Franco Koenig Posted December 7, 2017 Share Posted December 7, 2017 hi all i try to get my Azure VDI Windows 10-1703 to run with EDT over a own Netscaler in Azure, but it will not work. What i have: Citrix Cloud Subscription - Create Deliverygroup and Hosting Connection to Azure on Azure i have: Netscaler NS12.0 53.18.nc, own Storefron 3.13, and the Windows 10 VDI - NV6 Series Citrix Policy i have enabled HDX Adaptive Transport Netscaler i enabled DTLS and rebind Certificate try it with VDA Version 7.15 and also 7.16, but i get always only TCP Azure Firewall Rules i make inbound rules for tcp and udp to ports 80,443,1494,2598 no luck is EDT on Azure Netscaler not supported, or did i miss something? regards frank Link to comment Share on other sites More sharing options...
Jonathan Clark1709155079 Posted December 7, 2017 Share Posted December 7, 2017 Session reliability is enabled in Storefront correct? For the firewall you only need 443 on TCP/UDP to the NetScaler. Then you need TCP/UDP FROM the NetScaler to the virtual desktop on 1494/2598. Link to comment Share on other sites More sharing options...
Franco Koenig Posted December 7, 2017 Author Share Posted December 7, 2017 hmm you are right, the netscaler config file what i imported into storefront, have not enabled session realibility, so i turn it now on, and will try it again. maybe this was the fault, for sure from internal storefront udp is working, and yes i have create the nsg´s on azure. let me look if the session realiblity is the trick. thx Link to comment Share on other sites More sharing options...
Franco Koenig Posted December 11, 2017 Author Share Posted December 11, 2017 hi jonathan i set this option now to enabled session reliability, but i get only the TCP Protocol. i am not sure if this netscaler in azure have a edt bug or so! maybe i should try a 11.x Version? Link to comment Share on other sites More sharing options...
Jonathan Clark1709155079 Posted December 11, 2017 Share Posted December 11, 2017 Can you verify that EDT is set as "preferred" in your Citrix Policy settings? Also, now that you Session Reliability enabled, can you verify that when your end-users connect you see it going over 2598? You can do this by opening the Receiver client and looking at properties of the Client connection. You should see Session Reliability set to "Enabled" Link to comment Share on other sites More sharing options...
Franco Koenig Posted December 11, 2017 Author Share Posted December 11, 2017 yes it is enabled: german :) Link to comment Share on other sites More sharing options...
Franco Koenig Posted December 11, 2017 Author Share Posted December 11, 2017 i am not sure if EDT is supported over Citrix Cloud with an Azure Ressource Location, where Storefront and Netscaler come from the Azure Location. Maybe the Citrix Cloud is here the problem? Link to comment Share on other sites More sharing options...
Jonathan Clark1709155079 Posted December 11, 2017 Share Posted December 11, 2017 Does EDT work if you connect to ICA internally? That will tell us if it is the NS or something else. When you issue a "netstat –a –p UDP" does the VDA show as listening on UDP? Link to comment Share on other sites More sharing options...
Franco Koenig Posted December 11, 2017 Author Share Posted December 11, 2017 i try it over Storefront direct, also TCP Citrix Cloud Policy - HDX Adaptive Transport - Prefered Link to comment Share on other sites More sharing options...
Jonathan Clark1709155079 Posted December 11, 2017 Share Posted December 11, 2017 Okay, 2598 and 1494 should be listening and they are not. We need to take the NetScaler out of the mix, until we can get your VDA to listen on the appropriate ports. If the VDA is not listening, it will not work. If CTXSESSION shows TCP it will use TCP. Can you run a GPUPDATE /FORCE to ensure you are getting the EDT policy? Are these random pooled machines? if so, they may not cache the GPO and therefore can get weird when they startup. Link to comment Share on other sites More sharing options...
Franco Koenig Posted December 11, 2017 Author Share Posted December 11, 2017 ok, citrix policy come from the citrix cloud delivery broker, so it is a static desktop, i make gpupdate /force and looks now better. from internal storefront it works now, both UDP Ports are listening 1494/2598, and ctxsession show me UDP. Over Netscaler it is again at TCP. so it is a Netscaler Issue i think. but i have enabled dtls, rebind certificate, disable mac forwarding, so what did i forget? Link to comment Share on other sites More sharing options...
Jonathan Clark1709155079 Posted December 11, 2017 Share Posted December 11, 2017 Okay great! Do you have UDP 443 opened from outside to the NetScaler VIP? Do you have UDP 2598/1494 opened from the SNIP to the backend static machine? Link to comment Share on other sites More sharing options...
Franco Koenig Posted December 11, 2017 Author Share Posted December 11, 2017 hmm i think i have opened all rules, i have a single arm mode, so all 3 IP´s in the same subnet. and i have this rules: Link to comment Share on other sites More sharing options...
