WEM 1912 UPDATE AVAILABLE

Intro

Happy holidays!!! Citrix has released the last version of WEM for 2019 along with the new LTSR release for Virtual Apps/Desktops, Provisioning, StoreFront, and a partridge in a pear tree. This version is 1912. You can download the new version here (requires Platinum/Premium licenses and login to Citrix.com). I’ve provided the release notes below.

What’s new in Workspace Environment Management 1912

Replacing Microsoft SQL Server Compact (SQL CE) with SQLite

The Workspace Environment Management (WEM) agent can work in offline mode. In earlier releases, the agent relied on Microsoft SQL Server Compact to synchronize with SQL Server to facilitate offline mode. Microsoft SQL Server Compact 3.5 Service Pack 2 is the last version that supports this functionality. Versions 4.0 and later do not support synchronization with SQL Server. However, SQL Server Compact 3.5 Service Pack 2 reached End of Life (EOL) in 2018. Starting with this release, the agent relies on SQLite for offline mode to work.

How this change impacts you

If you do not want to use Microsoft SQL Server Compact 3.5 Service Pack 2, upgrade the infrastructure services, the administration console, and the agent to the latest version. For information about upgrading these components, see Upgrade a deployment.

If you continue to use Microsoft SQL Server Compact 3.5 Service Pack 2, this replacement does not require action on your part.

Support for exporting and importing configuration sets

Starting with this release, WEM supports exporting and importing configuration sets using the administration console. To export configuration sets, use the Backup wizard, where the Configuration set option is available on the Select what to back up page. To import configuration sets, use the Restore wizard, where the Configuration set option is available on the Select what to restore page. You can export and import only one configuration set at a time. For more information, see Ribbon.

Option to reset actions

Starting with this release, WEM supports resetting assigned actions (purging action-related registry entries in the user environment). The feature also provides the flexibility to reset assigned actions. You can reset all assigned actions by using the administration console or let users decide what to reset in their environment. The feature might be useful in scenarios where actions you assign to users or user groups do not take effect. For more information, see Advanced settings.

Administration console

The administration console user interface has changed:

  • The Advanced Settings > UI Agent Personalization > UI Agent Options tab introduces an “Allow Users to Reset Actions” option. Use that option to control whether to let current users specify what actions to reset in their environment.

Agent administrative templates

There are now two policies associated with the WEM agent cache synchronization:

  • Cache synchronization port
  • Cached data synchronization port

Starting with this release, the WEM agent relies on Cached data synchronization port to keep the agent cache in sync with the WEM infrastructure service. If you have Workspace Environment Management 1909 or earlier deployed in your environment, you cannot not use Cached data synchronization port. Instead, use Cache synchronization port. For more information, see Configure group policies.

Upgrade enhancement

This release simplifies the process of upgrading the WEM database. In earlier releases, to upgrade the database, you needed to remove the database from the availability group if the database was deployed in a SQL Server Always On availability group. Starting with this release, you can upgrade the database without removing it from the availability group.

Note that you still need to back up the database before you perform the upgrade. For more information about upgrading the database, see Upgrade a deployment.

Workspace Environment Management (WEM) PowerShell SDK modules

This release includes enhancements to the PowerShell modules in the WEM SDK. You can now use the PowerShell SDK to:

  • Create, update, query, and delete configuration sets and user-level and machine-level AD objects
  • Export and import configuration sets or user-level or machine-level AD objects

Documentation

The Workspace Environment Management documentation is updated to reflect current product behavior. The Workspace Environment Management SDK documentation is updated to version 1912.

Fixed Issues

Workspace Environment Management 1912 contains the following fixed issues compared to Workspace Environment Management 1909:

  • When you use a configuration object with Workspace Environment Management PowerShell modules SDK cmdlets, all parameters must be specified. If they are not, the command fails with an InvalidOperation error. [WEM-691, WEM-693]
  • In PowerShell, when you use the help command with the -ShowWindow switch to display help in a floating window for a Workspace Environment Management PowerShell cmdlet, the Examples section of the help is unpopulated. To see the examples, use the get-help command with the -examples-detailed, or -full switch instead. [WEM-694]
  • In Transformer (kiosk) mode, and with Log Off Screen Redirection enabled, WEM might fail to redirect the user to the logon page after logging off. [WEM-3133]
  • The administration console might exit unexpectedly when you scroll down the agent list on the Administration Console > Agents > Statistics tab. [WEM-6004]
  • The Use Cache Even When Online option on the Administration Console > Advanced Settings > Configuration > Agent Options tab might not work. [WEM-6118]
  • Attempts to import registry files might fail with the following error message: Error “Import from Registry file” – Import Completed with Errors. The issue occurs when a registry file to be imported contains two or more values that have the same name. [WEM-6232]

Known Issues

Workspace Environment Management contains the following issues:

  • Agent host machine names listed on the Active Directory Objects tab of the WEM service administration console do not update automatically to reflect changes to machine names. To display the new name of a machine in the Machines list, you must manually delete the machine from the Machines list, and then add the machine again. [WEM-1549]
  • Registry entries might not take effect if you assign them to a user or user group through an action group. However, they do take effect if you assign them directly. The issue occurs when you assign registry entries to be created in one of the following locations:
    • %ComputerName%\HKEY_CURRENT_USER\SOFTWARE\Policies
    • %ComputerName%\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies [WEM-5253]
  • Workspace agent refreshes might take a long time to complete. The issue occurs when the current user belongs to many user groups and there are action groups or many actions for the agent to process. [WEM-6582]

Depreciated Features

Click here to see depreciated features.

Thanks for reading,
Alain

WEM 1909 UPDATE AVAILABLE

Intro

With every changing season, Citrix releases another version of WEM. This version is 1909. You can download the new version here (requires Platinum licenses and login to Citrix.com). I’ve provided the release notes below.

What’s new in Workspace Environment Management 1909

Workspace Environment Management agent installer

This release provides a new, unified Workspace Environment Management (WEM) agent installer. The installer bundles the WEM on-premises and service agents into a single executable. It eliminates the need to configure the ADMX templates and to edit group policies. You can choose to install the agent interactively or use the command line. For more information, see Agent.

The new WEM agent installer also introduces name and installation path changes. The changes include:

ISWasWhat
Citrix WEM Agent Host ServiceNorskale Agent Host Service Display name of the WEM agent service (WemAgentSvc) that appears in Windows Services.
WEM Agent Service Norskale Agent ServiceLog name that appears in the Windows Event Log.
Citrix.Wem.Agent.Service.exeNorskale Agent Host Service.exeFile name that appears in the agent installation folder.
%ProgramFiles%\Citrix\Workspace Environment Management Agent%ProgramFiles%\Norskale\Norskale Agent HostDefault agent installation path. This change applies only to the default installation path when you perform fresh installation. In case of in-place upgrades, the installation path remains unchanged.

Agent switch

This release introduces the agent switch functionality that lets you switch from the on-premises agent to the service agent. The functionality can be useful in migration use cases where you want to migrate your existing on-premises deployment to the WEM service. It simplifies and expedites the migration process. For more information, see Agent switch.

Infrastructure service

This release includes the following enhancements to the infrastructure service to improve the user experience:

  • The Active Directory (AD) subsystem has been redesigned to improve performance. It can now dynamically blacklist detected dead forests. Dead forests remain in the blacklist unless they are no longer dead two hours later. The infrastructure service does not search for AD objects in forests that are in the blacklist. As a result, some OUs in the blacklisted forests might be missing in the Organizational Units window when you click Add OU from the administration console.
  • The infrastructure service can now cache data related to the configuration set for the agents. As a result, the infrastructure service retrieves data from AD less frequently. This also reduces the time it takes for the agents to retrieve the information from the infrastructure service. Time reduction is particularly noticeable when there are many connected agents.

