Jun 14, 2015
Citrix Edgesight 5.0.1
Helmut Hauser
Consulting Enterprise Services
visionapp AG
Agenda
13.04.23 3© visionapp
What´s new ?
New Features of Edgesight 5.0.1
13.04.23 © visionapp 4
Citrix Edgesight 5.0.1 – What´s new ?
> Since December 12 EdgeSight 5.0.1 Service Pack 1 has been released to web.
File: EdgeSight_5.0.1_647-2279.iso
The Device Summary report did not allow users to select a specific device. The Device Summary report now has a device picker, allowing users to display summary data for a specific endpoint device.
The Device CPU and Device Memory pie charts displayed inconsistent device counts due to time zone offsets. The Device CPU and Device Memory pie charts now display correct and consistent device counts.
Addressed an issue where XenDesktop printers could not be mapped when the EdgeSight agent was running.
The shutdown of a Windows 2008 system with low memory caused a system hang or critical system error when running the EdgeSight Agent. The agent software has been changed avoid this issue.
Edgesight 5.0.1 Service Pack 1
13.04.23 5© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
Addressed a problem where the following error is observed when installing EdgeSight 5.0 using SQL Server 2000 (with SQL 2000 Reporting Services): Error publishing reports: System.Web.Services.Protocols.SoapException: There is an error on Line 39 of custom code: [BC30451] Name 'amp' is not declared.
Microsoft.ReportingServices.ReportProcessing.ReportProcessingException: There is an error on Line 39 of custom code: [BC30451] Name 'amp' is not declared.
Known issues:
Conflicts Between Antivirus and Security Software and the EdgeSight Agent
In some cases, antivirus and security software can interfere with the normal operation of EdgeSight Agent software.
Symantec Enterprise Client Security, McAfee VirusScan 8 or 8i with Patch 10, McAfee Host Intrusion Protection (HIPS) V7.0
Edgesight 5.0.1 – SP1 Continued
13.04.23 6© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
> Search Capability for Reports.
> This version of EdgeSight Server is supported on Microsoft Windows Server 2008, including Enterprise, Standard, and DataCenter editions.
> Windows Integrated Authentication for SQL Server Access – This version of EdgeSight uses Windows Integrated Authentication for SQL Server access as opposed to SQL authentication.
> Basic and Advanced XenApp Agents – Basic agents provide the Resource Management capability that is included in XenApp-Enterprise Edition and require only that you have a XenApp Enterprise license available on your Citrix Licensing Server.
> Advanced agents provide the fully featured version of EdgeSight for XenApp and require that you have either a XenApp-Platinum Edition license or an EdgeSight for XenApp license available on your Citrix Licensing Server.
What´s new
13.04.23 7© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
> Active Application Monitoring Alerts – The EdgeSight Server Console displays alerts received from the Active Application Monitoring Agent.
> User Interface Enhancements – The EdgeSight Server console UI has been redesigned to make it easier to find the information you want. Tabs allow you to quickly move between real-time monitoring and the display of historical reports.
> Farm Monitor – The Farm Monitor allows you to browse through a XenApp Server Farm and display real time data about alerts for one or more devices. The monitor provides detailed contextual data about activity on the device at the time of a selected alert, including performance counters, sessions, processes, and network usage.
> Ability to suppress alerts for devices or sources (Maintenance Mode) Clear the suppression of alerts after a specific amount of time.
What´s new continued
13.04.23 8© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
And … A (working) prerequisite check
13.04.23 9© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
And … Finally SQL Windows Authentication(Goodbye SPECTUser)
13.04.23 10© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
And … Active Directory User can be set up for Database Connection Local user is still supported
13.04.23 11© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
And … Web Interface 5 Style/Skin
13.04.23 12© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
13.04.23 13© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
13.04.23 14© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
13.04.23 15© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
And … Realtime & Troubleshooting(Adobe Flash and Active X Required)
13.04.23 16© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
And … Realtime Alerts
13.04.23 17© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
And … Default RulesRules for Health Check Monitoring Service
13.04.23 18© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
And … Active Application Monitoring
13.04.23 19© visionapp
Prerequisite: Visual J# 2.0 Communication Launcher <-> Controller via Port 18747
Citrix Edgesight 5.0.1 – What´s new ?
And …Update from 4.5 (SP4) is possible.It works.
