Just Released! What’s new with Wyse Management Suite 1.3?

Dell Releases Wyse Management Suite 1.3

The Dell Wyse team has recently released Wyse Management Suite (WMS) 1.3 and also updated the cloud hosted version at www.wysemanagementsuite.com!

You can see a quick summary of the new features below.

You can download this new WMS 1.3 and documentation from here.

New features

Dell Wyse Podcast – Subscribe Now!

Like podcasts? Like VDI & thin clients? Check out the Dell Wyse Podcast to stay up to date on all things Dell Wyse thin clients and VDI news!

Search for “Dell Wyse” in your favorite podcast app and it should come up, “The Dell Wyse Podcast”.

You can also link to it here: https://dellwyse.podbean.com

Enjoy!

@chris_messer ~~> Subscribe to blog to get latest updates <~~

Wyse Management Suite – Error pulling Windows 10 IoT Image

In some recent lab testing I ran into the following error: “CCM on-prem Server authentication token is not available in configuration file.”

I got this error when attempting to pull a Windows 10 IoT Image off a Wyse 5060 client.

The fix was to push the updated Merlin package, aka boot agent, to the device prior to capturing image.

This package is already pre-loaded in the Wyse Management Suite software and listed under “Apps & Data\App Inventory\Thin Client” – MerlinPackage_Common.exe.

You will need to create and App Policy containing this package and push to the client.

  1. To create App Policy go to, Apps & Data\App Policies\Thin Client\Add Policy
  2. Complete the policy using the details below:
  3. Once policy is created, go to, “Jobs\Schedule App Policy” and create your policy similar to below:
  4. Once the policy is pushed successfully you should now be able to pull the image!

Error details:

(Status: Failed – [ERROR: CCM on-prem Server authentication token is not available in configuration file. (error code : 107).]
[ERROR STAGE: Repository validation.]
[REASON: Configuration file is missing authentication token of on prem Server.]
[SOLUTION: Make sure config file is updated with proper CCM on prem Server authentication token.]
| (107))

Hope this helps someone else down the road!

@chris_messer ~~> Subscribe to blog to get latest updates <~~

Additional support resources as noted below:

Dell TechCenter Wyse Product Support Forums – these are a great resource for getting up and running with the solutions as well as tips and tricks for troubleshooting common issues. Once you join the Dell TechCenter community you will have a variety of resources to get started!

Dell Wyse Support Site – Wyse documentation, log support incident, etc…

Available categories with forum and topic lists:

  • Wyse general forum: for discussions that, for example, span multiple categories, involve end-to-end methods, heterogeneous environments, new use cases or topics not found under the support documentation or existing discussions.
  • Wyse thin clients: includes Cloud Connect, Linux, Windows Embedded Standard, ThinOS and zero clients for Citrix, MultiPoint Server and VMware.
  • Wyse software: includes Wyse Management Suite, Wyse Device Manager, Wyse WSM and Wyse Virtualization Software

Wyse Converter for PCs Installation Steps

The following steps outline the typical installation of Wyse Converter for PCs

  1. Download a copy of Wyse Converter for PCs here
  2. Ensure the PC you wish to convert meets the minimum requirements and pre-requisites noted here
  3. You will also want to get access to the Wyse Management Suite software to have a centralized way to configure and manage your converted PC’s. You can get access to Wyse Management Suite by going here. Alternatively, you can manually configure the device using local GUI during testing.
  4. Run ‘WyseConverterforPCs.exe’ on your Windows 7 or Windows 10 PC you wish to convert. Note: By default, you will get a 45 day trial license as part of the installation.
  5. Follow the steps below for a typical installation:
    1. After installation completes and PC reboots you will be brought to the following screen:

WyseUser2

8. By default, Converter for PC will auto-logon as the locked down Standard User, ‘WyseUser’ as noted in step 4. In order to login as ‘WyseAdmin’ hold down ‘shift’ key and log off and you will be brought to Windows logon screen where you can select the user account you want to log in as.