Jonathan Clark1709155079 Posted December 11, 2017 Share Posted December 11, 2017 YOu don't need UDP inbound on port 1494 or 2598 only 443. 1494 and 2598 should be FROM the NS to the backend. Do you have the backend rules? I don't see any source of the NS to the backend virtual desktop. Link to comment Share on other sites More sharing options...
Franco Koenig Posted December 11, 2017 Author Share Posted December 11, 2017 hmm good question, i am not so fit in this nsg rules on azure netscaler is configured: 10.1.1.101 - NSIP 10.1.1.102 - SNIP 10.1.1.103 - VIP 10.1.1.21 - Windows 10 VDI with VDA 7.15.1 Backend LAN is 10.1.1.0/24 NSG Rule is associated to Backend LAN how it is in the picture above. i am not sure if i have here with this rules a problem? Link to comment Share on other sites More sharing options...
Jonathan Clark1709155079 Posted December 11, 2017 Share Posted December 11, 2017 So are you using the "VNET Inbound" rule where it is from VirtualNetwork to VirtualNetwork on Any Any? Link to comment Share on other sites More sharing options...
Franco Koenig Posted December 11, 2017 Author Share Posted December 11, 2017 no it is working with priority, so the rules with prio 100-103 will working, the other are defaults from azure when you create a NSG Rule. so i also put in outbound rule with tcp/udp 1494/2598 but not working. Link to comment Share on other sites More sharing options...
Jonathan Clark1709155079 Posted December 11, 2017 Share Posted December 11, 2017 Okay, I am lost on that one then. Did you fully unbind and then rebind the certificate? Link to comment Share on other sites More sharing options...
Franco Koenig Posted December 11, 2017 Author Share Posted December 11, 2017 maybe it is also this netscaler version in azure, maybe i try again the version 12? i have now NS11.1 49.16.nc Link to comment Share on other sites More sharing options...
Jonathan Clark1709155079 Posted December 11, 2017 Share Posted December 11, 2017 Sure, give it a try. I don't have an Azure NS to try with, only my local MPX and VPX device. Link to comment Share on other sites More sharing options...
Stefan Wendrich1709156509 Posted December 14, 2017 Share Posted December 14, 2017 i have the same issue. Netscaler 12 build 53 deployed in single ip mode on azure. (No citrix cloud subscription) I use the netscaler only for the HDX connection. My storefront tells the users through hdx optimal routing, they should use the netscaler on azure, where the XenApp 7.16 (win 2016) is deployed. TCP connection is working well. If i connect through EDT, is see on the ICA Connection page on netscaler the session, but my client not connect to the xenapp server. (there is no firewall or nsg between netscaler and the xenapp server. And also on the xenapp Server the firewall is disabled. On Prem is edt working well with an on prem netscaler 12 build 53. 1 Link to comment Share on other sites More sharing options...
Franco Koenig Posted December 15, 2017 Author Share Posted December 15, 2017 Maybe a Azure Guru and also a Netscaler Guru can write a article how to configure Netscaler in Azure with a working EDT Support? I see there are no Citrix DOCS to this Scenario, and it would realy help us. So please Citrix Team, let us working all with EDT Protocol over Netscaler in Azure. Big Thx. 1 Link to comment Share on other sites More sharing options...
Christiaan Brinkhoff Posted February 25, 2018 Share Posted February 25, 2018 I dedicated a complete article on EDT in Microsoft Azure, which I’d posted online last week. Maybe you’ll find it interesting as follow up on this discussion thread. Read the complete article here: https://www.christiaanbrinkhoff.com/2018/02/23/how-to-configure-the-enlighted-data-transport-udp-protocol-edt-when-using-the-citrix-cloud-xenapp-and-xendesktop-service-with-the-vda-and-netscaler-placed-in-the-microsoft-azure-cloud/ Hope this helps. Cheers, Christiaan Brinkhoff Link to comment Share on other sites More sharing options...
Fernando Klurfan1709153904 Posted April 6, 2018 Share Posted April 6, 2018 We (HDX) have found that sometimes a VDA running on Azure freezes up every 5-15 minutes requiring a session reconnect to resolve the issue. Microsoft's Azure Support confirmed that Azure Gateway limits the packet size to 1420. Packets greater than 1420 may be dropped, and definitely truncated. By default, Azure Gateway set TCP MSS=1350, and MTU=1400. So we must reduce EDT MSS to 1400 or lower.https://support.citrix.com/article/CTX231821 Relevant Azure documentation here:https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#ipsec 2 Link to comment Share on other sites More sharing options...
Franco König Posted April 13, 2018 Share Posted April 13, 2018 for me i test it today again. win10-1709 with vda 7.17, citrix session will open short, than citrix receiver message disapears, try to reconnect in 5 minutes, blabla. so it is not working. when i install vda 7.15 ltsr agent, than UDP is working. so you can say what you want, it must have to do with vda version or the combination of vda version and nvidia grid tesla m60 azure vm´s. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now