Linked Mode VCSA Replication Checker

A coworker of mine and I where chatting about VCSA Replication Agreements and the agreement is that there should be a fling for mapping replication agreements. So that night I thought about it. Really there is nothing stopping me from doing this. I pulled out the computer and in a few lines of code I had it working. I took the time over the next few nights making it more robust, and work through getting it to accept a seed node and and find all its VCSA replication partners and report back replication status. So turns out that the seeding loop was a little more than I had bargained for. Reached out to the community and talked with my friend Joe Houges @jhoughes and worked out the issues with the looping issues. Also helped with reminding me about SSH code stream.

Below is an example of the report the script with return. This shows the Source vCenter, Replication Partners, Replication Sequence Numbers, and validate the numbers are not off.

Same as above Just Image as seemed easier to see.

The Script will log into VCSA, enable bash, Pull replication status, clean up the data, and report the info and export it to a CSV, then disable bash. The code lives here:

Posted in Blogtober, CLI and Powershell, DevOps, Random Crap, vCenter, Virtulization | Tagged , , , | Comments Off on Linked Mode VCSA Replication Checker

AppVolumes Monitoring with HTTP Health Monitor

Over the two plus years we have transformed our businesses over to AppVolumes for publishing applications for VDI deployments. But there are a few things you take for for face value.

Like when you read the VMware docs here that tell you that you are supposed to use the URL https://AppVolServerFQDN/health_check for gathering the health check info. If that health check URL shows any thing other than a 200 OK status something is broke. Well this is where i break open the fact that does not actually work as you were made to believe.

Below is a screenshot of a common issue of a AppVolumes server and a patch cycle where the AppVolume server starts up and has no connectivity because the DB is down. No big deal, restart the AppVolumes service and you are good to go. But you would hope your health monitor would tell you this. As you have your monitoring solution to send alerts when its something other than 200. Well you are wrong, it wont send you anything.

As you see above the Status shows 304. Well according to the HTTP standards, a 304 is labeled as: “304 Not Modified” and “If a 304 response indicates an entity not currently cached, then the cache MUST disregard the response and repeat the request without the conditional.” Also meaning that a 300 status code is not seen as something being broken. Also you see above the AppVolumes server is in deed BROKEN. So pull the same HTTP status code via Powershell and you get this:

As you see here its returning 200 OK. Hmm. But that is expected due to 300 status codes are pretty much just another 200 code. But again its broken but it says its not.

Below is another example, where in fact the AppVolumes server is really broken, but the Status code still shows 200 OK even though its broke.

And again its showing 200 OK and its no doubt broken. The only difference here is its not to the point where the AppVolume service has loaded the cert so you will get a cert error, but still reports 200 OK. Below the same thing with Powershell used to get the webrequest.

Now I bet you are thinking well just monitor the AppVolume service on the OS. Well yes you should, but will not help in these two cases. The service is in a running state. So does no good.

I have in fact opened a VMware case on this and still waiting on a plan of action, but sure it will be the next build update before its fixed. So in the mean time I have dug through every page to try to figure a way to monitor these services so we can show true up and down status. I have come up with this solution. Monitor for the status code of this URL :


If it reports back 404 then things are good. If it reports anything other than 404, then something is broken. This does not fit all other use cases, as if the service is not started it will respond as a 404. So double edged sword. For me we are still monitoring the same Health_Check URL https://AppVolServerFQDN/health_check but also monitoring this. With the combination of both, you can see if its up and down. Just not with one URL like you hoped.

Best of luck to everyone on monitoring these till we get a full solution. And will update the blog once I receive feedback on the status.

Posted in App Volumes, Blogtober, Horizon, Monitoring, Random Crap, VDI | Tagged , , , , | Comments Off on AppVolumes Monitoring with HTTP Health Monitor

Using PowerShell to automate file adds to Teams and SharePoint online

As a bunch of us are starting to convert their environments over to Online SharePoint and Teams we are having to adjust how we do things. Now that teams uses the SharePoint Online as its back end file structure.