13.04.23 20© visionapp
URL changes from Server/edgesight40 to Server/edgesight
Citrix Edgesight 5.0.1 – What´s new ?
>Warning
> The Licenseserver supplied on the Edgesight 5.0.1 Media is Licenseserver version 11.3
> Download and install Licenseserver version 11.5
> Update the main (Farm) Licenseserver as the agents will check-in and check-out their Licenses from the Farm Licenseserver NOT from the Edgesight Licenseserver
13.04.23 21© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
EdgeSight Agent Functionality Level Cannot Be Chosen When Installing on Presentation Server 4.0 System
When installing the EdgeSight for XenApp 5.0 agent on a system running Presentation Server 4.0, you cannot choose the agent functionality level (Basic or Advanced). The agent is installed with the Basic functionality enabled by default.
Workaround: If you need to enable the Advanced agent functionality, and you have either a XenApp-Platinum Edition license or an EdgeSight for XenApp license available on your Citrix Licensing Server, open the Citrix System Monitoring Agent and select the Advanced functionality setting.
Licensing
13.04.23 22© visionapp
Citrix Edgesight 5.0.1 – What´s new ?
13.04.23 23© visionapp
Basic Mode on PS 4 - Work around (If Licensed)
Resource Manager functionality only
Citrix Edgesight 5.0.1 – What´s new
13.04.23 24© visionapp
Basic Mode on PS 4
Citrix Edgesight 5.0.1 – What´s new ?
13.04.23 25© visionapp
Advanced Mode on PS 4
Citrix Edgesight 5.0.1 – What´s new ?
13.04.23 26© visionapp
Advanced Mode on PS 4
Citrix Edgesight 5.0.1 – What´s new ?
13.04.23 27© visionapp
Advanced Mode on PS 4
Msiexec /i /q /norestart c:\EdgeSightXAAgent.msiSERVER_NAME=XXX COMPANY=XXXREMOTE_SECURITY=0 FUNCTIONALITY_MODE=1
Documents and Settings\All Users\Application Data\Citrix\System Monitoring\Data\Edgesight.ini
[Core]Sinstance=xxxxx-xxxxx-xxxx-xxxxxxDatabaseCompactInProgress=0[Mode]UpdateFuncMode=2 [Basic]UpdateFuncMode=1 [Advanced]
Manual change can be restrictedHKLM\Software\System Monitoring\Agent\Ctrx\4.00\Control Pannel\AllowFunctionalityMode = Dword 0 or 1 (1=restricted)
The good, the bad, the ugly
What has not changed and new (known) issues.
13.04.23 © visionapp 28
The good, the bad, the ugly
• NO Copy and Paste functionality in some fields of Rules
• NO Active Rollout of Agents, still Reboot required
• NO corresponding time field in some Reports (WHEN did WHAT happen ?
• Input validation issues with rules may crash database
• DB automatic user change to Edgesight (should be master)
• Issue with Daylight Saving time – Has to be turned OFF to work
• Only 8 configurable items in the Dashboard
• Ability to monitor ONLY XENAPP and Endpoint computers
• Phoning home ?
13.04.23 © visionapp 29
Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
13.04.23 30© visionapp
Agents – Reboot Required – No active Rollout
Caused due to “hooking” into system DLLs as e.g. winsock.dll.
