Jump to content
Welcome to our new Citrix community!
  • 0

Why is Linux VDA supposed to listen on port 80 on IPV6 only and not on IPV4 ?


John Salvo

Question

 

As you can see below, the Java program that comes with LVDA is listening 80 only on IPV6 ... not on IPV4.

Is this supposed to be the case ?

 

I think this is probably what's causing the hard-registration of the LVDA to fail against the Delivery Controller, as the Delivery Controller would probably only do IPV4.

 

[kjss@aallxppdc001 ~]$ sudo netstat -anop | grep tcp
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      857/rpcbind          off (0.00/0/0)
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1951/dnsmasq         off (0.00/0/0)
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1421/sshd            off (0.00/0/0)
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1414/cupsd           off (0.00/0/0)
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      1489/postgres        off (0.00/0/0)
tcp        0      0 127.0.0.1:3128          0.0.0.0:*               LISTEN      1423/cntlm           off (0.00/0/0)
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1814/master          off (0.00/0/0)
tcp        0      0 10.197.66.99:51940      10.252.18.60:53         TIME_WAIT   -                    timewait (56.56/0/0)
tcp        0      0 127.0.0.1:5432          127.0.0.1:49578         ESTABLISHED 2178/postgres: ctxv  keepalive (5889.39/0/0)
tcp        0      0 10.197.66.99:38448      10.90.3.209:389         ESTABLISHED 896/sssd_be          keepalive (6806.90/0/0)
tcp        0      0 10.197.66.99:22         10.90.63.40:42244       ESTABLISHED 2360/sshd: kjss [pr  keepalive (6020.47/0/0)
tcp        0      0 127.0.0.1:5432          127.0.0.1:49580         ESTABLISHED 2232/postgres: ctxv  keepalive (5889.39/0/0)
tcp        0     36 10.197.66.99:22         10.197.65.128:50489     ESTABLISHED 3210/sshd: kjss [pr  on (0.30/0/0)
tcp6       0      0 :::2598                 :::*                    LISTEN      2086/ctxhdx          off (0.00/0/0)
tcp6       0      0 :::111                  :::*                    LISTEN      857/rpcbind          off (0.00/0/0)
tcp6       0      0 :::80                   :::*                    LISTEN      2093/java            off (0.00/0/0)
tcp6       0      0 :::1494                 :::*                    LISTEN      2086/ctxhdx          off (0.00/0/0)
tcp6       0      0 :::22                   :::*                    LISTEN      1421/sshd            off (0.00/0/0)
tcp6       0      0 ::1:631                 :::*                    LISTEN      1414/cupsd           off (0.00/0/0)
tcp6       0      0 ::1:5432                :::*                    LISTEN      1489/postgres        off (0.00/0/0)
tcp6       0      0 ::1:25                  :::*                    LISTEN      1814/master          off (0.00/0/0)
tcp6       0      0 127.0.0.1:49580         127.0.0.1:5432          ESTABLISHED 2093/java            off (0.00/0/0)
tcp6       0      0 127.0.0.1:49578         127.0.0.1:5432          ESTABLISHED 2093/java            off (0.00/0/0)

[kjss@aallxppdc001 ~]$ ps axfu | grep 2093
kjss      4007  0.0  0.0 112704   976 pts/1    S+   09:53   0:00              \_ grep --color=auto 2093
root      2093  0.6  1.9 9245468 319652 ?      Sl   09:31   0:08  \_ java -Dlogfile=/var/log/xdl/vda.log -Dperflogfile=/var/log/xdl/vdaperf.log -Dfile.encoding=UTF8 -Dsun.security.krb5.msinterop.kstring=true -Djavax.security.auth.useSubjectCredsOnly=false -Djava.util.prefs.PreferencesFactory=com.citrix.cds.common.DbPreferenceFactory -Dcom.citrix.cds.brokeragent.dburl=jdbc:postgresql://localhost/citrix-confdb -Dcom.citrix.cds.brokeragent.dbcred=/etc/xdl/ctx-vda.conf -Dlog4j.configuration=file:/etc/xdl/log4j.xml -Duserhz=100 -jar /opt/Citrix/VDA/lib64/ctx-vda.jar

 

Link to comment

4 answers to this question

Recommended Posts

Hard registration of LVDA with delivery controller now successful after changing the script ( option 2 ) /opt/Citrix/VDA/sbin/ctxvda  to add the Java JVM parameter "-Djava.net.preferIPv4Stack=true" 

 

Now on to testing an actual Linux VDI session via storefront.

Link to comment
21 minutes ago, John Salvo said:

 

As you can see below, the Java program that comes with LVDA is listening 80 only on IPV6 ... not on IPV4.

Is this supposed to be the case ?

