HP ThinPro - Upgrade the Omnissa Horizon Client

Introduction

We are able to update the HP ThinPro operating system as new releases become available.  And this will generally result in new software updates as well - Mozilla Firefox, Citrix Workspace, FreeRDP, etc.  Organizations who use the great Horizon View VDI solution will be keen keep the Omnissa Horizon Client as close to the latest release as possible.  This will entail provisioning  releases of the Horizon client that are made available in-between ThinPro OS upgrades.  In this blog I show you how to create a Horizon Client template, and how to deploy it to a client.  I will also show you how to overcome the expired certificate issue that may prevent you from upgrading your ThinPro Thin clients to the latest version of the Horizon View client.

Creating the Horizon View Template

As can be seen - currently my T530 ThinPro Thin client has Horizon View client version 2212 installed.

This version of the Horizon client comes with the HP ThinPro 8.1 sp6 Operating system.  We certainly do want to upgrade this to version 2506 because this newer version contains updated libraries, improved certificate handling, addresses various vulnerabilities, and is generally a more stable version of the Horizon Client.  So how do we achieve this?

Firstly, open up the HPDM console and navigate to the Templates & Rules node and click on HP Update Center.

Filter the results so that the desired version for your OS is listed.

Click on Generate Templates.  The Package Description Editor window appears.  

Click on Generate.  You are prompted to select the appropriate OS.  Click on OK

The Generate Templates window appears informing you that the Template was successfully created.  Click on OK and the Close.

After a few minutes your new Horizon Client template will appear in the Templates & Rules\Templates\All Templates section of the HPDM console.

Deploy the Horizon View Client - version 2506

Navigate to Manage Devices and right click on the Device/s to which you want to deploy the new Horizon client v2506.  

Select Send Task and then select File and Registry in the Category column and then select the omnissa horizon client in the Template column.

Click on Next. The Task Editor window appears.  Click on OK.

The job begins.  You can monitor the update progress in the Task & Reports\Device Tasks section of the HPDM console.  Hopefully the progress bar will turn green, indicating the Horizon client has successfully updated.  If it turns red you can proceed with the following workaround.

Workaround for Signature Block Verification: Expired certificate Error.

Your deployment may have failed with error code 14004022 indicating that the template is using an expired certificate.

If this is the case then navigate to Templates & Rules\Templates\All Templates.  Right click on the new Horizon client template and select Properties.  Select Script and then select Edit.

The Script Sub task window appears.  Enter in -k beside the xarinstall command as shown.

Click on OK and then OK.  You can now redeploy the new Horizon client - confident of a successful upgrade.

Conclusion

Our goal always is to provide the user with a secure and up to date digital experience - and this could not be more true than in the world of VDI.  I hope you have enjoyed this little blog and I hope it has armed you with the know-how so that you can update your ThinPro Horizon client agents to a newer, safer and more stable edition.

Create a MECM Query to get Intune Autopilot Device Import Information

Introduction

Intune Autopilot is a great new cloud provisioning feature.  While not as sophisticated as MECM task sequence based provisioning, it is nevertheless much easier to use and to master.  Of course, before we can provision a device using Autopilot, we are required to import the hardware hash into Intune.  One way to get this hardware hash is to run a PowerShell script.  Another way, if the device is in the MECM database,  is to run a canned MECM report called Windows AutoPilot Device Information.

Yes this report gives you the information, and with an export and some manipulation you can import this into Intune.  Many MECM/SCCM administrators, however, prefer to work with MECM queries instead.  They may not be so confident using the Report builder or native Transact SQL.  Mostly queries are there for the administrators only and they can quickly and easily be created as needed - whether that be to supply a manager with required hardware data, or as the underlining query for a collection.  And so I did create the MECM AutoPilot Hash Query.

Creating the AutoPilot Hash Query

In your MECM console navigate to Monitoring\Overview\Queries.  Right Click and select Create Query.  Provide a name for the Query such as AutoPilot Hash and then click on Edit Query Statement and then click Show Query Language.  Paste the following query into the Query Statement box.

select SMS_G_System_PC_BIOS.SerialNumber, SMS_G_System_COMPUTER_SYSTEM_PRODUCT.IdentifyingNumber, SMS_G_System_MDM_DEVDETAIL_EXT01.DeviceHardwareData from  SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_MDM_DEVDETAIL_EXT01 on SMS_G_System_MDM_DEVDETAIL_EXT01.ResourceID = SMS_R_System.ResourceId left join SMS_G_System_COMPUTER_SYSTEM_PRODUCT on SMS_G_System_COMPUTER_SYSTEM_PRODUCT.ResourceId = SMS_R_System.ResourceId

Click on OK.   Click on Next and then Next again and then on Close.  If desired you can also Right Click on the newly created Query and select Properties, and then limit the results to a collection of your choice; or indeed have it configured so that you are prompted for a collection when you run the report - a very useful feature that is not included with the canned Autopilot report discussed earlier.

Creating the Intune Import csv file

Open notepad and copy into it the following line.

Device Serial Number,Windows Product ID,Hardware Hash

Run the AutoPilot Hash query in the MECM console.  Click on CTRL and A to select the results.