Citrix Edgesight 5.0.1 –What´s new
13.04.23 31© visionapp
Daylight saving ? – turn it off
If this is set to yes – set it to “No” or it will screw up the time
Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
13.04.23 32© visionapp
Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
13.04.23 33© visionapp
Use SSL/443 if possible (Endpoints)
Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
13.04.23 34© visionapp
Use URLSCAN 3.1 to avoid SQL-Injection
Download and Install URLSCAN 3.1 from:http://iis.net/downloads/default.aspx?tabid=34&g=6&i=1697
Documentation can be found at:http://learn.iis.net/page.aspx/476/common-urlscan-scenarios
Remove IIS Header [Banner]Block SQL Injection Strings
Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
13.04.23 35© visionapp
Use URLSCAN 3.1 to avoid SQL-Injection
[options]RemoveServerHeader=1
RuleList=SQL Injection,SQL Injection Headers
[SQL Injection]AppliesTo=.asp,.aspxDenyDataSection=SQL Injection StringsScanUrl=0ScanAllRaw=0ScanQueryString=1ScanHeaders=
Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
13.04.23 36© visionapp
Use URLSCAN 3.1 to avoid SQL-Injection
[SQL Injection Strings]--%3b ; a semicolon/*@ ; also catches @@char ; also catches nchar and varcharalterbegincastconvertcursordeclaredeletedropendexec ; also catches executefetchkillopenselectsys ; also catches sysobjects and syscolumnstable
Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
13.04.23 37© visionapp
Use URLSCAN 3.1 to avoid SQL-Injection
[SQL Injection Headers]AppliesTo=.asp,.aspxDenyDataSection=SQL Injection Headers StringsScanUrl=0ScanAllRaw=0ScanQueryString=0ScanHeaders=Cookie
Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
13.04.23 38© visionapp
Use URLSCAN 3.1 to avoid SQL-Injection
[SQL Injection Headers Strings]--@ ; also catches @@altercastconvertdeclaredeletedropexec ; also catches executefetchinsertkillselect
Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
13.04.23 39© visionapp
Default Database change to EdgeSight
The Problem – If the Edgesight Database is deleted no login to SQL Server is possible for this user
Security by obscurity ? …
Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
13.04.23 40© visionapp
Dashboard – Only 8 Items allowed
Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
13.04.23 41© visionapp
Monitoring – only XENAPP and Endpoints
Edgesight is not designed to monitor other infrastructure servers as
- Licenseserver- Webinterface- SQL Server-(…)
Citrix Edgesight 5.0.1 – The good, the bad, the ugly …
13.04.23 42© visionapp
Phoning home ?
Dbo.confighttps://secureportal.citrix.com/Edgesight/V5/scrash/XSL
How does it work ?
Inside Edgesight 5.0.1
13.04.23 © visionapp 43
Edgesight 5.0.1 - How does it work ?
The Architecture
13.04.23 44© visionapp
Edgesight 5.0.1 - How does it work ?
13.04.23 45© visionapp
Directory Structure
Edgesight 5.0.1 - How does it work ?
13.04.23 46© visionapp
Agent – Local Firebird Instance
Firebird Firebird 2.0.0 (Win32 Build)
This DBMS is used as Local SQL Server.Edgesight stores it´s payload in the DBMS.The Payload is being uploaded as a delta by the worker threadstwice a day. This saves network bandwith.
The Database is located atRSDatr = C:\Documents and Settings\All Users\Application Data\Citrix\System Monitoring\Data\RSDatr.fdb
Edgesight 5.0.1 - How does it work ?
13.04.23 47© visionapp
Initial contact from agent to server
TCP/IP communication http port 80/443
GET edgesight/app/suser/cfgsync.aspx
Rzpd:/edgesight/app/suser/ZRemotelib.zpd ztconst.vbs
GET edgesight/app/suser/init.aspx
Rzpd:/edgesight/app/suser/ZRemoteLib.zpd#500!lsync.htm
POST /app/suser/autosync.aspx (payload upload)
Response http 901 Payload Processed(907 = Exception)
Verisign certificate is exchanged between Agent and ServerMail is sent (if this is a new device)
Edgesight 5.0.1 - How does it work ?
13.04.23 48© visionapp
Wireshark – SYN/ACK (3-way handshake)
Edgesight 5.0.1 - How does it work ?
13.04.23 49© visionapp
Wireshark – GET configsync.aspx
Edgesight 5.0.1 - How does it work ?
13.04.23 50© visionapp
Wireshark – Zremotelib.zpd
Edgesight 5.0.1 - How does it work ?
13.04.23 51© visionapp
Wireshark – init.aspx
Edgesight 5.0.1 - How does it work ?
13.04.23 52© visionapp
Wireshark – sync.htm
Edgesight 5.0.1 - How does it work ?
13.04.23 53© visionapp
Wireshark – no config changes
Edgesight 5.0.1 - How does it work ?
13.04.23 54© visionapp
Wireshark – sending payload (autosync.aspx)
Edgesight 5.0.1 - How does it work ?
13.04.23 55© visionapp
Wireshark http 901 – Payload processed
Edgesight 5.0.1 - How does it work ?
13.04.23 56© visionapp
Wireshark SMTP – New Agent
Edgesight 5.0.1 - How does it work ?