 

I think this is probably what's causing the hard-registration of the LVDA to fail against the Delivery Controller, as the Delivery Controller would probably only do IPV4.

 


[kjss@aallxppdc001 ~]$ sudo netstat -anop | grep tcp
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      857/rpcbind          off (0.00/0/0)
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1951/dnsmasq         off (0.00/0/0)
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1421/sshd            off (0.00/0/0)
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1414/cupsd           off (0.00/0/0)
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      1489/postgres        off (0.00/0/0)
tcp        0      0 127.0.0.1:3128          0.0.0.0:*               LISTEN      1423/cntlm           off (0.00/0/0)
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1814/master          off (0.00/0/0)
tcp        0      0 10.197.66.99:51940      10.252.18.60:53         TIME_WAIT   -                    timewait (56.56/0/0)
tcp        0      0 127.0.0.1:5432          127.0.0.1:49578         ESTABLISHED 2178/postgres: ctxv  keepalive (5889.39/0/0)
tcp        0      0 10.197.66.99:38448      10.90.3.209:389         ESTABLISHED 896/sssd_be          keepalive (6806.90/0/0)
tcp        0      0 10.197.66.99:22         10.90.63.40:42244       ESTABLISHED 2360/sshd: kjss [pr  keepalive (6020.47/0/0)
tcp        0      0 127.0.0.1:5432          127.0.0.1:49580         ESTABLISHED 2232/postgres: ctxv  keepalive (5889.39/0/0)
tcp        0     36 10.197.66.99:22         10.197.65.128:50489     ESTABLISHED 3210/sshd: kjss [pr  on (0.30/0/0)
tcp6       0      0 :::2598                 :::*                    LISTEN      2086/ctxhdx          off (0.00/0/0)
tcp6       0      0 :::111                  :::*                    LISTEN      857/rpcbind          off (0.00/0/0)
tcp6       0      0 :::80                   :::*                    LISTEN      2093/java            off (0.00/0/0)
tcp6       0      0 :::1494                 :::*                    LISTEN      2086/ctxhdx          off (0.00/0/0)
tcp6       0      0 :::22                   :::*                    LISTEN      1421/sshd            off (0.00/0/0)
tcp6       0      0 ::1:631                 :::*                    LISTEN      1414/cupsd           off (0.00/0/0)
tcp6       0      0 ::1:5432                :::*                    LISTEN      1489/postgres        off (0.00/0/0)
tcp6       0      0 ::1:25                  :::*                    LISTEN      1814/master          off (0.00/0/0)
tcp6       0      0 127.0.0.1:49580         127.0.0.1:5432          ESTABLISHED 2093/java            off (0.00/0/0)
tcp6       0      0 127.0.0.1:49578         127.0.0.1:5432          ESTABLISHED 2093/java            off (0.00/0/0)

[kjss@aallxppdc001 ~]$ ps axfu | grep 2093
kjss      4007  0.0  0.0 112704   976 pts/1    S+   09:53   0:00              \_ grep --color=auto 2093
root      2093  0.6  1.9 9245468 319652 ?      Sl   09:31   0:08  \_ java -Dlogfile=/var/log/xdl/vda.log -Dperflogfile=/var/log/xdl/vdaperf.log -Dfile.encoding=UTF8 -Dsun.security.krb5.msinterop.kstring=true -Djavax.security.auth.useSubjectCredsOnly=false -Djava.util.prefs.PreferencesFactory=com.citrix.cds.common.DbPreferenceFactory -Dcom.citrix.cds.brokeragent.dburl=jdbc:postgresql://localhost/citrix-confdb -Dcom.citrix.cds.brokeragent.dbcred=/etc/xdl/ctx-vda.conf -Dlog4j.configuration=file:/etc/xdl/log4j.xml -Duserhz=100 -jar /opt/Citrix/VDA/lib64/ctx-vda.jar

 

 

 

BTW .. I only have the following registry entry that is related to IPV6:

 

 

[kjss@aallxppdc001 ~]$ sudo /opt/Citrix/VDA/bin/ctxreg dump | grep -i ipv6
create -k "HKLM\Software\Citrix\VirtualDesktopAgent" -t "REG_DWORD" -v "ForceIpv6Registration" -d "0x00000000" --force

 

I don't have OnlyUseIPv6ControllerRegistration nor do I have ControllerRegistrationIPv6Netmask as per LVDA ipv6 configuration below:

 

https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/configuration/configure-ipv6.html

 

 

LVDA version is 18.11.07 on RHEL 7.5

 

