Wyse Management Suite (WMS) on Azure Installation

chrismessier Blog, Management, Microsoft, Wyse ThinOS , ,

One of the options with Wyse Management Suite (WMS) cloud or on-prem is the ability to install a remote repository to host OS images or packages. This isn’t often required, especially with ThinOS, as the images and packages can be hosted centrally in WMS cloud or the main repository as part of your on-prem install. We also can host packages in WMS cloud for Windows 10 IoT & Dell Hybrid client.

In this case, the customer wanted to convert their existing home users who are using Windows 10 IoT based thin clients to Dell ThinOS thin clients using WMS cloud. In order to do this we needed a cloud hosted repository to host this ThinOS conversation image for all the Windows 10 IoT thin clients to download the ThinOS image from. We installed the WMS repository on a Windows Server 2019 VM in Azure and synced it with our WMS cloud portal.

I wanted to outlined the WMS repository installation and Azure virtual machine configuration below.

  1. Review the WMS repository installation prerequisites here in the WMS admin guide in order to configure your Azure, or on-prem VM installation.

2. Download the latest WMS repository installation from the WMS downloads site here

3. Install the WMS repository following the below prompts;

4. NOTE: Once the installation finishes and you click ‘Launch’ it make take 1-2 minutes for the installation to finish, close and then launch the browser, so be patient while it finishes. The WMS repository service is starting and the web page will be unavailable until it starts. You can confirm the services started by looking here:

5. Once the web pages launches, you will be brought to the registration page. Once you are here you have a few options to configure:

  • The URL of your WMS server
    • Here we have the option to “Register to Public WMS Management Portal” or specify the FQDN of your on-prem WMS server. In my case, we are going to register to WMS cloud so we will select “Register to Public WMS Management Portal” & select “us1.wysemanagementsuite.com” (or eu1. if you’re using that tenant).
  • The second important item is the ‘WMS Repository URL“. This will be the URL the client that is downloading the image from will connect to. In my case, since we are using WMS cloud and doing this for remote home based users, we need to make sure that WMS Repository URL resolves externally to my server and is accessible over the Internet. By default, it lists the hostname of the server.

Here I selected “us1.wysemanagementsuite.com” & changed my WMS repository URL to an FQDN that maps to my Azure WMS repository VM: hostname.vditoolbox.com

6. Once you click ‘Register’, it will connect to your WMS management server and register successfully.

7. You can confirm it registered succussfully by looking on your WMS console under Portal Administration\File Repository:

8. At this point, your WMS repository is installed and successfully connected to your WMS portal!

9. From here, in my example I downloaded the Windows 10 IoT to ThinOS conversation image to my Azure repository and synced with my WMS portal. By default, ‘Automatic Replication’ is selected but you can also click ‘Sync Files’ or ‘Check-In’ to ensure the repository is synching & checking in successfully. If you’re doing a conversion as well, you can read more here.

10. The final step is to make sure your Azure VM is accessible externally. In my example, I used hostname.vditoolbox.com that has DNS record that resolves to the public IP address of my Azure VM. I’ve included an example of the lab setup I had during testing and yours will likely be different based on network, security groups, etc.. but wanted to give you an idea.

Hope this helps others down the road!

Enjoy!

Wyse Management Suite documentation here

Connect to the Dell Community here!

@chris_messier ~~> Subscribe to blog to get latest updates <~~

New! Dell Wyse Training via Dell Education Services!

chrismessier Blog, Management, Wyse ThinOS , , ,

Hey all! I wanted to let you know Dell has just released several new Dell thin client and Wyse Management Suite training offerings!

Here is a list of the offerings:

You can check out the various options here!

Enjoy!

Connect to the Dell Community here!

@chris_messier ~~> Subscribe to blog to get latest updates <~~

Dell – Azure Virtual Desktop – AVD on Azure Stack HCI -Video Series

chrismessier Blog, Microsoft ,

Dell recently released a really cool video series on Microsoft AVD on Azure Stack!

The 9 part video series demonstrates deploying Azure Virtual Desktop VMs to Dell Microsoft Azure Stack!

I’ve talked a lot about the various AVD solutions Dell is involved in including, running AVD from Dell Windows IoT thin clients & Dell Wyse ThinOS thin clients.

