Citrix Remote PowerShell SDK error: “Could not establish trust relationship for the SSL/TLS secure channel with authority ‘localhost’.”

If you see the following error when trying to run cmdlets from the Citrix Remote PowerShell SDK

Check and make sure you are running PowerShell in its 64-bit flavour, and not 32-bit (x86).

WTF?

I had this issue recently when automating some tasks with Jenkins talking to Citrix Cloud, using the Citrix Remote PowerShell SDK:

On the same host as Jenkins, if I ran a PowerShell shell, and ran the exact same script, it’d work fine.

If I ran it in Jenkins, it would fail with an error like this:

Root Cause

The root cause is there’s something up with 32-bit PowerShell and the Citrix Remote PowerShell SDK.

Jenkins runs the 32-bit version of PowerShell because Jenkins itself is 32-bit. The reason the script worked in a PowerShell shell on the Jenkins host, was because the default on Windows is 64-bit PowerShell. As soon as I forced PowerShell 32-bit, I could reproduce the problem.

The Fix

The fix is to force Jenkins to use PowerShell 64-bit. There’s two options I found:

  1. You can workaround it with some good tips here: https://adamtheautomator.com/jenkins-powershll-64bit/#method-3-using-the-sysnative-powershell
  2. Or you can fix it fully by making Jenkins run on 64-bit Java: https://stackoverflow.com/questions/28331924/jenkins-powershell-plugin-is-running-32-bit-powershell-and-i-need-64bit

Install Citrix Cloud Connector on Server Core 2016

Scope

This post will provide some quick notes on installing the Citrix Cloud Connector on Server Core 2016.

Conceptual overview

  • We’re going to take our domain-joined Server Core installation and install the Citrix Cloud Connector on to it.
  • You can’t simply run the installer from the Server Core UI, because Server Core doesn’t have all the bits required for the Connector wizard to work.
  • So to work around this we’ll get an API Access key from Citrix Cloud admin UI and use that to install the connector silently on the command line.

Pre-requisites and considerations

  • It’s assumed you have installed Server Core 2016 and joined it to the domain.
  • I believe you’ll need an API access secure client entry for each controller you’re setting up. Happy to be corrected on this, but it feels like that’s the best way to go about this.
  • The API access key is tied to the Citrix Administrator. If that Adminstrator account is later revoked access or permissions changed, the API keys will stop working. More on this here.
  • As of right now (September 2018) installing the Cloud Connector on Server Core is not supported – however, the team is aware of appetite for this, and have a workstream open to do some testing with all the components.

Steps

Create an API Access secure client entry for the connector

Go to https://citrix.cloud.com > Identity and Access Management > API Access tab

Enter a descriptive name of your Server Core VM in the “Name your Secure Client box” and click Create Client – I typically use the VM hostname so it’s easy to track which controllers are using which credentials. If you want to add more contextual info, do so. The field isn’t tied or reliant on the VM name at all.

Store the ID and the Secret given to you in a secure place. You’ll never be given the Secret again, so I’d recommend storing it securely.

Gather required information

To install the connector from the command line you’ll need the following information:

  • Citrix Cloud Customer ID
    • You’re told this just before you make the API access credentials, when entering a secure client name.
  • API Access secure client ID
    • You’re told this when you make the API access credentials
  • API Access secure client Secret
    • You’re told this when you make the API access credentials
  • The ID of the Resource Location you’re installing the connector into.
    • This is the UUID of the Resource Location, not its friendly name. You’ll find it in the Resource Locations – click on “ID” to view it.

Download the Connector onto the Server Core VM

Log in to the Server Core VM and run the following, replacing “yourcustomeridhere” with your Customer ID

Install the connector silently

Now, from the same command line, build your silent install command, replacing yourcustomeridhereyourclientidyourclientsecret, and yourresourcelocationid with the information you gathered earlier, and run it:

That’s it. You won’t get confirmation that it worked, so you’ll need to check via Citrix Cloud

Check your Resource Location to verify connectivity

Go back to the Citrix Cloud UI and check your Resource Locations to verify if the connector is being setup. It can take a few minutes to complete.

Uninstalling the Cloud Connector

Should you need to Uninstall the Cloud Connector from Server Core, you can run:

It looks like this isn’t documented (not mentioned if you use /?) but it does work.

Further reading

 

Base image automation – download the latest installers for common apps with PowerShell

Overview

Long overdue, and inspired by @xenappblog and @CIT_Bronson, I’m finally documenting this.

In the Citrix RTST environment, we are frequently updating our base images with the latest common apps. To help with this, I cobbled together some scripts that will grab the latest version of apps like Chrome Enterprise, Firefox, VLC, Visual Studio Code, NotePad++, and FileZilla.

PowerShell Scripts

Below is a list of super-basic PowerShell snippets that will get the latest versions of software commonly installed on base images in a Citrix XenApp-Virtual Apps and Desktops-type environment. They include the URLs used; useful if you just need the URLs for your own purposes.

The key to all of these is the URLs used – most installers have special URLs you can use to get the latest installer, but the challenge is finding them!

Some of the techniques used in these scripts may be useful to help build scripts for other apps you may need for your environment.

You’ll need to change $output or -OutFile location to match where you want the installer to be saved.

Get Latest Google Chrome Enterprise

This will get you the latest stable build of Enterprise Google Chrome:

Get Latest Firefox

Get Latest VLC

Get Latest Visual Studio Code

Get Latest NotePad++

Get Latest FileZilla

Other resources

The End-User Computer (EUC) community, including Citrix Technology Professionals (CTPs) are already sharing their techniques for getting other apps, including Adobe Reader DC, XenServer tools, and Firefox. If you’ve got something to share, let me know in the comments and I’ll get it added!

Remove snapmirror relationships en-mass with NetApp’s PowerShell tools

Anyone who’s tried to remove Snapmirror relationships using the NetApp commandline knows how painful it is. Recently, I had a need to remove all snapmirror relationships from a number of NetApp storage systems and figured I’d play with NetApp’s PowerShell toolkit to see if I could semi-automate the process.

Connecting to multiple storage systems with the NetApp PowerShell Toolkit

Scope

This post discusses methods to connect to multiple NetApp Storage Systems using the NetApp PowerShell Toolkit, and then execute commands against those storage systems