Infrastructure service configuration

This release introduces the “Enable performance tuning” option on the Advanced Settings tab of the WEM Infrastructure Service Configuration utility. You can now optimize the performance in scenarios where the number of connected agents exceeds a certain threshold (by default, 200). As a result, it takes shorter time for the agent or the administration console to connect to the infrastructure service. This feature is especially useful when the agent or the administration console intermittently disconnects from the infrastructure service. In this scenario, you can set the minimum number of worker threads and asynchronous I/O threads to a greater value. For more information, see Configure the infrastructure service.

Profile Management

Workspace Environment Management now supports all versions of Profile Management through 1909. The following new options are now available on the tabs in the Administration Console > Policies and Profiles > Citrix Profile Management Settings pane:

  • Migrate user store. Available on the Main Citrix Profile Management Settings tab, this option lets you migrate your user store without losing any data.
  • Automatic migration of existing application profiles. Available on the Profile Handling tab, this option lets you automatically migrate existing application profiles.
  • Outlook search index database – backup and restore. Available on the Advanced Settings tab, this option ensures the stability of the Enable search index roaming for Outlook feature.

For more information, see Citrix Profile Management Settings.

Administration console

The user interface of the administration console has changed:

  • An Agent Switch tab is provided in the Advanced Settings > Configuration pane. The tab lets you switch from the on-premises agent to the service agent. For more information, see Agent switch.
  • An “Auto Prevent CPU Spikes” option is provided on the System Optimization > CPU Management > CPU Management Settings tab. You can use this option to automatically reduce the CPU priority of processes that overload your CPU. For more information, see CPU Management.

Support for migrating Group Policy Objects (GPOs)

Starting with this release, you can migrate a zip backup of your GPOs to Workspace Environment Management (WEM) service. To do so, click Migrate in the ribbon of the WEM administration console. The Migrate wizard provides the flexibility to migrate your GPOs. You can select Overwrite mode or Convert mode for your migration. The Overwrite mode overwrites existing WEM settings (GPOs) when there are conflicts. The Convert mode converts your GPOs to XML files. Then you can manually import the XML files to WEM using the Restore wizard. Doing so gives you granular control over settings to be imported. For more information, see Ribbon.

Support for exporting and importing Active Directory (AD) objects

As of this release, Workspace Environment Management service adds support for exporting and importing AD objects using the administration console. To export AD objects, use the Backup wizard, where the Active Directory (AD) objects option is provided on the Select what to back up page. To import AD objects, use the Restore wizard, where the Active Directory (AD) objects option is provided on the Select what to restore page. You can specify which type of AD objects to back up and restore. For more information, see Ribbon.

Fixed Issues

  • Attempts to connect to the WEM administration console might take a long time to complete. The issue occurs when domains to which Active Directory objects (for example, groups and OUs) belong are no longer available. [WEM-3103, LD0725]
  • When you enable the process launcher on the Administration Console > Transformer Settings > Advanced > Process Launcher tab to launch a Windows built-in application (for example, calc.exe) as entered in the process command line field, the agent host might keep opening the application after you refresh Citrix WEM Agent. [WEM-3262]
  • You might experience the following two issues:
    • Attempts to connect to the WEM administration console might take a few minutes to complete.
    • It takes a long time to load WEM configurations on agent hosts. The issue occurs when you have a large Active Directory deployment and there are many connected agents. [WEM-4225]
  • Attempts to map a network drive to users might fail if the assigned drive letter is already in use by an existing network drive. The issue occurs when the existing network drive failed to connect as indicated by a red “X” on the network drive icon. [WEM-4495, LD1552]
  • The agent splash screen can persist for a long time when there is a large amount of data associated with user statistics. [WEM-4674, LD1167]
  • The Workspace Environment Management administration console might unexpectedly exit if you edit the application security rules. The issue occurs when there is a long list of users and user groups present in the Edit Rule window and you scroll down to view them. [WEM-4960, LD1818]
  • You might find that there are two Citrix Components nodes in the left pane of the Group Policy Management Console. [WEM-5012]
  • When you log on to a Workspace Environment Management agent machine, the logon process might take longer to complete. The issue occurs because the Workspace Environment Management agent logon service (Citrix.Wem.Agent.LogonService.exe) delays the logon process for several seconds even though the Endpoint Management group policy processing is disabled. [WEM-5237]