You can access the entire AVD on Dell Azure Stack video series starting here.

Check out part 1 below!!

If you want to dig deeper, check out our AVD on Azure Stack design guide here & our implemtnion guide here!

These are some excellent documents that go into great detail on deploying AVD on Azure Stack!

Part 2-9 continue here!

Enjoy!

Additional Resources:

All things Dell Technologies VDI hub here

Dell VDI Whitepapers

Dell VDI Blogs

Documentation

@chris_messier ~~> Subscribe to blog to get latest updates <~~

Microsoft Azure Virtual Desktop (AVD) and Dell Windows 10 IoT Kiosk Mode

chrismessier Blog, Microsoft , ,

Deploying Azure Virtual Desktop (AVD) in a Kiosk configuration is a common question we get asked when using Dell Windows 10 IoT thin clients.

The idea is when the device boots, it will present only with an AVD login with no other options present on the desktop, start menu, etc… thus creating a locked down kiosk solution.

By default, this is the behavior with ThinOS & AVD since the device is natively locked down. An example of this is outlined in a previous post here.

We can also do the same thing with Dell Windows 10 IoT by using a great Dell utility included in IoT called EasySetup. You can configure this tool in the Wyse Management Suite console and just specify an AVD connections and remove any other options, icons, configuration, etc.. from the desktop of the thin client. These same steps can be used to configure any other VDI connections, i.e. Citrix, VMware, browser icons, etc..

You can configure by following the steps below;

Configure your Wyse Management Suite (WMS) group configuration to launch the AVD client as shown below.

  1. In WMS, select the Group Configuration you want to edit, and select ‘WES’.

2. In the WES WMS configuration group, go to ‘Wyse EasySetup‘ and enable ‘Kiosk Mode‘. Under ‘Applications‘, section give the connection icon a name, i.e. AVD Desktop and under ‘Application Location‘, enter the path to the AVD client, i.e. C:\Program Files\Remote Desktop\msrdcw.exe

Configure any of the optional settings as desired.

3. Once complete with the settings, click ‘Save & Publish‘ at the top of the page to save settings.

4. Once the device boots up and downloads your updated WMS configuration, it will enable the Wyse EasySetup shell and the end result should be the following below.

Note: The File Base Write filter needs to be enabled in order for the Wyse EasySetup shell to be enabled and applied. If not, you will boot to the normal Windows desktop and not see the single icon as shown below.

5. By default, the ‘Wyse Easy Setup’ policy removes many configurations from the start menu so the user can’t access any settings. If you want to enable some specific Start Menu options, Control Panel settings, task bar settings, etc.. you can toggle many of these features on in the ‘Wyse Easy Setup’ policy.

For example, some of the settings you can enable are shown below. These settings are located the same ‘Kiosk Mode’ section shown above. To see more details of the available Wyse EasySetup configuration options search for the latest the WMS administration guide here.

I hope this helps provide some additional information about using the Wyse EasySetup utility to setup an Azure Virtual Desktop connection in Kiosk mode on Windows 10 IoT thin client.

Hope you found this helpful!

Additional Resources:

  • Prior article on installing the AVD client onto Windows 10 IoT here.
  • Windows 10 IoT admin and release notes here
  • Wyse Management Suite documentation here
  • Dell ThinOS & Azure Virtual Desktop here
  • Excellent Dell Wyse community located here
  • Dell Thin Client Community forums here
  • Microsoft AVD Community forums here
  • Great AVD information site & user community here

@chris_messier ~~> Subscribe to blog to get latest updates <~~

New Dell Wyse ThinOS Activation License & Wyse Management Suite Update

chrismessier Blog, Management, Security, VMware Horizon, Wyse ThinOS , ,

A new Dell Wyse ThinOS enhancement to be aware of is the introduction of a ThinOS Activation License that was introduced as part of ThinOS version 2205 (version 9.3.1129) & Wyse Management Suite 3.7.

This new license is required in certain scenarios as outlined here.

In some cases, you may encounter the following message below:

“Login is denied (ThinOS activation license is not available)”

You will get this for a few reasons as outlined in the release notes here and outlined below.

ThinOS enhancements

  • Added ThinOS Activation devices licenses in Wyse Management Suite—The licenses must be used in the following two scenarios:
    • Devices that are converted from other operating systems must use the ThinOS activation licenses to enable VDI function. Without the ThinOS activation license, you cannot log in to any Broker agent on the devices. The ThinOS activation licenses are used automatically when registering to Wyse Management Suite.
      • For example, you bought Windows 10 IoT/Windows Embedded devices in the past and converted them to ThinOS at one point
      • If you bought a newer platform, i.e. Dell 3420 thin client laptop and ThinOS was NOT installed at the factory but instead onsite, then you will need the ThinOS Activation license
    • Non-PCoIP ThinOS clients that are upgraded from ThinOS 8.6 can use ThinOS Activation license to enable the PCoIP function. Go to Services > WDA Settings > Enable PCoIP Activation License to enable this option in ThinOS 9.x policy. Restart your device for the function to take effect
      • For example, you upgraded ThinOS 8.x without PCoIP and have upgraded to ThinOS 9.x and you use PCoIP with VMware Horizon
  • Support for Dell Wyse Latitude 3420 Thin Client
    • You must have ThinOS Activation devices license for Latitude 3420 to enable VDI function

This license takes effect starting with ThinOS 2205/9.3.1129 & Wyse Management Suite 3.7 as noted in the release notes here.

If you are running into this issue after upgrading to ThinOS 2205, you may need to reach out to your Dell account team to likely purchase the appropriate ThinOS Activation License if you fall into one of the categories.

Alternatively, you can roll back to prior versions of ThinOS until you identify the reason you are getting this license message & purchase the proper ThinOS activation license(s).

The new ThinOS Activation License is discussed in greater detail here, Dell ThinOS – Installation & Activation License User Guide. This document also covers installing ThinOS on newer hardware manually such as the Wyse 3420 thin client laptop IF it is not pre-loaded at the factory.

If you use WMS on prem you will need to export your ThinOS Activation License from WMS Cloud to WMS on prem server as noted here.

Hope you found this helpful!

Additional Resources:

  • Dell Wyse ThinOS 2205/9.3.1129 Release notes here
  • Dell Wyse ThinOS 2205/9.3.1129 Administrators Guide here
  • Dell Wyse Management Suite Release notes here
  • Dell Community forums for ThinOS here
  • Excellent Dell Wyse community located here
  • Dell Wyse ThinOS Technical Support here

@chris_messier ~~> Subscribe to blog to get latest updates <~~

New! Dell VDI Updates – Microsoft AVD on Azure Stack HCI, Citrix & VMware Updates!

chrismessier Blog, Citrix, Microsoft, VMware Horizon , ,

Wow!! The Dell VDI product team has been busy at work and released a bunch of new updates that I wanted to share!!

They released some great content around Microsoft Azure Virtual Desktop on Azure Stack HCI & some new design and implementation guides for Citrix & VMware.

You can access all this great content here or some direct links below – enjoy!!

Azure Virtual Desktop

VMware Horizon

Citrix Virtual Apps & Desktops

Additional Resources:

@chris_messier ~~> Subscribe to blog to get latest updates <~~

Dell Wyse Management Suite (WMS) 3.6 Install

chrismessier Blog, Management, Security ,

The latest release of Wyse Management Suite, 3.6, is out! I put together a brief summary of the installation process if installing locally on a Windows 2019/2016/2012 server. Alternatively, WMS can also be run as a hybrid cloud solution as noted here. Enjoy!

You can download Wyse Management Suite v3.6 from here along with documentation and release notes here.

  1. Launch the installer, WMS_3.6-xxx.exe and click ‘Next’ to begin

2. Accept EULA and click ‘Next’

3. Choose Typical or Custom and be sure to check off ‘Turn off IE Enhanced Security Configuration’ then click ‘Next’. I selected Typical for this standard install.

4. Provide credentials for both database access and administrator credentials. Note: The administrator credentials will be the login credentials you’ll use to log into the WMS console.

