New! Wyse 5470 Thin Client Laptop and 24″ All in One!

Dell has recently released 2 new models, the Dell Wyse 5470 Thin Client Laptop and a 24″ All in One thin client!

The big news here is it’s the first thin client laptop Dell has released that runs Wyse ThinOS. The thin laptop also comes in Windows 10 IoT along with the ThinLinux platform. We’ve had Windows and Linux based thin laptops in the past but we’ve always had demand for a ThinOS version so it’s finally here!

The other Dell Wyse first is a ThinOS based 24″ All in One which we seen lots of interest in the healthcare space and other verticals interested in AIO’s. This replaces the previous 21.5″ ThinOS and the 24″ Teradici based options we had.

See more below!

Product video of 5470 All in One here!

Product video of 5470 Thin Client Laptop here!

Enjoy!

@chris_messier ~~> Subscribe to blog to get latest updates <~~

New Updates! Cisco Jabber & Microsoft Skype for Business Enhancements for Wyse ThinOS

Cisco Jabber & Microsoft Skype for Business, and other unified communications solutions, are some of the solutions often requested in virtual desktop deployments. Citrix & VMware have both made some key advancements on the server side, i.e. Citrix HDX RealTime Optimization Pack (RTME) & VMware Horizon Virtualization Pack for Skype for Business.

Most of the client side solutions to ‘offload’ some of this processing has been focused on using Windows, or Windows Embedded, based endpoints. The request of many customers is to simplify & secure the endpoint as much as possible, which can lead to using a non-Windows based endpoint and running Windows 10/7 in the data center.

Dell Wyse just released Wyse ThinOS 8.6 which includes support for Cisco Jabber Softphone for VDI for Citrix and Skype for Business on VMware Horizon.

You can see more on these announcements here and some technical details in the Wyse ThinOS 8.6 release notes here.

Enjoy!

@chris_messier ~~> Subscribe to blog to get latest updates <~~

Just Released! What’s new with Wyse Management Suite 1.3?

Dell Releases Wyse Management Suite 1.3

The Dell Wyse team has recently released Wyse Management Suite (WMS) 1.3 and also updated the cloud hosted version at www.wysemanagementsuite.com!

You can see a quick summary of the new features below.

You can download this new WMS 1.3 and documentation from here.

New features

Wyse Management Suite – Error pulling Windows 10 IoT Image

In some recent lab testing I ran into the following error: “CCM on-prem Server authentication token is not available in configuration file.”

I got this error when attempting to pull a Windows 10 IoT Image off a Wyse 5060 client.

The fix was to push the updated Merlin package, aka boot agent, to the device prior to capturing image.

This package is already pre-loaded in the Wyse Management Suite software and listed under “Apps & Data\App Inventory\Thin Client” – MerlinPackage_Common.exe.

You will need to create and App Policy containing this package and push to the client.

  1. To create App Policy go to, Apps & Data\App Policies\Thin Client\Add Policy
  2. Complete the policy using the details below:
  3. Once policy is created, go to, “Jobs\Schedule App Policy” and create your policy similar to below:
  4. Once the policy is pushed successfully you should now be able to pull the image!

Error details:

(Status: Failed – [ERROR: CCM on-prem Server authentication token is not available in configuration file. (error code : 107).]
[ERROR STAGE: Repository validation.]
[REASON: Configuration file is missing authentication token of on prem Server.]
[SOLUTION: Make sure config file is updated with proper CCM on prem Server authentication token.]
| (107))

Hope this helps someone else down the road!

@chris_messer ~~> Subscribe to blog to get latest updates <~~

Additional support resources as noted below:

Dell TechCenter Wyse Product Support Forums – these are a great resource for getting up and running with the solutions as well as tips and tricks for troubleshooting common issues. Once you join the Dell TechCenter community you will have a variety of resources to get started!

Dell Wyse Support Site – Wyse documentation, log support incident, etc…

Available categories with forum and topic lists:

  • Wyse general forum: for discussions that, for example, span multiple categories, involve end-to-end methods, heterogeneous environments, new use cases or topics not found under the support documentation or existing discussions.
  • Wyse thin clients: includes Cloud Connect, Linux, Windows Embedded Standard, ThinOS and zero clients for Citrix, MultiPoint Server and VMware.
  • Wyse software: includes Wyse Management Suite, Wyse Device Manager, Wyse WSM and Wyse Virtualization Software

Wyse Management Suite (WMS) DNS Discovery

Once you have Wyse Management Suite (WMS) installed the next step is to automatically have your devices ‘find’ and check-in into your WMS server. This is accomplished by setting up a few DNS records that include the key WMS server information. I’ve outlined the DNS records that need to be setup and steps to setup on Microsoft Server 2012.

  • Service Location (SRV) Record
    • _WMS_MGMT
    • _WMS_MQTT
  • Text (TXT) Record
    • _WMS_GROUPTOKEN
    • _WMS_CAValidation

Steps to setup Service Location (SRV) Record on Microsoft Server 2012

  1. On your DNS server navigate to the domain you want, then right click on “_tcp”, and select “Other New Records”.

  2. To setup the 2 SRV records, select “Service Location (SRV) from the options.

  3. Setup your record for, “_WMS_MGMT”. This is the FQDN of your WMS server. Use the following options below:
    1. Domain: Your domain name
    2. Service: _WMS_MGMT
    3. Protocol: _tcp
    4. Priority: 0
    5. Weight: 100
    6. Port Number: 443
    7. Host offering this service: your_wms_server, i.e. wms1.dellse.local

  4. Setup your record for, “_WMS_MQTT”. This is a service port WMS uses. This is the FQDN of your WMS server. Use the following options below:
    1. Domain: Your domain name
    2. Service: _WMS_MQTT
    3. Protocol: _tcp
    4. Priority: 0
    5. Weight: 100
    6. Port Number: 1883
    7. Host offering this service: your_wms_server, i.e. wms1.dellse.local

  5. To setup the next 2 records, navigate to the domain you want, select that node, then right click and select “Other New Records”. *Note* do not select a sub node such as _tcp for these records.