Problem: Need to find a way to add files to a teams site from an automated script.

Doing some research found there was a simple way to do this. The simplest easy way to add files to a Teams site is just to send a email to the teams email address. Odds are you are already emailing the report or task results to yourself or a team, why not just add the teams site Address. How do you find the email address? Well inside your teams site and the channel you want to send it to. Click on the three dots. It will look something like below.

Click on the Get Email address button and you will now have the email. This works if you are just sending email results to Teams. But what if you have an attachment. Well that also works. But its listed as an email attachment.

What if I just want to send a file on its own with no email? This is where things got fun. As teams has no real API that you can really use for stuff like this. (I may be wrong, as I could not find one.) Only way I could figure to do this was to add the files direct to the back end SharePoint site.

This requires you to install the PowerShell Module: SharePointPnPPowerShellOnline. This will give you the functions of where you can connect to SharePoint site and upload files directly to where you want them to go.

If you are trying to drop a single file into a teams file share you can run the command below:

$SharepointURL = ""
$OutPath = "C:\Temp\ToSharepoint\Test.txt"
Connect to Sharepoint
Connect-PnPOnline $SharepointURL -Credentials $(Get-Credential)
Send File to Teams Sharepoint site
Add-PnPFile -Folder "Shared Documents/Reports/FolderName" -Path $OutPath

If you want to add contents of a folder you can just add a loop and copy all files from that folder to the teams site.

$SharepointURL = ""
$OutPath = "C:\Temp\ToSharepoint"
Connect to Sharepoint
Connect-PnPOnline $SharepointURL -Credentials $(Get-Credential)
Send Files to Teams Sharepoint site
$Files = Get-ChildItem "$OutPath"
foreach($File in $Files){
Add-PnPFile -Folder "Shared Documents/Reports/FolderName" -Path $File.FullName

Add one of the two above to any of your reporting scripts and now you will have reports directly dumped into your Teams Site “Files” directory.

Posted in CLI and Powershell, Office 365, Random Crap | Tagged , , , | Comments Off on Using PowerShell to automate file adds to Teams and SharePoint online

Using Windows Credential Manager with Powershell.

I have been having trouble for a while dealing with credentials and how to store them when using them in scripts. I have done the whole just do Get-Credential and enter it every time I run the script but that is a great for one off scripts but not for scheduled tasks. In the past i had just been using the Import-Clixml and importing the creds saved from a txt file. This works well but now you have to deal with actual txt files. I ran across a article somewhere reading on something else and remember someone saying something about saving credentials to the Windows Credential manager. After doing some research and some digging and reading found this Gem of a Powershell module. CredentialManager Module is a easy module to use, and simplistic with only 4 commands.


With these 4 commands you can now save credentials and call credentials from the credential manager. This is a huge win for me. No more having to deal with cred files, trying to remember what account created the txt file and fighting that mess.

Creating Stored Credentials

New-StoredCredential -Comment 'Test_Creds' -Credentials $(Get-Credential) -Target 'TestCreds'
Showing the Credentials in the Credential Manager.

Using the stored Credentials

Get-StoredCredential -Target 'TestCreds'

This will show the below but that does not help you.

If you store this into a variable now you can use this variable for your credentials as you normally would.

$TestCreds = Get-StoredCredential -Target 'TestCreds'

Removing Stored Credentials

Cleaning up old credentials is always great housekeeping.

Remove-StoredCredential -Target 'TestCreds'

Using Strong Passwords

Get-StrongPassword -Length 20 -NumberOfSpecialCharacters 4

The command will get you the a password that is 20 characters long with 4 special characters. This is a quick way to generate a password for the needs.

With this little bit of info has saved me a huge amount of time. I am not claiming that Credential manager the most secure method, but its way better than saving the passwords in clear text in the script. And much more manageable than having to deal with txt files.

Posted in CLI and Powershell, DevOps, Random Crap, Security | Tagged , , , | Comments Off on Using Windows Credential Manager with Powershell.