[kjss@aallxppdc001 ~]$ rpm -qi XenDesktopVDA
Name        : XenDesktopVDA
Version     : 18.11.0.7
Release     : 1.el7_x
Architecture: x86_64
Install Date: Tue 12 Mar 2019 16:33:10 AEDT
Group       : System/X11/Utilities
Size        : 52862666
License     : Commercial
Signature   : (none)
Source RPM  : XenDesktopVDA-18.11.0.7-1.el7_x.src.rpm
Build Date  : Tue 20 Nov 2018 16:36:49 AEDT
Build Host  : ftlbldx4v3402.eng.citrite.net
Relocations : (not relocatable)
Vendor      : Citrix Systems, Inc.
URL         : http://www.citrix.com
Summary     : Citrix Linux VDA
Description :
Linux VDA is a component of Citrix Virtual Apps & Desktops, deliver desktops and applications from Linux desktop and server OS-based VMs or physical machines.

 

Link to comment
6 minutes ago, John Salvo said:

 

 

BTW .. I only have the following registry entry that is related to IPV6:

 

 


[kjss@aallxppdc001 ~]$ sudo /opt/Citrix/VDA/bin/ctxreg dump | grep -i ipv6
create -k "HKLM\Software\Citrix\VirtualDesktopAgent" -t "REG_DWORD" -v "ForceIpv6Registration" -d "0x00000000" --force

 

I don't have OnlyUseIPv6ControllerRegistration nor do I have ControllerRegistrationIPv6Netmask as per LVDA ipv6 configuration below:

 

https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/configuration/configure-ipv6.html

 

 

LVDA version is 18.11.07 on RHEL 7.5

 


[kjss@aallxppdc001 ~]$ rpm -qi XenDesktopVDA
Name        : XenDesktopVDA
Version     : 18.11.0.7
Release     : 1.el7_x
Architecture: x86_64
Install Date: Tue 12 Mar 2019 16:33:10 AEDT
Group       : System/X11/Utilities
Size        : 52862666
License     : Commercial
Signature   : (none)
Source RPM  : XenDesktopVDA-18.11.0.7-1.el7_x.src.rpm
Build Date  : Tue 20 Nov 2018 16:36:49 AEDT
Build Host  : ftlbldx4v3402.eng.citrite.net
Relocations : (not relocatable)
Vendor      : Citrix Systems, Inc.
URL         : http://www.citrix.com
Summary     : Citrix Linux VDA
Description :
Linux VDA is a component of Citrix Virtual Apps & Desktops, deliver desktops and applications from Linux desktop and server OS-based VMs or physical machines.

 

 

 

Furthermore, the output of xdping shows IPV6 registration is disabled ... so WHY is LVDA only listening on IPV6 and not on IPV4 ???

See xdping output below that it says "Verify VDA configuration IPv6 registration disabled [Pass]"

 

VDA Configuration -------------------------------------------------------------
      Verify database connection for VDA configuration                   [Pass]
    Setting [CurrentSettingsVersion  ]: 10
    Setting [UseCnameLookup          ]: 0
    Setting [ListOfDDCs              ]: aalxndsyd101.corp.aal.au aalxndsyd102.corp.aal.au
    Setting [FarmGUID                ]: [Empty string]  (Default)
    Setting [SupportMultipleForest   ]: 0  (Default)
    Setting [EnableAutoUpdateOfControllers]: 1
    Setting [ForceIpv6Registration   ]: 0
    Setting [ForceSingleSession      ]: 0
    Setting [LogOffUserAfterUserNotifyRequestFailure]: 1
    Setting [OverrideCbpCheck        ]: 0
    Setting [ControllerRegistrarPort ]: 80
    Setting [Krb5Conf                ]: /etc/krb5.conf
    Setting [Krb5KeyTab              ]: /etc/krb5.keytab
    Setting [ScriptPath              ]: /var/xdl
    Setting [StartupRetryDelaySec    ]: 600
    Setting [MaxStartupRetryDelayDeltaSec]: 240
    Setting [MaxRegistrationRetryPeriodSec]: 120
    Setting [ScriptExtension         ]: .sh
    Setting [VDACxfServicesPort      ]: 80
    Setting [HighAvailability        ]: 0
    Setting [HARegistrarTimeout      ]: 300
    Setting [HighAvailabilityListeningPeriod]: 86400000
    Setting [HighAvailabilityPeriod  ]: 30
      Verify VDA configuration settings version                          [Pass]
      Verify VDA configuration use CNAME lookup                          [Pass]
      Verify VDA configuration list of DDCs                              [Pass]
      Verify VDA configuration farm GUID not set                         [Pass]
      Verify VDA configuration multiple forest disabled                  [Pass]
      Verify VDA configuration auto update enabled                       [Pass]
      Verify VDA configuration IPv6 registration disabled                [Pass]
      Verify VDA configuration force single session disabled             [Pass]
      Verify VDA configuration logoff on user audit failure              [Pass]
      Verify VDA configuration override CBP check disabled               [Pass]
      Verify VDA configuration controller port                           [Pass]
      Verify VDA configuration Kerberos config file exists               [Pass]
      Verify VDA configuration Kerberos keytab file exists               [Pass]
      Verify VDA configuration script path exists                        [Pass]
      Verify VDA configuration startup retry delay                       [Pass]
      Verify VDA configuration startup retry delay delta                 [Pass]
      Verify VDA configuration registration retry period                 [Pass]
      Verify VDA configuration script extension                          [Pass]
      Verify VDA configuration CXF services port                         [Pass]
    Setting [DebugMode               ]: 0
      Verify VDA debug mode disabled                                     [Pass]