  • default credentials
    • username: wyseadmin | password: DellCCCvdi
    • username: wyseuser | password: DellCCCvdi

9. At this point, you can begin your configuration of the Citrix client, VMware client, etc… using one of 2 methods:

10. You can access documentation Wyse Converter for PC documentation here and Wyse Management Suite documentation here.

Additional support resources as noted below:

Dell TechCenter Wyse Product Support Forums – these are a great resource for getting up and running with the solutions as well as tips and tricks for troubleshooting common issues. Once you join the Dell TechCenter community you will have a variety of resources to get started!

Dell Wyse Support Site – Wyse documentation, log support incident, etc…

Available categories with forum and topic lists:

  • Wyse general forum: for discussions that, for example, span multiple categories, involve end-to-end methods, heterogeneous environments, new use cases or topics not found under the support documentation or existing discussions.
  • Wyse thin clients: includes Cloud Connect, Linux, Windows Embedded Standard, ThinOS and zero clients for Citrix, MultiPoint Server and VMware.
  • Wyse software: includes Wyse Management Suite, Wyse Device Manager, Wyse WSM and Wyse Virtualization Software

@chris_messier ~~> Subscribe to blog to get latest updates <~~

 

Using HTTP for StoreFront Server

In some recent lab testing I setup Citrix StoreFront to use HTTP as I was running some quick tests and didn’t need HTTPS for my test.

Unfortunely, by default, the Citrix Receiver only allows you to connect via HTTPS. If you enter an HTTP URL, it won’t allow you to save it and instead, get the following error:

“The specified server address is not secure”

StoreFront1

Once you click, “Add”, you will get the following:

“HTTP Store requires additional configuration before being added to the Citrix Receiver. Please contact your system administrator.”

StoreFront3

The fix for this is to edit/add the following Registry keys on the client your using the Citrix Receiver to connect from:

  1. Set HKLM\Software\[Wow6432Node\]Citrix\Dazzle\AllowAddStore to A to allow users to add non-secure stores.
  2. (Optional) Set HKLM\Software\[Wow6432Node\]Citrix\Dazzle\AllowSavePwd to A to allow users to save their passwords for non-secure stores.
  3. To enable the addition of a store that is configured in StoreFront with a TransportType of HTTP, add to HKLM\Software\[Wow6432Node\]Citrix\AuthManager the value ConnectionSecurityMode (REG_SZ type) and set it to Any.
  4. Exit and restart Citrix Receiver.

Source: Configure and install Receiver for Windows using command-line parameters

You should now be able to use an HTTP URL in your Citrix Receiver to connect to StoreFront successfully!

Hope this helps someone else down the road!

@chris_messer ~~> Subscribe to blog to get latest updates <~~

Wyse Management Suite (WMS) DNS Discovery

Once you have Wyse Management Suite (WMS) installed the next step is to automatically have your devices ‘find’ and check-in into your WMS server. This is accomplished by setting up a few DNS records that include the key WMS server information. I’ve outlined the DNS records that need to be setup and steps to setup on Microsoft Server 2012.

  • Service Location (SRV) Record
    • _WMS_MGMT
    • _WMS_MQTT
  • Text (TXT) Record
    • _WMS_GROUPTOKEN
    • _WMS_CAValidation

Steps to setup Service Location (SRV) Record on Microsoft Server 2012

  1. On your DNS server navigate to the domain you want, then right click on “_tcp”, and select “Other New Records”.

  2. To setup the 2 SRV records, select “Service Location (SRV) from the options.

  3. Setup your record for, “_WMS_MGMT”. This is the FQDN of your WMS server. Use the following options below:
    1. Domain: Your domain name
    2. Service: _WMS_MGMT
    3. Protocol: _tcp
    4. Priority: 0
    5. Weight: 100
    6. Port Number: 443
    7. Host offering this service: your_wms_server, i.e. wms1.dellse.local

  4. Setup your record for, “_WMS_MQTT”. This is a service port WMS uses. This is the FQDN of your WMS server. Use the following options below:
    1. Domain: Your domain name
    2. Service: _WMS_MQTT
    3. Protocol: _tcp
    4. Priority: 0
    5. Weight: 100
    6. Port Number: 1883
    7. Host offering this service: your_wms_server, i.e. wms1.dellse.local

  5. To setup the next 2 records, navigate to the domain you want, select that node, then right click and select “Other New Records”. *Note* do not select a sub node such as _tcp for these records.

