Update MCS VDA 2019

1. <#####
2. Stand alone XenDesktop MCS VDA Installer
3. Written by David Ott
4. I wrote this script because I have over 100 stand alone MCS VDAs.  Upgrading the VDA software
5. becomes a huge pain as you can imagine.  
6.  
7. ***** Pay attention to anything marked with ##### as you will need to customize the script for
8. your environment.*****
9.  
10. This will only work on Windows VDAs!!
11. Requirements:
12. Know the local admin credentials for your MCS desktops
13. VDA Cleanup Utility (google it and download the latest version)
14. Citrix Virtual Apps and Desktops .iso extracted to a network share
15. Domain credentials for accessing the file share
16.  
17. How it works:
18. 1. You can query your delivery controller for all VDAs you wish to upgrade, or you can run it against individual VDAs
19. I'd suggest running it against individual VDAs until you are comfortable with the results.  Noted in the first part of the
20. script after the BEGIN line
21. 2. Once the script knows which computer(s) you wish to upgrade it will create 2 powershell scripts on the C:\ drive of each
22. computer, and 2 scheduled tasks to run them.
23. 3. The first scheduled task will run as system, add auto logon information into the registry, and restart the computer
24. 4. The second scheduled task (the meat and potatoes) will run at logon (local admin user set to auto logon).  It will uninstall
25. any existing VDA using the VDA Cleanup Utility (always use the latest one Citrix has available), install the new VDA from
26. the mapped drive (session recording optional), clean up the auto logon info/files, and reboot.
27.  
28.  
29. #####>
30. #####***** BEGIN *****#####
31. ##### Remove comment start from the line below to allow the script to grab every MCS desktop in a specified delivery group
32.  
33. <#$computers = Invoke-Command -ComputerName <your delivery controller> -ScriptBlock {
34. asnp citrix*
35. ##### Edit the line below with the MCS desktop group name, and the current agent version
36. Get-BrokerDesktop -MaxRecordCount 1000 -DesktopGroupName "DESKTOP GROUP NAME" -Filter {(agentversion -lt "1811") -and (sessionstate -ne "active")} | select -expand dnsname
37. ##### If you use this remove the end comment below
38. }#>
39.  
40. ##### If you want to run this script against an individual computer enter the computer name below
41. ##### (this is how you should run it while testing!)
42. ##### If you are querying the delivery controller for all MCS desktops in a delivery group comment the line below
43. ##### by adding "#" before $computers
44. $computers = "VDA1"#,"VDA2","VDA3"
45.  
46. ##### enter the path to the extracted .iso
47. $drive = "\\server\share\Citrix_Virtual_Apps_and_Desktops_7_1811"
48. ##### this is the log file that is created on C: of the MCS desktops - name it something unique for each VDA version
49. $logfile = "c:\upgrade1811.log"
50. ##### This is the text that is copied to the MCS desktop to allow the local administrator account to logon automatically
51. ##### Make sure you update LoCalPassword to the correct local admin password, and Administrator to the local admin account (if not "administrator") - line 57.  
52. ##### Leave everything else as is.
53. $script1 = @"
54. `$log = "logfile"
55. if (!(test-path `$log)) {
56. sp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name AutoAdminLogon -Value "1" -type string
57. sp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name DefaultPassword -Value "LoCalPassword" -type string ##### Local Admin Password
58. sp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name DefaultUserName -Value "Administrator" -type string
59. sp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name DefaultDomainName -Value "computername" -type string
60. "Start "+(get-date).ToString() | out-file `$log
61. Restart-Computer -force
62. break
63. }
64. "@
65.  
66. <##### This is the text for the actual upgrade script and you will have to make some changes for your environment.
67. Because I am using a domain account I like to obscure the password in the file using a key, but you don't have to do that.