Horizon Logon Monitor reporting

Updated 3 December 2019

If you have setup your logon monitor this is great. But its lacking a ton. How do you look at this as a holistic basis? How do you start to look at trends? Well there is noting out of the box for you. You pretty much have to build the solution on your own. Well you are in luck. I had some time on a flight to Dallas to kind of throw something together pretty quick.

What I built was a tool that will query the remote Logon Monitor folder, look through each of the log files and collect the following:

  •         Logon Date
  •         Logon Time Stamp
  •         Session Users
  •         Session FQDN
  •         Logon Total Time
  •         Logon Start Hive
  •         Logon Class Hive
  •         Profile Sync Time
  •         Windows Folder Redirection
  •         Shell Load Time
  •         Total Logon Script
  •         User Policy Apply Time
  •         Machine Policy Apply Time
  •         Group Policy Software Install Time
  •         Free Disk Space Avail

I would pull this from the each of the log files and put in a table view and export to a CSV. Yes this is noting to fancy, but from here you an publish the results to a SQL database instead, create a Web front end to show fancy graphs and if you are lucky you can put it behind Microsoft’s Power BI.

To use this you need to follow my previous post and setup Horizon Log on and configure the Remote Logon Monitor path.


Once you get this setup, you can set this script to run as a scheduled task to collect log data. This script is more setup as a framework and will continue to kind add to it as I have the time.

You can access the script here. Or can just be found on my GitHub site.

If you download this and fill in the remote log path and where and what you want to name the CSV. When you run the script you will get a CSV like below.


I have completed some major updates to this script. I have added the ability to turn on and off features. Also added the ability to clean up old log files so you are not filling up drives.

I have incorporated an email function that will attach the days CSV file with the performance stats, and it will also include a bar graph with the average logon times of the last 14 days organized by day. The chart will look like below. It will highlight the lowest time the color Green and the highest one the color Red. The email will also have a breakdown of the Averages for the day.


Also added the SQL functions so you can export the data to a SQL Data Base. As you run the script it will export the data to a SQL table. In a SQL server you have already stood up.  Inside the Git Repo is the SQL script to create the Table, and also the script to run for De-Duplication of the data, you should not run into duplicate records but for me and testing I ran into a ton.

Now from here the possibilities are pretty limitless. You can build a PowerBI site, you could build your own Webpage graphing the stats, or many other options.


Posted in Blogtober, CLI and Powershell, Horizon, VDI, Virtulization | Tagged , , | 1 Comment

Service Now Time Format

If you have started working with Service Now and the API, and started creating Changes with Times and Dates in them. Have you noticed the times are off in your changes, but the time is right in the script. This was a bit of a head scratches for a few, until it dawned on me to think about timezone. Beings for me every script was 6 hours off. So that made me think to write this.

Service Now Date Formats

Field Full Form Short Form
Year yyyy (4 digits) yy (2 digits, y (2 or 4 digits)
Month MMM (name or abbr.) MM (2 digits, M (1 or 2 digits)
Day of Month dd (2 digits) d (1 or digits)


Service Now Time Formats

Field Full Form Short Form
Hour (1-12) hh (2 digits) h (1 or 2 digits)
Hour (0-23) HH (2 digits) H (1 or 2 digits)
Minute mm 2(digits) m (1 or 2 digits)
Second ss (2 digits) s (1 or 2 digits)

By default service now uses the time format of:

yyyy-MM-dd HH:mm:ss

The time field only accepts String response so you must convert the time to a String.

When using PowerShell to typically you would do something like this:

(Get-Date).ToString(‘yyyy-MM-dd HH:mm:ss’)


But beings we are 6 hours off we have to do a bit outside of the box. For our environment we are set to UTC time for scripting but from my understanding is you can change this.

Here is my work around for this issue.

(Get-Date).AddHours(6).ToString(‘yyyy-MM-dd HH:mm:ss’)

You can use the AddHour to adjust time as needed, or you can use a variable to adjust as needed.  Or the best option is to convert the time to UTC using the method: ToUniversalTime()

(Get-Date).ToUniversalTime().ToString(‘yyyy-MM-dd HH:mm:ss’)

By using this you don’t have to mess with adjusting with daylight savings time BS.


Hope this helps going forward.



Posted in CLI and Powershell, DevOps, Service Now | Tagged , , | Comments Off on Service Now Time Format

Horizon View Instant Clone Pools Upgrade from 6.5 to 6.7

For those of you still yet to take the plunge from 6.5 to 6.7 there is one huge got you with it. It appears a bunch of people miss a single step. So here is my warning.

If you are using VMware Horizon and using Instant Clones you need to plan your migration accordingly.



  1. Take a snapshot of the parent VM on which you upgrade Horizon Agent to Horizon 7 version 7.5 or later. This snapshot is the master image for instant clones.
  2. Set the Storage Distributed Resource Scheduler (DRS) migration threshold to 3 in the cluster.
  3. Disable the instant-clone desktop pools.
  4. Upgrade vCenter Server to vSphere 6.7.
  5. To put the hosts that you plan to upgrade into maintenance mode, choose one of the following options.
    • Put the host directly into maintenance mode from vSphere Web Client then upgrade the host to vSphere 6.7. After the upgrade completes, use vSphere Web Client to exit maintenance mode.

    • Use the icmaint.cmd utility to mark a host for maintenance with the ON option. Marking a host for maintenance, deletes the master images, which are the parent VMs in vCenter Server from the ESXi host. Put the host into maintenance mode and upgrade to vSphere 6.7 ESXi. After the upgrade completes, exit the host from maintenance mode. Then, use the icmaint.cmd to unmark the host for maintenance with the OFF option.

  6. Enable the instant-clone desktop pools.
  7. Perform a push-image operation for each instant-clone desktop pool that uses the new snapshot.

    Only the hosts that are upgraded to vSphere 6.7 ESXi are used for provisioning. The instant clones created during the push-image operation might be migrated to other hosts that are not yet on vSphere 6.7.

  8. Verify that all hosts in the cluster are upgraded to vSphere 6.7.
  9. If you upgrade the parent VM from a previous version to be compatible with ESXi 6.7 and later (VM version 14), then upgrade VMware Tools on the parent VM. You must take a new snapshot of the parent VM, which is the master image for instant clones and perform a push-image operation on all the instant-clone desktop pools that used the previous version of this master image.
  10. If the Virtual Distributed Switch (vDS) is upgraded, power on the parent VM on to verify that there are no network issues. Following a vDS upgrade, you must take a new snapshot of the parent VM and perform a push-image operation on all the instant-clone desktop pools.

Pulled from the VMware Doc


If you decide not to do this you will get something like this……

WARN  (1008-1878) <CacheRefreshThread-https://vcenter:443/sdk> [ObjectStore] Host: HostName not available for provisioning. ConnectionState=connected, PowerState=poweredOn, MaintenanceMode=false, AdminRequestedMaintenance=0, MarkedAsFailed=false, Host Version: 6.5.0, Host API Version: 6.5

Just a the little got ya’s………

Posted in Horizon, vCenter, VDI, Virtulization | Tagged , , , | Comments Off on Horizon View Instant Clone Pools Upgrade from 6.5 to 6.7

Public Speaking around the world.

Last year I set out to put a huge effort to refine my public speaking skills and try to step it up a notch. I have reached out too many in the community to give feedback and just general over all content feedback. And I have received some amazing feedback.  With this feedback I have been able to put this into my presentations and adapt my Snarky and Humorous presentation style. Because of this I have been given an amazing opportunity to spread the word of VDI and automation around the world.

I have been able to present at places like:

Indianapolis, Sydney, Melbourne, St Louis, VMworld in San Francisco, Dallas, Rochester, Phoenix and  Portland to name most.maxresdefault

Through the year I have been able to do continues improvements and adapt more and more as I am adopting new things and adding new content. And looking back my presentation was focused on Automation in VDI with the purpose of showing my Recompose and Refresh Automation script. But as I have had time, and I have grown my skills as a presenter and my skills as a script writer, I have been able to create huge new content, take on monstrous projects like the AsBuilt Report for Horizon, and add these things to my presentation. Making it more of a jam packed presentation that is extremely hard to fit in to the 40 min time slot. By doing this I have able to grow new friendships with some amazing people because of my travels and the things I have done in the community. I cannot thank enough people for where I have made it. And if I start naming people, I will just leave someone out.