Known Issues

Workspace Environment Management contains the following issues:

  • When you use a configuration object with Workspace Environment Management PowerShell modules SDK cmdlets, all parameters must be specified. If they are not, the command fails with an InvalidOperation error. [WEM-691, WEM-693]
  • In PowerShell, when you use the help command with the -ShowWindow switch to display help in a floating window for a Workspace Environment Management PowerShell cmdlet, the Examples section of the help is unpopulated. To see the examples, use the get-help command with the -examples-detailed, or -full switch instead. [WEM-694]
  • In Transformer (kiosk) mode, and with Log Off Screen Redirection enabled, WEM might fail to redirect the user to the logon page after logging off. [WEM-3133]
  • Registry entries might not take effect if you assign them to a user or user group through an action group. However, they do take effect if you assign them directly. The issue occurs when you assign registry entries to be created in one of the following locations:
    • %ComputerName%\HKEY_CURRENT_USER\SOFTWARE\Policies
    • %ComputerName%\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies [WEM-5253]

Depreciated Features

Click here to see depreciated features.

Thanks for reading,
Alain

Research Triangle PowerShell Saturday – September 21st

Time is running out to attend the Research Triangle PowerShell Saturday. The main conference is on Saturday, September 21st, 2019 in Raleigh, North Carolina. There’s also a concentrated 6-hour security session on Sunday, September 22nd.

Tickets can be purchased for one day or both. Seating is limited, however, for the Sunday security session, so get your tickets sooner than later.

The three different tracks on Saturday cover the whole gambit of PowerShell scripting and development as it currently stands. Details about the presenters are here.

  • PowerShell 101 – Intro and Fundamentals
    • Use Default Formats to Improve Your Quality of Life – Jeremy Smith
    • Filtering Files at Scale – Mark Hutchenson
    • PowerShell 101 – Arrays – Wes Carroll
    • PowerShell Streams and Using the Right Write-* Cmdlet – Justin Gehman
    • The Ins and Outs of Error Handling – David Littlejohn
    • Why you should be using PSReadline everyday – Jeffery Hayes
  • PowerShell Tools – Advanced Scripting and Tools
    • GitHub for PowerShell Users – Bryce McDonald
    • Using Dbatools To Automate Database Migrations – Joshua Corrick
    • Don’t do what I did! Avoiding Azure $urprise$! – Michael Teske
    • Why can’t we be friends? Command Line Utilities + PowerShell = ❤ – Ryan Leap
    • What to do when .NET isn’t enough – Jason Walker
    • Don’t Reinvent Another Wheel if You Don’t Have To – David Stein
  • DevOps & Security – DevOps, CI\CD and Security
    • PowerShell Security 102? – Jon Fox
    • Securing PSRemoting – James Petty
    • Crossing the Divide – A System Administrator’s Path to DevOps – Dave Carroll
    • Securing Windows 10 with PowerShell Compliance items in SCCM – Jon Warnken
    • Gaining 20/20 vision during an incident with PowerShell – Fernando Tomlinson
    • Code. Commit. Deploy. Starting your 3 step journey to utilizing Pipelines – Stephen Valdinger

Keep checking the conference site as more details about the schedule will be posted. You will be able to move between tracks, but each track will run in parallel. Lunch and snacks are provided as part of the conference fee and parking is free.

Hope to see you there,
Alain