Thursday, February 16, 2012

Integrating IBM Tivoli Access Manager for Enterprise Single Sign-On 8.0 on XenDesktop 5.5

IBM TAM-ESSO use its own GINA called engine.dll. When a new user logs on from the AccessAgent GINA, the private desktop first verifies that the user is a valid user, and then creates a Windows desktop for that user. It then loads the user's Windows profile, and creates the user's shell (starting Windows Explorer, and so on) for the user to interact with the desktop. When we install XD 5.5 VDA , it has its own GINA picagina.dll which works along with Microsoft GINA which is MSGINA. It is very important to understand how this authentication will take place as you want WI to perform AD based authentication for the VDA.

In order to integrate we should follow the order of installation of SSO and VDA. First AM-SSO is installed on Virtual Desktop.

To install use executable and it will walk you through installation wizard

  1. Double click and run the wizard

image

2.  This TAM E-SSO agent create a folder called Encentuate which was acquired by IBM.

image 

3. This is will ask for TAM SSO server

image

4.  Configuration of TAM SSO server will prompt to reboot.

image

5. After reboot  following screen will come which says GINA is modified . Login to windows logon

image

6. Check the following registry location and note down the change in GINA location . This Gina is from AM-ESSO which is "engine.dll"

image

7.  Now install the VDA 5.5 and reboot the machine check the same winlogon key  and verify the GINA. Now there is two GINA . One GINA modified by VDA and other had been added by Microsoft.

image

8. In order to work with SSO the sequence of GINA should be in the following order PICAGINA >> TAM-ESSO GINA >> MSGINA. Reboot this machine into safe mode and point both the registry key to following location.

image

9. After that VD is boot and assigned to the desktop group which I am not going to show here. Once the desktop launch it will be prompt for the AM-ESSO user name and password.

image

10. Once it is authenticated it will pass Active directory authentication . First time it will prompt to save the password

image

If you try to install the VDA first and SSO second then this is what the error message will come

image

Thanks to my friend Sandip for providing  CTX119665

Also Red book from IBM helped to give fair idea about AM-SSO GINA

Wednesday, February 15, 2012

How to Change Desktop Dirctor Dashboard Display

Desktop Director by default display only five count for display of Catalogs and Desktop Groups. 

image 

To change this display we need to make changes on IIS setting on Desktop Director server . This is located under Application setting of DesktopDirector website as shown below

image

After this change reset the IIS.  After this change Desktop Director display  10 setting. image

Monday, February 6, 2012

How to shut down arrogant VM on XenServer

Sometime VM hang and restarting xapi and toolstack  will not  help . There is a good way of doing this , oh yeah

1. Run xe vm-list and in this case INBLREHVDI0007 is the VM which says running image

2. Run list_domains command and find out domain ID . In this case it is 246.image

3. Destroy the domain using . This will sit as usual but press control + c and come out of the prompt.image

4. Run list_domains and check the domain ID has been changed.image

5. Reboot the VM and it will work perfectly .

image

Source is here