Also, by doing this it has really made me realize a bunch of things along the way. How important the community is, how we all help each other out at a blink of an eye. How important it is to have a great place to work, and willing to allow you to go out and speak and give back to the community. Also, how important it is to build a work and life balance. With out that you will go insane, I think. Construction

So, to everyone thank you for allowing me to come out and speak and do my part in helping the community And allowing me to meet some amazing people along the way. Not to mention a huge thank you to all the community for you support and allowing me to grow as a speaker, scripter, and community advocate.

Here is to an amazing 2019 with a few months to go, and Hopefully I will be able to make the rounds to some more amazing places next year and visit more countries, and bring the user back to the UserCon.


Posted in Blogtober, Public Speaking, Random Crap, VDI, VMworld | Tagged , , , , | Comments Off on Public Speaking around the world.

Random AppVolumes Fixes for common issues.

I know there are a bunch of people that have tried to get apps to work in AppVolumes and have given up. And some that are almost impossible. These are just little things that I have found to help with some of this stuff.

1.  Issues with printers in App Stacks not showing up. Well after some digging I managed to find the solution.

  • Mount the AppStack for update
  • Once in Provisioning mode Open Uninstall the printer and or Application.
  • Go to C:\snapshotvolumetemp\snapvol.cfg (This is a hidden vol that shows up with in provisioning mode)
  • Add the following entries:
    • exclude_registry=\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers
    • exclude_registry=\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Print\Printers
  • Install the application or printer again.
  • Complete Provisioning
  • Test


2. Issues with getting relic applications. I am sure some of you have ran across some really old applications that you can not install in Windows 10. Well I have been using a simple trick from a old application I love so much. Use ThinApp to package legacy applications and then use the MSI installer to install the application into the AppStack or just use the shortcuts. That will allow you to package an application like Avaya Site Administrator that requires you to use DirectPlay that is a deprecated Windows feature. But in Windows 7 its not required. So you can package the application with ThinApp and then push it to the AppStack and use it that way till someone updates there old code.


3. Fighting with stubborn apps like FireFox and AppStacks. When you install the latest version of Firefox into a AppStack you run into issues with crashing while using it, or Just plain will not open.

When you install an application into an AppStack its installed in C:\Program Files but when a AppStack is mounted its mounted with C:\snapvolumestemp\mountpoints\GUID\svroot\programs files

And your Applications are launched from a location of C:\SVRoot\Programs

Very few applications do an Integrity check when they are opened, and just so happens Fire Fox is one of those applications. In order to fight this you can do the following.

  • On master image Open registery
  • Open Regedit and browse to: HKLM\System\CurrentControlSet\services\svdriver\Parameters
  • Edit the Multi-String named “HookInjectionWhitelist”
  • Add *firefox.exe||* to the list. It will complain about white space just accept and go.
  • Close out the session run through your cleanup process and shutdown, take your snapshot and test.

Found a great explanation of what the HookInjection White list is used for in App Volumes here:

“AppVolumes driver uses reparse technique to redirect every file access request to their respective appstack/writable. There are few applications which perform integrity checks on the opened file handle. Integrity check means, an application opens a file and gets the handle and then it queries for the path from the handle and compares them. In case of AppVolumes, both the paths are different and integrity check fails. This is where hook was introduced to fake paths returned to satisfy the Integrity check.

HookInjectionWhitelist is used to make sure that we do not inject ourselves to every process, instead to only inject to processes which perform some sort of integrity check.”