5. I clicked ‘Next’ past this section as it’s specific to using Teradici zero clients which I’m not using. If you are, see more info at page 15 here

6. Select an option to create the WMS service account from the below options.

7. Provide credentials for the Software Vault as noted below.

8. Click ‘Next’ to accept the default security configuration

9. Select the installation and repository location as noted below

10. Once you click ‘Next’, the installation will start!!

11. Once install finishes, click ‘Launch’ at the end and a wizard will finalize the install. You can see more of these final steps here starting at Step 14.

Additional Resources:

  • Wyse Management Suite download here
  • Wyse Management Suite documentation here
  • Excellent Dell Wyse community located here
  • Dell Community forums for Wyse Management Suite (WMS) here

@chris_messier ~~> Subscribe to blog to get latest updates <~~

Dell Wyse ThinOS 9 & 802.1x Configurations

chrismessier Blog, Security, Wyse ThinOS ,

I recently came across an issue that took some time trying to resolve regarding 802.1x configuration on ThinOS 9.1 that I wanted to share.

Ultimately, the issue came down to the SSL certificate name not matching the certificate name entered into the Wyse Management Suite (WMS) configuration.

When the device was trying to authenticate, it was using a certificate name that didn’t match what was in the WMS configuration and failed to authenticate because of this.

Some errors we received in the event log but weren’t very descriptive although it appeared to be a certificate authentication issue based on ‘private key passphrase needed for SSID’ error message.

  • TLS: Failed to set TLS connection parameters
  • EAP-TLS: Failed to initialize SSL
  • WLAN: CTRL-REQ-PASSPHRASE-0:Private key passphrase needed for SSID
  • WLAN: EAP: Failed to initialize EAP method: vendor 0 method 13 (TLS)

Example log:

We then looked at the WMS 802.1x configuration and verified the certificate name, in this case, ‘wyse.pfx’ – note the lowercase ‘w‘. We uploaded again to WMS and verified we got prompted for password so that looked correct.

We then looked at actual certificate we uploaded, ‘Wyse.pfx’, and made note of the case – capital ‘W‘ vs the lowercase ‘w‘ that was entered in WMS console so we changed WMS to match certificate name. We changed it from ‘wyse.pfx’ to ‘Wyse.pfx’. Once we did this and rebooted device, it connected to the network successfully!

Lesson learned, it’s never a bad idea to verify case sensitivity and try to make sure they match to avoid this potential pitfall!

Hope you found this helpful!

Additional Resources:

  • More details on 802.1x configurations noted here
  • If you are new to ThinOS 9.1, here is a quick video overview of some of it’s features.
  • Looking for more details on ThinOS 9.1? Check out the release notes here
  • Excellent Dell Wyse community located here
  • Dell Community forums for ThinOS here

@chris_messier ~~> Subscribe to blog to get latest updates <~~

Dell Wyse ThinOS 9.1 & Windows Virtual Desktop (WVD/AVD) Support

chrismessier Blog, Microsoft, Wyse ThinOS , ,

The Dell Wyse team has recently launched support for Windows Virtual Desktop(WVD) on Dell Wyse ThinOS 9.1. This is big news as it allows us to use a non-Windows thin client endpoint to connect to your WVD environment! Microsoft posted a quick announcement about this as well here.

I’ve covered some details about the configuration below and you can access the official documentation here;

  1. ThinOS 9.1 & WVD product summary noted here
  2. ThinOS 9.1 administrators guide here, release notes here, & 8.6 to 9.1 migration guide here
  3. Note – If you are still on ThinOS 8.6 you can learn how to upgrade to 9.x here

The configuration for ThinOS & WVD is pretty straightforward with the only configuration needed is a Wyse Management Suite (WMS) policy to specify Windows Virtual Desktop under the broker setting which is shown below.

Note – by default, the WVD client package is pre-installed on 9.1 but incase it’s not or you’re looking for latest you can get from support.dell.com under drivers for your model, for example 5070, search for ‘wvd’.

  1. In WMS, edit your ThinOS 9 policy and browse to ‘Advanced –> Broker Settings –> Windows Virtual Desktop Settings’ as shown below

2. Under the following section you just need to choose the appropriate WVD deployment model you are using. You will chose either the latest WVD ARM (Azure Resource Manager) based deployment model or the ‘classic’ WVD non ARM based deployment. In my testing, I am using the Azure portal ARM based deployment so I selected the (ARMv2) option. When you are done, click ‘Save & Publish’.