  6. Select the “Text (TXT)” Record type:

  7. Setup your record for, “_WMS_GROUPTOKEN”. This is the specific Group Token/Profile that you setup and want to use. Use the following options below:
    1. Record Name: _WMS_GROUPTOKEN
    2. Fully qualified domain name (FQDN): _WMS_GROUPTOKEN.your_domain
    3. Text: defa-labdemo1
      1. This “Text:” field is the key that you want to use. You will get this from your WMS console where you setup your group profile under the key icon.

  8. Setup your record for, “_WMS_CAValidation”. If you are not using an SSL cert (default), then this value needs to be set to ‘False’. If you are using a cert, then this would be set to “True”. Use the following options below:
    1. Record Name: _WMS_CAValidation
    2. Fully qualified domain name (FQDN): _WMS_CAValidation.your_domain
    3. Text: False (or True, if using a cert)

9. Once you have these 4 options setup, you should see the following in DNS;

The following records should be listed under your_domain:

The other 2 records should be listed under, your_domain\_tcp

10. This completes the setup. Once your device boots up and does it’s DNS lookup it will populate the proper fields on the device, in this example, Wyse ThinOS:

Dell Wyse ThinOS – SCEP and NDES Certificate Configuration

In order to request certificates manually or automatically, for example for wireless access, you need to configure Dell Wyse ThinOS to request certificates. This process requires you have the Network Device Enrollment Service (NDES) role setup in your environment. This is what implements Simple Certificate Enrollment Protocol (SCEP), which is used to issue certificates.

The setup outlined here uses a Microsoft Windows Server 2012.

In addition to having an internal Certificate Authority setup in your Active Directory environment you will also need the Network Device Enrollment Service (NDES) role installed. This is role/service that implements the Simple Certificate Enrollment Protocol (SCEP) used to issue certificates.

If not already setup, you can setup your Certificate Authority following steps here.

If not already setup, you can install and configure the NDES server role here.

  • The Setup section here outlines exact steps to setup your NDES server to start handing out certificate.

Issue:

How do you setup Dell Wyse ThinOS to request certificates from your Network Device Enrollment Service (NDES).

Resolution:

You will first need to setup your NDES environment by following steps in requirements section. Once setup your device will be able to request certificates manually or automatically.

Details:

We will first cover the manual process to have the device request a certificate from the NDES server.


1.
On Dell Wyse ThinOS go to System Tools\Certificates and select “Request Certificate” and the following screen will appear.


2.
Fill in the fields as shown below making note of the following;


  1. Request URL: This will be the URL of your NDES server. Note, do not include the prefix, http, otherwise, you will get an error: “failed getting port number.”
  2. CA Certificate Hash Type: if using MS CA/NDES server then this should remain MD5. Even though your server may issue SHA256 hashed certs, MD5 is what is used to issue the request but cert will be signed however you have them configured, i.e. SHA1, SHA256, etc..
  3. CA Certificate Hash Value: You will need to browse to the following location on your NDES server; http://hostname/certsrv/mscep/mscep.dll. You will then click link, http://hostname/certsrv/mscep_admin to get the Hash Value and Enrollment Password. * NOTE * Be sure to include spaces in the Hash Value name as it shows on the webpage example below.

  4.  Enrollment Password: This will be the password retrieved from above.

3. Once you click “Request Certificate” the client will communicate with the server and return the following:


Note: Be sure to check off “Install CA Certificate” so this is also installed otherwise, the certificate will be installed under ‘Unknown’ on client and not be chained correctly.


4. Click “Install Certificates” and both certificates will be installed on the client.


NOTE: You can also verify it has the correct Signature Algorithim, i.e. SHA1 or SHA256 or whatever your CA is set to.

SHA1 Cert:


SHA256 Cert:


NOTE 1: Even if Signature Algorithm is set to SHA256, the Thumbprint Algorithm will be set to SHA1. This is expected as noted here.

NOTE 2: It is helpful to know what Signature Algorithm your CA uses. You can confirm this from here;

SHA1


SHA256


Note: To upgrade your CA from using SHA1 to SHA256 you can follow steps here.

5. This completes process to manually request certificates. In order to Dell Wyse ThinOS request certificates automatically you will have to do this via an INI file or Wyse Management Suite. The values you will use to do this are outlined on the 8.4 INI guide and you can get documentation here.