VSS System Writer Missing

We recently upgraded our active directory controller from 2003 to 2008 R2.  After the upgrade the backup team came to me and said backups were failing on the new DCs.  Running a “vssadmin list writers” would show that the system writer was missing.  I tried running the usual repair process for VSS (permissions and reregister DLLs) but nothing was working.  Additionally, every time you restart the volume shadow service the following event would show in the application log.

Log Name: Application
Source: Microsoft-Windows-CAPI2A
Event ID: 512
Task Category: None
Level: Error
Description:
The Cryptographic Services service failed to initialize the VSS backup “System Writer” object.

Details:
Could not open the EventSystem service for query.

System Error:
Access is denied.

 

After some troubleshooting and Googling I found the answer.  The problem was with a GPO that was being applied to the DCs.  The GPO was put in place years ago by someone in the backup team to give their service account access to some of the services on the machine.  The problem was with the service EventSystem (COM+ Event System).  The SERVICE account needs read permission to that service for VSS to function properly, this permission was missing from the GPO.  I added the NT AUTHORITY/SERVICE account with read permission to the GPO and ran a GPUPDATE /force on the DCs.  Restart the Cryptography service and the volume shadow service and the system writer is now back and happy.

XenDesktop 7 BrowserName attribute incorrect

A user found this issue because on his mobile device (IPad) it said he was connected to an app that he did not open. Here is the scenario:

1. copy an existing app named “Calculator1″
2. Rename the copied app to “Calculator2″
3. The web interface and receivers will now show the new name. But when the user connects to calculator2 from an Ipad, goes to “switch apps” button on receiver, it will show connected to calculator1.

Looking into the problem further, I ran a Get-BrokerApplication -name calculator2.

ApplicationType : HostedOnDesktop
BrowserName : Calculator1
CommandLineExecutable : c:windowssystem32calc.exe
Name : Calculator2
PublishedName : Calculator2

This appears to be a bug in XenDesktop 7.  Whenever you copy or rename an app it does not update the BrowserName attribute to the new name.  To fix this you can run the below PowerShell script from a DDC.  This script will make the BrowserName match what is set for PublishedName for all apps in your farm/site.

 

Import-Module Citrix.XenDesktop.Admin
Add-PSSnapin Citrix.*
$apps = get-brokerapplication
foreach ($app in $apps){
$appname = $app.Name
Set-BrokerApplication -Name $appname -BrowserName $appname
}

 

Set DNS and Hostname on all ESXi Hosts in a Cluster

This script can be used to configure DNS settings on each host in the cluster.  It will set the DNS Server addresses and will also set the hostname to match what was used when adding it to vcenter.  If you added the host to vcenter by IP then you will want to comment that section out.

As with any VMWare script, you will need the latest version of VMWare PowerCLI installed to run this.

 
Connect-VIServer vcenter.domain.com
$Cluster = "Clustername"
$ESXHosts = Get-Cluster $Cluster | Get-VMHost

ForEach ($ESXHost in $ESXHosts){

#Set DNS Servers
Get-VMHost | Get-VMHostNetwork | Set-VMHostNetwork -DnsAddress [8.8.8.8],[9.9.9.9]

#Set DNS domain and search domains
Get-VMHost | Get-VMHostNetwork | Set-VMHostNetwork -Domain domain -SearchDomain domain.com, child1.domain.com, child2.domain.com

#Get hostname from vcenter, set Hostname
$hostnamearray = $ESXHost.name.split(".")
$hostname = $hostnamearray[0]
Get-VMHostNetwork -VMHost $ESXHost | Set-VMHostNetwork -HostName $hostname 
}