68. To use this method highlight the below line in powershell_ise and hit F8 to load the key as a vairable
69. $key = (1,43,9,221,4,2,78,42,101,32,45,87,76,12,43,66,12,78,8,94,54,23,22,65)
70. To get the obscure string
71. "Password1" | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString -Key $key
72. Take the text from that line and replace it as the text after "$string =" below (one line between quotes) - line 104
73. Then update the "domain\username" to the account you want to use in the "$creds" - line 106
74. Alternatively if you want to store the password in plain text and avoid that extra work
75. change the $password line (105) to:
76. `$password "YourPasswordHere" | convertto-securestring -asplaintext -force"
77. then comment out lines 103 and 104 by adding a # to the beginning of the line
78. Below that you will notice the same lines as from the first script to ensure that the local admin can auto logon if the first script
79. did not execute.  Like above edit the local admin credentials. - line 112
80. below that look for the line that starts with `$installargs (line 152).  These are the install arguements for the VDA.  The main thing you will want to do
81. is update the delivery controllers in that command (fqdns separated by a space).
82. If you want to install session recording uncomment lines 157 and 158 by removing the "#" character from the beginning of the line and
83. change "sessrecsvr.domain.com" in line 156 to the fqdn of your session recording server
84. #####>
85. $script = @"
86. function cleanup {
87. sp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name AutoAdminLogon -Value "0" -type string
88. sp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name DefaultPassword -Value `$null -type string
89. sp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name DefaultUserName -Value "PowerUser" -type string
90. sp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name DefaultDomainName -Value `$null -type string
91. #Unregister-ScheduledTask -TaskName upgrade -confirm:`$false
92. #unregister-scheduledtask -taskname kickoff -confirm:`$false
93. & schtasks /delete /tn kickoff /f
94. & schtasks /delete /tn upgrade /f
95. ri c:\upgrade.ps1
96. ri c:\upgradetmp.ps1
97. ri c:\VDACleanupUtility.exe -force
98. ri "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix" -recurse -force
99. }
100. `$share = "$drive"
101. `$culog = "`$env:temp\Citrix\VdaCleanup\CleanupToolLog.txt"
102. `$log = "logfile"
103. `$key = (1,43,9,221,4,2,78,42,101,32,45,87,76,12,43,66,12,78,8,94,54,23,22,65)
104. `$string = "76492d1116743f0423413b16050a5345MgB8AHEAVgA2ADMAegBDAEoANgB0AG0AZAB4AEkAdwB1AHIAaABCAFoAMgBjAFEAPQA9AHwAMAAyADAAOAAyADQAMgBmADkAZAA1AGQAOQA1ADgAYwAxADIAMAA2AGQAMwA3AGQANAAxADQAZgAzADMANgAxADUANwBiADQAMQA5ADkAMwBiAGMAZQBlAGQAMgA4AGMAMAAyADAAOQBlAGQANwBlAGUAZQA1ADMANwBiAGMANQA="
105. `$password = `$string | ConvertTo-SecureString -Key `$key
106. `$creds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "domain\username",`$password
107. if (!(test-path "citrix:\")) {
108. new-psdrive -name Citrix -psprovider filesystem -root `$share -credential `$creds
109. }
110. if (!(test-path `$log)) {
111. sp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name AutoAdminLogon -Value "1" -type string
112. sp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name DefaultPassword -Value "LoCalPassword" -type string ##### Local Admin Password
113. sp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name DefaultUserName -Value "Administrator" -type string
114. sp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name DefaultDomainName -Value "computername" -type string
115. "Start "+(get-date).ToString() | out-file `$log
116. Restart-Computer -force
117. break
118. }
119. `$gc = gc `$log
120. if (`$gc -match "vda removal" -eq `$false) {
121. "vda removal start "+(get-date).tostring() | Out-File `$log -Append
122. if (test-path `$culog) {ri (split-path `$culog -parent) -recurse -force}
123. `$p = Start-Process -FilePath C:\VDACleanupUtility.exe -ArgumentList "/silent" -passthru
124. wait-process `$p.id
125. break
126. } else {
127. if (get-process vdacleanuputility -ea silentlycontinue) {
128. "vda removal continue "+(get-date).ToString() | Out-File `$log -Append
129. get-process vdacleanuputility -ea silentlycontinue | wait-process
130.  