Once selected click on CTRL and C to copy the data into the clipboard.  Press CTRL and V to copy the data into the notepad instance you have open.  Ensure that Word wrap is off and complete a replacement of the whitespace with two commas as shown.

You can now save this notepad file as a .csv file.  For instance, AutoPilotImport.csv.

Importing the Autopilot Hash data into Intune.

Sign into your Intune Portal and navigate to Devices\Windows\Enrollment\Windows Autopilot and then Devices.

Click on Import and browse to your Autopilot import file.  Intune will assess the file for any formatting issues.

Click on Import to register the hash data into Intune.

Conclusion

Retrieving the hardware hash data for Intune can be a tricky and time consuming task.  The MECM Autopilot report goes some way to make this easier - and I hope the Query detailed in this report makes the task even easier for you to manage.  I hope you enjoyed this little blog and I with you much success in your Intune Autopiloting importing tasks.

Intune - Android Custom Notifications and Play Lost Device Sound

Introduction

Recently I completed my half yearly task of rebuilding my MECM lab.  I do rely on evaluation licenses for most of my Microsoft products, and so it does make sense to rebuild on a regular basis for this reason.  In addition, building a MECM lab is always a great knowledge refresher.  I did enable MECM Cloud Attach, which of course meant I did have an instance of my old friend, Intune.  Now recently I have been working in air gapped environments - and this means no hands on Intune fun for a while.  I thought I would take the opportunity of refreshing my knowledge about this great product.  I did follow Jonathan Edwards great video on how to enable and manage Android enrolments into Intune.

How to Manage Android Devices in Microsoft 365 Using Intune

Having only recently purchased for myself a Lenovo tablet with Android v15 installed - I did ensure this device became enrolled into my Intune instance. Doing some experimentation (playing) I found two features so interesting I really did have to write about them.  Firstly let's look at the Custom Notifications feature.

Custom Notifications

So you would like to send an urgent message out to all your staff members, using their phones or tablets?  Perhaps warning of a security event or a reminder to fill in timesheets!  Intune has the Custom Notifications feature precisely for this sort of requirement.  Firstly, you will need to ensure a few settings are applied to your tablets or phones.  In my case I had to enable Notification permissions for both Intune and the Company Portal Apps.

Secondly, I needed to enable Notifications history.

The next step is to create a group in Intune.  Add into this group the users or their devices or both (I had more success when adding both user and the device).  In this case I created a group called Global Communications.

Next, Navigate to Tenant Administration\Custom Notifications.  Enter in your message and click on Next.

Click on Add Group and then place and tick next to your chosen group and then click on Select.

Click on Next and then Create.

After a few minutes your device will emit an attention chime and you can view the message on the lock screen.

In addition, you can view the message in your Intune Portal under Organization messages.

Play Lost Device Sound

Another fun feature is the ability to send a jingle from the Intune portal to the remote Android device.  A build engineer with dozens of identical tablets on his desk may find this very useful.  Can't find the tablet showing an issue in the portal?  Just send it the Play Lost Device Sound command and it will light up playing the jingle.  Likewise if a user knows the Android is near at hand but cannot find it - then this command may assist with tracking the device down.

In the Intune portal locate the device under the devices node.  Click on Play Lost Device Sound.

When prompted select the number of minutes you would like the jingle to play.

In this case I select one minute.  When clicking on Yes the targeted device will play the Lost Device Jingle.

If you do not chose to stop the sound you are presented with an information method as follows.

Conclusion

Intune is a great product and evolving all the time with great features.  I hope you enjoyed reading about the Custom Notifications and the Play Lost Device Sound features in this little blog.  I wish you similar success with your own experimentations.

HP Device Manager - Failed to connect to the Master Repository Controller

Introduction

You may notice the following error after signing into the HP Device Manager console:

Error Details: Failed to connect to the Master Repository Controller.  Maximum number of retries reached.

The Master Repository Controller is a component that manages payload content and synchronizes this content to child repositories.  Many tasks can be corrupted if there is an issue with the Master Repository Controller. For instance the Update Agent task may fail.  Perhaps the most common tasks are Capture and Deploy Files operations.  Follow the steps in this article to fix the Master Repository Controller connection issue.

Fix 1: Check the Service

Run services.msc and ensure that the HP Device Manager Master Repository Controller service is running.  Start the service if it is in a stopped state.

Fix 2: Reinstall the HP Device Manager Master Repository Controller service

In some cases the service may start but then stop a few minutes or seconds later.  In this case consider reinstalling the HP Device Manager Master Repository Controller service.  Your database and configuration will be retained.

You can initiate a reinstall by running HPDMMasterRepositoryController.exe.  The default location for this will usually be c:\swsetup\HP Device Manager 5.0.  After double clicking on this file you will be prompted to uninstall the service.

Click on Yes to uninstall the service.  When this is completed, once more double click on HPDMMasterRepositoryController.exe and the service will be reinstalled.  If there is still an issue then you should upgrade the installation of HP Device Manager to the latest version, if a newer version does exist.