3. Also under, Broker Settings\Global Broker Settings set to – “Windows Virtual Desktop” on your policy as shown below:

4. Once the updated WMS policy is received by your device, you should see your new WVD setting reflected on your device as shown below

4. Once the devices reboots, you should be prompted with the Microsoft Azure AD login screen as shown below 5. At this point you are ready to login into WVD and access your VMs! wmswvd1_46. In this case I have access to a Windows 10 VM!

Hope you found this helpful!

Additional Resources:

  • If you are new to ThinOS 9.1, here is a quick video overview of some of it’s features.
  • Looking for more details on ThinOS 9.1? Check out the release notes here
  • ThinOS 9.1 release notes discussing WVD setup here & 8.6 vs 9.1 feature comparison here
  • Excellent Dell Wyse community located here
  • Dell Community forums for ThinOS here
  • Microsoft AVD Community forums here
  • Great AVD information site & user community here

@chris_messier ~~> Subscribe to blog to get latest updates <~~

Dell Wyse ThinOS 9 & Netscaler/ADC

chrismessier Blog, Citrix, Security, Wyse ThinOS , ,

I’ve run into a few issues lately where customers are currently using ThinOS 8.x successfully with Citrix Netscaler/ADC but having issues connecting with Dell Wyse ThinOS 9.x.

In more than one case, it’s been an issue with the existing Netscaler Session Policy that was setup specifically for Wyse devices and contains information from the ThinOS 8.x User-Agent HTTTP/S request header that may no longer apply to ThinOS 9.

The ThinOS 8.x User-Agent request header is: CitrixReciever WTOS/1.0

The ThinOS 9.0 User-Agent request header is: “CitrixReceiver”/18.12.0.65534 (X11; Linux x86_64) Warthog/9.0.8024 (Release) X1Class CWACapable

**Update 8/2021 #1 ** ThinOS 9.1 User-Agent request header has been changed to: CitrixReceiver/18.12.0.65534 (X11; Linux x86_64) WTOS/9 (Release) X1Class CWACapable (‘Warthog/9.0.8024′ was replaced with: ‘WTOS/9’)

**Update 8/2021 #2 ** If ThinOS is using the built-in web browser to connect to an MFA site, for example, Okta, Duo, etc.. then the HTTP header will be one of the following:

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Warthog/9.0 Safari/537

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Electron/3.1.11 Safari/537.36

Note: The following below may not be true if using >9.1 as the http header now again contains “WTOS”.

The issue I’ve seen is many customers using ThinOS 8.x have a Netscaler Session Policies setup to look for a User-Agent to include “WTOS” or “WTOS/1.0” and that does NOT exist in the 9.x User-Agent header so the existing Session Policy will be ignored and not applied.

Network trace from ThinOS 8.6_511:

Network trace from ThinOS 9.0_4024:

 

Network trace from ThinOS 9.1.2101 / CWA 21.1.0.14.8

 

To fix this, you have 2 options.

Option #1: Create a new session policy on Netscaler/ADC to contain something from the ThinOS 9.x header, for example, ‘Warthog’ (name for ThinOS 9) so it uses the policy.

Option #2: Wyse Management Suite has the ability to specify the User-Agent header under the WMS Citrix Broker/Netscaler section.  

  • Under ‘Citrix Broker’ settings from ThinOS 8.x policy

  • Under ‘Broker Settings’ settings from ThinOS 9.x policy

Finally, we also saw an issue where we get the following error; INFO: “Waiting for token to change, then enter the new tokencode”

The existing Netscaler/ADC policy was set to have an RSA policy first BUT since that policy was setup using the 8.6, “WTOS”, header, it was going to the second policy and only allowing LDAP, but threw this error. Once we fixed the policy as noted above with proper header, we were able to use or RSA policy as primary, and the LDAP as secondary.

You can configure this behavior under the “Citrix Netscaler/ADC” settings section in the ThinOS 9 policy.  

Hope you found this helpful!

@chris_messier ~~> Subscribe to blog to get latest updates <~~