13.04.23 57© visionapp
Done ! (Fin)
Troubleshooting
If it does not do what it is supposed to …
Prerequisites – Message Queuing, .Net Framework 2.0 SP1
SQL Server 2005 SP2 Reporting Services Configuration
Agent Logfiles, Antivirus Exclusions (Firebird DB)
Agent Install, Realtime-Access, Winsock Errorcodes
13.04.23 © visionapp 58
Citrix Edgesight 5.0.1 –Troubleshooting
13.04.23 59© visionapp
Message Queuing – Use AD Account NOT local Account
Citrix Edgesight 5.0.1 –Troubleshooting
13.04.23 60© visionapp
Citrix Edgesight 5.0.1 –Troubleshooting
13.04.23 61© visionapp
Reporting Services (SQL 2005 SP2)
Citrix Edgesight 5.0.1 –Troubleshooting
13.04.23 62© visionapp
Reporting Services (SQL 2005 SP2)
Citrix Edgesight 5.0.1 – Troubleshooting
> C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportManager\RSWebApplication.config
<Configuration>
<UI>
<ReportServerUrl></ReportServerUrl>
<ReportServerVirtualDirectory></ReportServerVirtualDirectory>
<ReportBuilderTrustLevel>FullTrust</ReportBuilderTrustLevel>
</UI>
(…) something is missing here
13.04.23 63© visionapp
Citrix Edgesight 5.0.1 – Troubleshooting
> C:\Program Files\Microsoft SQL Server\MSSQL.2\Reporting Services\ReportManager\RSWebApplication.config
FIXED Configuration
<Configuration>
<UI>
<ReportServerUrl></ReportServerUrl>
<ReportServerVirtualDirectory>ReportServer
</ReportServerVirtualDirectory>
<ReportBuilderTrustLevel>FullTrust</ReportBuilderTrustLevel>
</UI>
(…)
13.04.23 64© visionapp
Citrix Edgesight 5.0.1 –Troubleshooting
13.04.23 65© visionapp
Reporting Services (SQL 2005 SP2) Rights
Citrix Edgesight 5.0.1 –Troubleshooting
13.04.23 66© visionapp
Reporting Services (SQL 2005) Encryption Keys
Citrix Edgesight 5.0.1 –Troubleshooting
13.04.23 67© visionapp
Autostart of SQL Agent Service
Citrix Edgesight 5.0.1 –Troubleshooting
13.04.23 68© visionapp
Autostart of SQL Agent Service
Citrix Edgesight 5.0.1 –Troubleshooting
13.04.23 69© visionapp
Agent Logfiles
Citrix Edgesight 5.0.1 –Troubleshooting
13.04.23 70© visionapp
Agent Logfiles
Citrix Edgesight 5.0.1 –Troubleshooting
13.04.23 71© visionapp
Antivirus Exclusions
Citrix Edgesight 5.0.1 –Troubleshooting
13.04.23 72© visionapp
Registry
Citrix Edgesight 5.0.1 –Troubleshooting
13.04.23 73© visionapp
Real-Time Agent AccessRemote Security
This is needed for automatic value updates e.g. Real Time Reports (Troubleshoot) or Dashboard (Monitor)
Edgesight has to log on to the target Device[Local Administrator rights required]A Group can be added at HKLM\SOFTWARE\CITRIX\System Monitoring\Agent\Core\4.00\RemoteSecurityGroup
Msiexec /i /q /norestart c:\EdgeSightEPAgent.msiSERVER_NAME=XXX COMPANY=XXXDEPARTMENT=Endpoint REMOTE_SECURITY=0
Citrix Edgesight 5.0.1 –Troubleshooting
> http://msdn.microsoft.com/en-us/library/ms740668(VS.85,printer).aspx
10013 Permission denied. 10035 Resource temporarily unavailable.
10050 Network is down. 10051 Network is unreachable.
10052 Network dropped connection on reset. 10053 Software caused connection abort.
10054 Connection reset by peer. 10060 Connection timed out.
10061 Connection refused. 10064 Host is down.
10065 No route to host. 11001 No such host is known
Winsock Errorcodes
13.04.23 74© visionapp
Additional information can be found at:
Thank you very much for your attention.
Do you have any questions?
http://www.visionapp.com
visionapp Ltd.
Office London
(United Kingdom)
107-111 Fleet Street
London EC4A 2AB
phone: +44-20-7936-9112
fax: +44-870-385-0936