Fix 3:  Recreate the Authentication Files

In this fix we stop the HP Device Manager Master Repository Controller service, make a backup of the authentication files and then delete the authentication files.

Copy the following files to a safe location.

<HP Device Manager Installation Directory>\HP Device Manager\\MasterRepositoryController\client.crt

<HP Device Manager Installation Directory>\HP Device Manager\MasterRepositoryController\controller.crt

<HP Device Manager Installation Directory>\HP Device Manager\MasterRepositoryController\controller.key

Also make a backup of the following file.

<HP Device Manager Installation Directory>\HP Device Manager\Server\Bin\hpdmskey.keystore

The next step is to stop the HP Device Manager Master Repository Controller service.

When the service is stopped delete the files.

<HP Device Manager Installation Directory>\HP Device Manager\\MasterRepositoryController\client.crt

<HP Device Manager Installation Directory>\HP Device Manager\MasterRepositoryController\controller.crt

<HP Device Manager Installation Directory>\HP Device Manager\MasterRepositoryController\controller.key

<HP Device Manager Installation Directory>\HP Device Manager\Server\Bin\hpdmskey.keystore

Next, restart the HP Device Manager Master Repository Controller service.  The deleted files will be recreated.  Sign in to the HP Device Manager Console and click on Gateways and Repositories.  In the left hand column click on Repositories and then double click on the Master repository.  Click on Summary and then  click on Test Repository.  Verify that the repository function test has revealed no errors.

Conclusion

HPDM is a bit of a niche product.  Oftentimes issues will occur and the usual Google search will not gift you with a fix.  I hope the instructions in this little blog resolve your master repository controller connection issue and I wish you every success using HPDM to manage your HP ThinPro thin clients.

HP ThinPro - BareMetal with HP ThinUpdate

Introduction

Do you want to reimage your ThinPro Thin Client device?  Perhaps you would like to update it to the latest ThinPro release without using a HP Device Manager template. A great way to achieve this is to create a bootable USB key using the free HP ThinUpdate tool.  Using the ThinUpdate tool you will select a ThinPro image for your Thin Client model.  The tool will wipe an inserted USB key, format it and download onto it the selected ThinPro image.

Install the HP ThinUpdate tool.

The ThinUpdate tool can be downloaded from the Software and Drivers section of support.hp.com.  The actual tool is not Thin Client model specific, but if you do enter in your model you will be directed to a location where you can download the tool.  One such location, for the T655 is:

https://support.hp.com/gb-en/drivers/hp-elite-t655-thin-client/2101137492

Download the tool and double click on the downloaded executable (in this case sp156567.exe).

Click Next on the wizard start page.  Accept the licence agreement and click on Next.

On the Location to Save files page, click on Change if you would like the .msi file saved to a different location.  Click on Next.  After the installer file is extracted double click on it to start the installation wizard.  Click Install on the Ready to install  HP ThinUpdate page.  Click Finish on the HP Thin Update setup wizard page.

Create a USB BareMetal install USB key

Insert your USB key into the device on which you installed the HP ThinUpdate tool - ensure you have copied any important files on it to a safe location.  Open the HP ThinUpdate tool from the Windows menu.  If prompted agree to download any updates.  Select Download a thin client recovery image to a local storage USB flash drive. 

The Image Downloads window appears.  In the Platform pull down menu select your thin client model.  In this case I select the T630.  In the Operating system pull down menu select the version of ThinPro that you would like to install.  In my case I select Thinpro 8.1.0  In the Images pull down menu select the ThinPro image you would like to install.  In my case I select the ThinPro 8.1.0 SP6.2 4096MB x64 Image.  Ensure that the USB flash drive appears in the Target area and then select Create.

A warning message appears advising that all data from the USB flash drive will be erased.  Click on Yes.

The USB flash drive is formatted and the download begins.

A completed successfully window appears when the USB key creation process finishes.

Perform a ThinPro BareMetal build on the HP Thin Client

The next sequence of instructions may be different, depending on your Thin Client model.

Insert your ThinUpdate USB key into the thin client.

Power on your device and click on ESC to enter the Startup Menu.  Click on Continue Startup.

The Loading UKit window appears.

The Imaging Tool main selection menu appears.  Select option 1 - Image Write Mode and press Enter.

The Image selection window appears.  Type in the number corresponding to the image you want to apply to the Thin Client device.  In my case I select Image 1 which is the ThinPro 8.1 SP 6.2 image.  Press Enter.

You will be presented with warning message and asked if you wish to continue.  Type Y for yes and click on Enter. The image writing process will take about 2-3 minutes to complete.

When the image operation has completed click on the Enter key to return to the main menu.

Click on 3 and then Enter to exit.

Remove the USB key and press Enter again.

After a few moments you will be at the hp ThinPro Continue Setup page.  Complete the wizard as required.

Conclusion

The HP ThinUpdate tool is very easy to use.  It only takes minutes to update or revert a Thin Client ThinPro OS to a factory reset state.  It is free to download as well.  Indeed there is a lot that is very pleasing about this useful little tool from HP.  I hope you have enjoyed reading this little blog and I wish you the same success in your Thin Client BareMetal reimaging tasks.