StoreFront 2.5 unattended install and config

Hi. Today, I will explain how to setup a StoreFront server from scratch with Powershell. I will follow my previous post and just unattend it. For This first try, I didn’t join an Access Gateway (Netscaler Gateway) instance. But I plan to do it in an other post. So, keep in touch !

EDIT V1.2 of this article: As Pascal and Walter said, it is not possible to retreive the passcode from a remote computer with Powershell since this command uses net.pipe. I’ve tested several work around without any success (including psexec). So, I rewrote this post with  the best way I found to achieve this goal. Sorry guys, I probably made a mistake in my lab when I tested the first version.

Prerequisites

  • At least 2 Windows 2012 R2 server.
  • A PFX certificate containing the private key for SSL communications.
  • DNS entry for storefront service fqdn (here : sf.domain.local). Remember Storefront server must be able to reach this DNS name.

Install the first StoreFront server

On the first server, run this Powershell script (replace paths with appropriate values) :

#Install IIS role
Install-WindowsFeature -ConfigurationFilePath IISRole.xml
#import PFX
#path to PFX file
$strPFXPath="c:\exploitation\MyCert.pfx"
#PFX Password
$strPassword="P@ssw0rd"
#Certificate subject
$strCertSubject="CN=sf.domain.local"
certutil -f -importpfx -p $strPassword $strPFXPath
#Bind your certificate to IIS HTTPS listener
$cert=dir Cert:\LocalMachine\My | Where-Object {$_.subject -like $strCertSubject}
$strThumb=$cert.Thumbprint.ToString()
Push-Location IIS:\SslBindings
New-webBinding -Name "Default Web Site" -IP "*" -Port 443 -Protocol HTTPS
get-item cert:\LocalMachine\MY\$strThumb | new-item 0.0.0.0!443
Pop-Location
#Install StoreFront
D:\x64\StoreFront\CitrixStoreFront-x64.exe -silent
# hostBase URL for StoreFront (name of the load balanced service, not a server name)
$hostBaseUrl = "https://sf.domain.local"
#XenApp Farm informations
$farmName = "MyFarm"
$XMLport = 80
$XMLtransportType = "HTTP"
$XMLservers = "xdc1.domain.local","xdc2.domain.local"
#SSL port used by storeFront
$sslRelayPort = 443
#Is Storefront load balanced
$loadBalanceStorefront = $TRUE
#type of Farm
$farmType = "XenApp"
#Import SF modules
cd "C:\Program Files\Citrix\Receiver StoreFront\Scripts\"
.\ImportModules.ps1
#Setup Cluster
Set-DSInitialConfiguration -hostBaseUrl $hostBaseUrl -farmName $farmName -port $XMLprot -transportType $XMLtransportType -sslRelayPort $sslRelayPort -servers $XMLservers -loadBalance $loadBalanceStorefront -farmType $farmType
#Start the joining process
Start-DSClusterJoinService
$strPasscode = Get-DSXdServerGroupJoinServicePasscode
$strPasscode.Passcode.ToString() > \\FileServer\share\Passcode.txt

Note that I used IISRole.xml file. This file is easy to generate. Just launch the add role wizard and follow the steps as if you install IIS role (and tools). On the “Confirm installation selections” screen, there is an option (bottom-left) allowing you to “export configuration settings”. It will generate an XML which could be reused on all your servers.

I also used a file share to store my Passcode, which is needed by the server joining the cluster.

 Join Cluster

On the server you want to join to the cluster, run this script :

#Install IIS role
Install-WindowsFeature -ConfigurationFilePath IISRole.xml
#import PFX
#path to PFX file
$strPFXPath="c:\exploitation\MyCert.pfx"
#PFX Password
$strPassword="P@ssw0rd"
#Certificate subject
$strCertSubject="CN=sf.domain.local"
certutil -f -importpfx -p $strPassword $strPFXPath
#Bind your certificate to IIS HTTPS listener
$cert=dir Cert:\LocalMachine\My | Where-Object {$_.subject -like $strCertSubject}
$strThumb=$cert.Thumbprint.ToString()
Push-Location IIS:\SslBindings
New-webBinding -Name "Default Web Site" -IP "*" -Port 443 -Protocol HTTPS
get-item cert:\LocalMachine\MY\$strThumb | new-item 0.0.0.0!443
Pop-Location
#Install StoreFront
D:\CitrixStoreFront-x64.exe -silent
#Import SF modules
cd "C:\Program Files\Citrix\Receiver StoreFront\Scripts\"
.\ImportModules.ps1
#name of primary Storefront server
$authorizerHostName="SF1"
#Retrieve the authorization code to join a StoreFront Cluster.
If (Test-Path "\\FileServer\share\PassCode.txt"){
 $authorizerPasscode,$remainingLines = Get-Content "\\FileServer\share\PassCode.txt"
 Write-Host "PassCode : $authorizerPasscode"
 Start-DSXdServerGroupJoinService
 Start-DSXdServerGroupMemberJoin -authorizerHostName $SF_authorizerHostName -authorizerPasscode $authorizerPasscode
 #Later (wait at least 5min...)
 Write-host "Waiting junction"
 Start-Sleep -s 300
 #stop the ClusterJoinService
 $s = New-PSSession -ComputerName $SF_authorizerHostName
 Invoke-Command -Session $s {cd "C:\Program Files\Citrix\Receiver StoreFront\Scripts\"}
 Invoke-Command -Session $s {.\ImportModules.ps1}
 Invoke-Command -Session $s {Stop-DSXdServerGroupJoinService}
 Stop-DSXdServerGroupJoinService
 Write-host "Junction done"
}Else{
 Write-host "No PassCode file in destination"
}

That’s it. The store configuration is basic but functional. I’m still working on a better way to automate this installation… Stay tuned.
Regards
Jerome.

Advertisements

Citrix, mobility & virtualization @Work / father, husband & geek @home

Tagged with: , , ,
Posted in Citrix
8 comments on “StoreFront 2.5 unattended install and config
  1. Walter says:

    Hi Jerome,

    Great script! However, I run into a problem. When running the command $authorizerPasscode=Invoke-Command -Session $s {Get-DSClusterJoinServicePasscode.ToString()}, I receive the error “Warning: could not get the passcode, verify the service is running”. The service is running, it was shown in the Powershell log. When I perform the commands manually on the primary SF server, the passcode comes back empty. Any ideas?

  2. Pascal says:

    Thank you for this post. But when I try to get the passcode for joining the Cluster, I always get the following error:

    “There was no endpoint listening at net.pipe://localhost/Citrix/ClusterService that could accept the message. This is often caused by an incorrect
    address or SOAP action. See InnerException, if present, for more details.”

    Did I miss something?

    • jeromequief says:

      Hi Pascal. You’re right, there is a problem with remote scripting because of the use of net.pipe. I’m not an expert, but a quick search tells me that problem couldn’t be solved easily. I’ve update the article with my last try (which work sin my lab).
      hope it helps.

  3. Hi I used your scripts and fine tuned it because we using it in SCCM. I have fine tuned it for storefront 2.6. Also I created a 3 way installation. Pre installation then the normal installation and the after/tuning installation. If you want these scripts mail me. theroadworrior@hotmail.com

  4. alan says:

    Hi, Does anyone know the cmdlet to add an aditional Site?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: