since we are all the way to the top they must stay with me all the time. And then let Ian out, and let both of them explore a little. Wife joined us shortly. Took a small break. Sucked to put the backpack back on with a sweaty back. 

Going back down was rather simple but had its own challenge. Since now I have an added wait on my back, top of the waist lets just say I wasn't excited about looking down at the stairs the whole time. 

But finally we made it down. Once we made it all the to the bottom, instead of jumping in the car and taking off we decided to have a little picnic and enjoy the weather and watch other people and dogs. After that, change out my sweaty t-shirt, takes the hiking shoes off and put on a sandal (ah.....) and then drive back home. 

For next time, I will be sure to followup on the items below.

1. Snacks
2. Water and/or energy drink
3. Towel
4. Sandals for everyone.

Recently I came across this awesome blog all about hiking. I will try to follow her and thought others might enjoy it too.

http://homemadewanderlust.com/

Disabling TLS 1.0

Recently I had to deal with an issue where the f5 load balancer had turned off any incoming and outgoing TLS 1.0 traffic which caused a system wide outage for a set of identical machines across the company.

We were in a time crunch since the change has already been implemented and had to be rolled back. We were given 2 weeks to determine the root cause, come up with a solution and apply the fix before mgmt will be forced to decide whether to move on with the TLS 1.0 traffic denial to meet the deadline or hold off.

At first logically, we thought maybe the TLS and SSL settings within the systems are to be blamed. But that wasn't the case, the settings for the most part was the default IE 11 settings.




















While troubleshooting, we discovered the issue only happened when logged in with a particular service account. When logged in as an admin, the issue on the same machine doesn't appear to be happening. (I think you can already see where this is going).

https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx#BKMK_SchannelTR_TLS11

The link above discusses how to enable/disable TLS/SSL settings on a machine via system registry. NOTE: even if you made changes in a system via the IE Properties, those changes will not show up in the registry.

So, from the article above I thought Ok, we will simply disable TLS 1.0 in the system and that will resolve the issue. To disable TLS 1.0 do the following:

1. Open registry.
2. Local Machine\SYSTEM\CurrentControlSet\Control\SecurityProvider\SCHANNEL\Protocols
3. Create a subkey Client.
4. Create the DWORD entry Enabled and set the value to 0. BTW, to disable it is 0 and to enable set it to 1.

Crossed my finger hoping this will force the system to using anything other than TLS 1.0. Nope!
It didn't work. Issue still persist with the below error screen:


So, the search continues. Thanks Google!

BTW, we were able to determine via a packet capture (thanks Wireshark) that for each web request the system would start with TLS 1.0 request first. It's suppose to be the other way around. The request always start top down, from TLS 1.2 and down.

Then I stumbled across this article below from MS:

https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1.1-and-tls-1.2-as-a-default-secure-protocols-in

Basically this article describes how you can force a system to use either TLS 1.2 or 1.1 via registry. Below are the steps to do just that:

1. Open registry
2. Local Machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHTTP
3. Here add the subkey DefaultSecureProtocols and enter the desired value.

If you want the option to use both TLS 1.2 and 1.1, you can just add 0x00000A00.

Within the same article, there's also the option to Download the fix and apply it to the system. However, I didn't like this particular solution.

I didn't like the solution because it is forcing a system to use a specific protocols for each request which means, I will have to have that documented and that piece of info will have to be passed on for anyone other than me in future responsible with this particular platform. Also if any changes were decided upon in future with TLS settings like this time, we will be revisiting the issue again.

So the search continues. And that's when I noticed the Note section right below the Download button within the same article.



Hmmm, interesting.

I immediately had a feeling that the particular User(Service) account that's having the issue has an entry for that subkey. I took the below steps:

1. Open registry.
2. Load the user hive.
3. Browse out to: Software\Microsoft\Windows\CurrentVersion\Internet Settings
4. And lo, behold! There it is. There's an entry for SecureProtocols.
5. I deleted the entry and voila, we are up and running like nothing ever happened.

Bottom line: instead of disabling the TLS 1.0 in the system and create a subkey DefaultSecureProtocols which would force the system to use either TLS 1.2/1.1, I simply deleted the SecureProtocols entry within the user account where the issue was.


Being Thankful to our parents

Yesterday, talking to my dad he reminded how in high school I used to cover my head over minty hot water to take in all the steams.

For a moment, I was thinking really?! I did that? Can't remember why? Maybe clear my voice for singing?

Anyway, since moving to NC each Spring I have been continuously coming down. This time was no exception. I came down hard on Saturday night around 2.35am and it has been non stop suffering.

So, he suggested I try that to sooth my pain from cough. Around 6.am I woke up and was greeted with some good old cough and I am not even a smoker anymore. Ran downstairs, drink some water, no good. Take some med, still no good.

Going thru the pantry trying to find some Halls and no luck. That's when I remember our (me & dad) convo from yesterday. Put up some water on the stove with the intention to drink some hot tea with some fresh ginger in it. As the water starts to boil, I stand tall over it just inhaling the steam, kinda like a steam bath but more efficient and economical.

Wow, slowly I start to feel much better. The cough subsides. Now, that could be either because of the prescription med or the steam from the ginger hot tea. That's yet to be experimented on and determined.

Either Thanks dad.

BTW, I was able to manage a good 3 milers in yesterday. It's funny. My leg and body is still ready but my lung says otherwise, wheezing like a old man from the damn cough.

Hiking Latta Plantation the Second Time

April 24, 2016:

Since I wasn't able to head out to either Stone Mountain, Uwharrie or Kings Mountain, I decided to head over to Latta instead.

It was also later in the day. Due to time constrain, I hike about 6.45 miles in 1 hour and 57 minutes.

This time due to the challenge of the Cove trail, I started off on my right side after parking the car. Started off on Hill Trail to Cove Trail connector and on.

Things I learned:
1. I certainly prefer a banana during the hike. It seems to rejuvinate the mind and body.


Hiking at Latta Plantation

April 10, 2016:


In preparation for the Grand Canyon and Zion National Park hike, this is the first extensive hike I did. I used Runkeeper to track my progress.

I hiked about 14.08 miles in 4 hours and 31 minutes.

This hike taught me a lot on items I should carry, I would need. My style of hiking and such.
I started about 7am in the morning, keeping in mind when the gates are opened.



After parking the car, started off on my left side of the trail. This is the trail, I mostly run o. Hill trail to shady trail. What got me, was I kept deviating from the map to explore other sceneries.

When you are running, you are brushing through the landscape, and it is hard to take in the beauty of a place. But hiking certainly opens up all of the senses.

The last leg of the hike certainly kicked my butt quite a bit. I didn’t expect Cove trail to be such rocky. Pretty much the whole trail is rocky and there’s also a sign warns on that.

Things I learned on this hike:

1.       I like to have a headphone on during the hike but not listen to anything
2.       I like wrapping a hotel around my neck
3.       I have a bad habit of not taking break, practically at all.