Ubuntu Citrix VDA Install

-
Yesterday I tried to install VDA on an Ubuntu VM....here's how it went...

I strongly recommend not "going it alone" and use the scripts provided by Citrix as these will normally work.

Citrix annoyingly call this "Easy Install" which might offend some stalwart IT admins but please swallow your pride these scripts do EVERYTHING for you if your IT environment is not bonkers....like mine is.

I needed some tweaks as we have a UPN which differs from our domain so our user accounts have a UPN to blogger@domain.com but reside in a domain called my.name.net....yes yes yes as I said bonkers.

Once I found this issue things went pretty smoothly.

Here's my recipe dragged straight from Citrix documents

https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/installation-overview/easy-install.html

Make sure you are really install Ubuntu 18.04 and patch it to the gunnels - install vmware tools etc...

Sort out the /etc/hosts to include one line with FQDN, hostname and localhost

127.0.0.1 server.my.name.net server localhost

Double check this with...

hostname
hostname -f

Download the Ubuntu VDA from Citrix - you need a valid Citrix license to do this.

Now run the installer (automatically install pre-reqs)

sudo apt install .\vda-installer-name.deb

Patch everything again and reboot

Now run the "easy installer"

Notes...the installer requires the NETBIOS name of the Windows domain....even if you are not running WINS - in my case this was MY from my.name.net the domain name not the UPN...

I used sssd to join the domain and do Active Directory shizzles.

I had to edit /etc/sssd/sssd.conf to include our strange UPN naming by adding a second domain in the domains list and set the auth_provider to be ad as krb5 will not work!  I left the machine domain alone - as krb5 was working fine there as Active Directory domain join worked.

domains = domain.com,my.name.net

[domain/domain.com]
...
auth_provider = ad
ad_domain = my.name.net

[domain/my.name.net]
...

I did have to adjust PAM to create user home folders....not sure why the script omitted this (do I even need this)?

sudo pam-auth-update

Selected Create home directory on login

I used

su -l domain_name

Run this to stop any gray/grey screens at log in!

sudo apt-get install xserver-xorg ubuntu-desktop xserver-xorg-core -y

to test i could log in using any old user in my AD...and when that worked VICTORY DANCE!!

Obviously you need a different Machine Catalog and Delivery Group in the Delivery Controller to allow users to actually get to the Ubuntu box!


Comments

Post a Comment

Popular posts from this blog

PXE booting, MDT and 802.1x

-
Image
Oh dear. We implemented site wide 802.1x when we moved. This has caused numerous issues which we are still tracking down and killing with fire. Again "only-when-we-needed-it" struck as we had a new starter and need to build a machine. Ah.   No PXE.  However thankfully we were able to make a bootable USB using 802.1x and get our build working again from MDT in our 802.1 environment. Here's how we did it.   Caveats:  I'm assuming you know MDT and how PXE works. We use Computer certificates as the 8021x auth method. 802.1x is working in our environment GPO is used to start the wired 802.1x service on built machines. GPO is used to configure the network profile to use 802.1x What you need Get a USB stick to take your WinPE 4GB may be enough Make sure you are running an up to date working MDT installation! Create a machine certificate which has a long expiry date, you don't want to be making USB WinPE images every month!! Export the machine
Read more

Intune installation requires a wire...or does it?

-
If you are using Intune (great!) it assumes you have a wired connection (not great) - this is more of an issue as some machine now no longer have built in ethernet ports. It is possible to connect to your wireless - albeit in a slightly awkward way.....here's how During the OOBE hit SHIFT+F10 to get a command window and type either; start ms-settings: To get the settings window or start ms-availablenetworks: To see the network fly outs. Thanks to  Using a wireless network connection with Windows Autopilot white glove – Out of Office Hours (oofhours.com)
Read more

Security Policy 1001

-
We had an annoying warning showing every 5 minutes on our Read Only Domain Controllers.  This didn't affect service but meant we were losing our logs of important events (should the have occurred) "Security policy cannot be propagated. Security Configuration Server (in services.exe) is not ready. This is probably in system reboot. Policy will be tried again in the next propagation." Source: SceCli Event: ID 101 We tracked this down to a GPO which was populating the local Administrators group. Obviously a Domain Controller has no local users or groups so this was causing the issue. Ensuring that the GPO did not apply to the Domain Controllers - yes the GPO was linked at the root! fixed the issue. It is strange that we did not see the warnings on our main Domain Controllers only on the Read Only DC's as this would have affected all DCs the same (I would have thought)
Read more