131. }
132. if ((gp HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce) -match "citrixvdacleanup") {
133. break
134. }
135. #start-process powershell.exe -argumentlist "-script gc `$log -wait"
136. while ((gc `$culog -last 1) -notlike "*upload*") {start-sleep -s 1}
137. `$sesrec = gci HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall | %{
138. gp `$_.pspath | ?{`$_.displayname -like "*recording*" -and `$_.publisher -like "*citrix*"} | select displayname,uninstallstring
139. }
140. <#if (`$sesrec -ne `$null) {
141. "Uninstall Session Recording "+(get-date).tostring() | out-file `$log -append
142. if (`$sesrec.uninstallstring -like "*xendesktopsrsetup*") {
143. `$uninstall = `$sesrec.uninstallstring | ?{`$_ -like "*xendesktopsrsetup*"}
144. & cmd /c `$uninstall /quiet /noreboot
145. } else {
146. `$uninstall = `$sesrec.UninstallString -replace "msiexec.exe",""
147. Start-Process msiexec.exe -ArgumentList "/q /norestart `$uninstall" -Wait
148. }
149. }#>
150. `$dvd = (gwmi win32_logicaldisk | ?{`$_.volumename -like "XA*"} | select -expand deviceid)+"\"
151. `$setup = "Citrix:\x64\XenDesktop Setup\XenDesktopVDASetup.exe"
152. `$installargs = "/quiet /noreboot /components VDA,PLUGINS /controllers ``"deliverycontroller1.domain.com deliverycontroller2.domain.com``" /install_mcsio_driver /enable_remote_assistance /enable_hdx_ports /enable_hdx_udp_ports /optimize /enable_real_time_transport /enable_framehawk_port /masterimage /virtualmachine /exclude ``"Personal vDisk``",``"Citrix Telemetry Service``""
153. "Install VDA "+(get-date).tostring() | out-file `$log -append
154. Start-Process `$setup -ArgumentList `$installargs -Wait
155. `$sesins = "Citrix:\x64\Session Recording\SessionRecordingAgentX64.msi"
156. `$sesinsargs = "/quiet INSTALLLOCATION=``"C:\Program Files\Citrix``" ARPSYSTEMCOMPONENT=``"1``" MSIFASTINSTALL=``"1``" MSIRMSHUTDOWN=``"2``" METAINSTALLER=``"1``" SESSIONRECORDINGSERVERNAME=``"sessrecsvr.domain.com``" SESSIONRECORDINGBROKERPROTOCOL=``"HTTPS``" SESSIONRECORDINGBROKERPORT=``"443``" CLOUD=False REBOOT=ReallySuppress"
157. #"Install Session Recording "+(get-date).tostring() | out-file `$log -append
158. #start-process `$sesins -argumentlist `$sesinsargs -wait
159. cleanup
160. restart-computer -force
161. }
162.  
163. "@
164.  
165. foreach ($computer in $computers) {
166. ##### here the text above is placed into .ps1 files on the VDA
167. ($script -replace "computername",$computer) -replace "logfile",$logfile | Out-File "\\$computer\c`$\upgrade.ps1"
168. ($script1  -replace "computername",$computer) -replace "logfile",$logfile | Out-File "\\$computer\c`$\upgradetmp.ps1"
169. ##### Below edit the path for the VDACleanupUtility so it can copy to the VDA
170. cp \\server\share\VDACleanupUtility.exe \\$computer\c`$
171. ##### if the invoke command fails it probably means winrm is not configured
172. ##### if it works then it will create 2 tasks - you will see an error about the one that has a start date in the year 2000 - ignore it
173. ##### Edit the Administrator username if it is not logging in as "Administrator" (line 176)
174. Invoke-Command -ComputerName $computer -ScriptBlock {
175. & schtasks /create /tn kickoff /tr "powershell.exe -executionpolicy unrestricted -file c:\upgradetmp.ps1" /sc ONCE /sd "12/12/2000" /st 12:00 /ru SYSTEM /rl highest
176. & schtasks /create /tn upgrade /tr "powershell.exe -executionpolicy unrestricted -file c:\upgrade.ps1" /sc ONLOGON /ru Administrator /rl highest
177. & schtasks /run /tn kickoff
178. }
179. }