Found this blurb Here


4. Now with that being said about Firefox lets flip the coin a bit, And when you are having issues with Apps like Chrome running inside a AppStack. Some people get crashing Chrome, Some times you get the Sad Face “Untitled” tab when you open Chrome. But you are in luck there is a easy way to fix this. Unlike before where HookInjection White List fixed Firefox with Chrome its been know to break it. So if you are running Chrome in an AppStack try removing *chrome.exe||* from the Registry Value below on your Master Image:


Multi-String named “HookInjectionWhitelist”

Snapshot the Image and test. I ran across this in searching for info about HookInjection and came across this. I have not ran into this issue but it has been pretty widespread. You can read the Thread I found this on Here.


More or less little blurbs for me to remember later on.




Posted in App Volumes, Blogtober, Horizon, Random Crap, VDI, Virtulization | Tagged , , , , , , | Comments Off on Random AppVolumes Fixes for common issues.

Office 365 and Horizon Clones

For those of you wrapped been cursed or blessed with Office 365 this blog post is for you. There are some huge benefits to go this way, but also some huge challenges with doing this. And there are not many blog posts out there about this thing and how to make it work with Horizon and DEM or UEM (Dynamic Environment Manager ) depending on how you want to think of it.

One of the big changes if going from KMS, to using office activation that checks into the Microsoft portal. For traditional desktops and persistent VM’s this is great! But for Clones this is not such a great solution.

Step 1….. Make sure the office install on the clone is in shared licensing mode! Well how do you do this? Well if you are doing a fresh install you can configure your XML to include the line:

<Display Level=”None” AcceptEULA=”True” />

<Property Name=”SharedComputerLicensing” Value=”1″ />

Or if you have already installed Office you can change the Reg Key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\Configuration you can edit the Key “SharedComputerLicensing” to the value of ‘1’

By doing one of the above this will set office on the clone master to Shared mode. Now to validate.

Step 2….. Validating the authentication is in shared license mode by checking to lic files exist. I like to test and make sure things work before throwing things into the wild. So I take a snapshot of the VM set a local account, and sign into the master. Log into office with my credentials and validate the license files exist. By default the files are saved in the location:


There will be two files created in this directory. One .authstring and one .signingcert. These are your Office 365 keys. Now we are sure things are working we can revert to the last snap and proceed on.

Step 3….. Setting up DEM (Dynamic Environment Manager). When setting up DEM you really need to grab a few things. Specific for Office 365 License files you need to capture those. So setting up office shared settings as below:


This needs to be set for minimum. But the if you want to capture the Office Quick links at the top of the office apps you much capture the entire Office folder below.


The quick links are saved here in files labeled OfficeUI like below.


Generally this is my go to configuration for office shared settings in DEM.


Step 4….. Throwing into test environment and making sure things work as expected.

There is some pretty good documents from Microsoft to set this up. Setup and Troubleshooting


Bonus Info….. Microsoft Teams for Horizon

For those of you that have struggled with Teams and getting this to work. Well Microsoft finally built the installer for it to work correctly. Instead of installing in the user directory, now it actually installs in Programs. Huge win, but there are some special things you need to do to make it all work.

Step 1….. Installing Teams. Well this is just not a simple click and go install (Not that I was a huge fan of that method), now you need to download the correct installer.  Installer downloads can be found here 64bit and 32bit

Run the following command to install:

msiexec /i <path_to_msi> /l*v <install_logfile_name> ALLUSER=1

One catch to install this version of teams. It requires Horizon Agent to be installed. Also there are a bunch of Known issues and Limitations. Technically deployment for Non-Persistent is not supported but have found it works quite well. Link to Limitations here.

After install it will work for Clone VM’s. There is really just one catch to the mix. A Shortcut does not exist. So for me I just use DEM and build a shortcut to put in the start menu.


Microsoft has has a decent doc for setting up Teams for Virtual Desktop Use here.


Also one last thing…..

If you are splitting out your Standard build of Office 365 on the base image, and then installing Visio and or Project on AppStacks you need to make sure that the full install of Office 365 is installed on the packaging machine and set to Shared Licensing also like your clone master. The license settings must match.



Posted in Blogtober, Horizon, Office 365, VDI, Virtulization | Tagged , , , , , | Comments Off on Office 365 and Horizon Clones