  6. Select the “Text (TXT)” Record type:

  7. Setup your record for, “_WMS_GROUPTOKEN”. This is the specific Group Token/Profile that you setup and want to use. Use the following options below:
    1. Record Name: _WMS_GROUPTOKEN
    2. Fully qualified domain name (FQDN): _WMS_GROUPTOKEN.your_domain
    3. Text: defa-labdemo1
      1. This “Text:” field is the key that you want to use. You will get this from your WMS console where you setup your group profile under the key icon.

  8. Setup your record for, “_WMS_CAValidation”. If you are not using an SSL cert (default), then this value needs to be set to ‘False’. If you are using a cert, then this would be set to “True”. Use the following options below:
    1. Record Name: _WMS_CAValidation
    2. Fully qualified domain name (FQDN): _WMS_CAValidation.your_domain
    3. Text: False (or True, if using a cert)

9. Once you have these 4 options setup, you should see the following in DNS;

The following records should be listed under your_domain:

The other 2 records should be listed under, your_domain\_tcp

10. This completes the setup. Once your device boots up and does it’s DNS lookup it will populate the proper fields on the device, in this example, Wyse ThinOS:

Dell Wyse ThinOS – SCEP and NDES Certificate Configuration

In order to request certificates manually or automatically, for example for wireless access, you need to configure Dell Wyse ThinOS to request certificates. This process requires you have the Network Device Enrollment Service (NDES) role setup in your environment. This is what implements Simple Certificate Enrollment Protocol (SCEP), which is used to issue certificates.

The setup outlined here uses a Microsoft Windows Server 2012.

In addition to having an internal Certificate Authority setup in your Active Directory environment you will also need the Network Device Enrollment Service (NDES) role installed. This is role/service that implements the Simple Certificate Enrollment Protocol (SCEP) used to issue certificates.

If not already setup, you can setup your Certificate Authority following steps here.

If not already setup, you can install and configure the NDES server role here.

  • The Setup section here outlines exact steps to setup your NDES server to start handing out certificate.

Issue:

How do you setup Dell Wyse ThinOS to request certificates from your Network Device Enrollment Service (NDES).

Resolution:

You will first need to setup your NDES environment by following steps in requirements section. Once setup your device will be able to request certificates manually or automatically.

Details:

We will first cover the manual process to have the device request a certificate from the NDES server.


1.
On Dell Wyse ThinOS go to System Tools\Certificates and select “Request Certificate” and the following screen will appear.


2.
Fill in the fields as shown below making note of the following;


  1. Request URL: This will be the URL of your NDES server. Note, do not include the prefix, http, otherwise, you will get an error: “failed getting port number.”
  2. CA Certificate Hash Type: if using MS CA/NDES server then this should remain MD5. Even though your server may issue SHA256 hashed certs, MD5 is what is used to issue the request but cert will be signed however you have them configured, i.e. SHA1, SHA256, etc..
  3. CA Certificate Hash Value: You will need to browse to the following location on your NDES server; http://hostname/certsrv/mscep/mscep.dll. You will then click link, http://hostname/certsrv/mscep_admin to get the Hash Value and Enrollment Password. * NOTE * Be sure to include spaces in the Hash Value name as it shows on the webpage example below.

  4.  Enrollment Password: This will be the password retrieved from above.

3. Once you click “Request Certificate” the client will communicate with the server and return the following:


Note: Be sure to check off “Install CA Certificate” so this is also installed otherwise, the certificate will be installed under ‘Unknown’ on client and not be chained correctly.


4. Click “Install Certificates” and both certificates will be installed on the client.


NOTE: You can also verify it has the correct Signature Algorithim, i.e. SHA1 or SHA256 or whatever your CA is set to.

SHA1 Cert:


SHA256 Cert:


NOTE 1: Even if Signature Algorithm is set to SHA256, the Thumbprint Algorithm will be set to SHA1. This is expected as noted here.

NOTE 2: It is helpful to know what Signature Algorithm your CA uses. You can confirm this from here;

SHA1


SHA256


Note: To upgrade your CA from using SHA1 to SHA256 you can follow steps here.

5. This completes process to manually request certificates. In order to Dell Wyse ThinOS request certificates automatically you will have to do this via an INI file or Wyse Management Suite. The values you will use to do this are outlined on the 8.4 INI guide and you can get documentation here.


Dell Wyse ThinOS – “Invalid Digital Signature” Message

Issue: When attempting to downgrade ThinOS firmware from version 8.4.x to earlier versions, i.e. 8.3.x, 8.2.x, etc.. you may get the following message, “Invalid Digital Signature”.

Resolution: In order to rollback the version of firmware you need to add the following parameter to your wnos.ini configuration file or WMS/CCM configuration.

VerifySignature=no

Note: This will need to be added on a line starting with, “autoload=x”

For example: autoload=1 VerifySignature=no

See v8.4 INI guide for further details here.

More details on VerifySignature= parameter from the 8.4 release notes:

“The option VerifySignature specifies to verify the signature or not when updating the firmware and/or packages. It is introduced in 8.4 and later to make sure the security and integrity of the firmware and packages. If set VerifySignature to no, it will not check the signature so that to downgrade the firmware and/or packages which did not support signature. The default is yes.”

@chris_messier ~~> Subscribe to blog to get latest updates <~~