 

Link to comment

So I have tried the following, only the second option worked:

 

1) First option was to add the following registry entry "OnlyUseIPv6ControllerRegistration" to 0 ( false  ):

 

sudo /opt/Citrix/VDA/bin/ctxreg create -k "HKLM\Software\Policies\Citrix\VirtualDesktopAgent" -t "REG_DWORD" -v "OnlyUseIPv6ControllerRegistration" -d "0x00000000" --force

 

Restarted LVDA and HDX. 

LVDA still listening on IPV6 only.

 

So deleted the registry entry:

 

sudo /opt/Citrix/VDA/bin/ctxreg delete -k "HKLM\Software\Policies\Citrix\VirtualDesktopAgent" -v "OnlyUseIPv6ControllerRegistration" --force

 

2) Second option was to add the Java JVM parameter "-Djava.net.preferIPv4Stack=true" to the shell script that starts LVDA:

 

In the shell script  /opt/Citrix/VDA/sbin/ctxvda , modified the jvm_args() function:

jvm_args() {
    echo -n " -Dlogfile=$LogFile"
    echo -n " -Dperflogfile=$PerfLogFile"
    echo -n " -Dfile.encoding=UTF8"
    echo -n " -Dsun.security.krb5.msinterop.kstring=true"
    echo -n " -Djavax.security.auth.useSubjectCredsOnly=false"
    echo -n " -Djava.util.prefs.PreferencesFactory=$ConfigBackend"
    echo -n " -Dcom.citrix.cds.brokeragent.dburl=$ConfigDbUrl"
    echo -n " -Dcom.citrix.cds.brokeragent.dbcred=/etc/xdl/ctx-vda.conf"
    # ====================================================== BEGIN MANUAL ADDITION
    echo -n " -Djava.net.preferIPv4Stack=true"
    # ====================================================== END MANUAL ADDITION

 

Restarted LVDA and HDX. 

LVDA now only listens on IPV4 port 80:

 

[kjss@aallxppdc001 ~]$ sudo netstat -anop | grep -i tcp
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      857/rpcbind          off (0.00/0/0)
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      12274/java           off (0.00/0/0)
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1951/dnsmasq         off (0.00/0/0)
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1421/sshd            off (0.00/0/0)
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1414/cupsd           off (0.00/0/0)
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      1489/postgres        off (0.00/0/0)
tcp        0      0 127.0.0.1:3128          0.0.0.0:*               LISTEN      1423/cntlm           off (0.00/0/0)
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1814/master          off (0.00/0/0)
tcp        0      0 127.0.0.1:49972         127.0.0.1:5432          ESTABLISHED 12274/java           off (0.00/0/0)
tcp        0      0 127.0.0.1:5432          127.0.0.1:49970         ESTABLISHED 12297/postgres: ctx  keepalive (6681.04/0/0)
tcp        0      0 127.0.0.1:5432          127.0.0.1:49972         ESTABLISHED 12349/postgres: ctx  keepalive (6681.04/0/0)
tcp        0      0 10.197.66.99:22         10.90.63.40:42244       ESTABLISHED 2360/sshd: kjss [pr  keepalive (3666.38/0/0)
tcp        0     36 10.197.66.99:22         10.197.65.128:50489     ESTABLISHED 3210/sshd: kjss [pr  on (0.32/0/0)
tcp        0      0 127.0.0.1:49970         127.0.0.1:5432          ESTABLISHED 12274/java           off (0.00/0/0)
tcp        0      0 10.197.66.99:38740      10.90.3.209:389         ESTABLISHED 896/sssd_be          keepalive (6910.41/0/0)
tcp6       0      0 :::2598                 :::*                    LISTEN      12244/ctxhdx         off (0.00/0/0)
tcp6       0      0 :::111                  :::*                    LISTEN      857/rpcbind          off (0.00/0/0)
tcp6       0      0 :::1494                 :::*                    LISTEN      12244/ctxhdx         off (0.00/0/0)
tcp6       0      0 :::22                   :::*                    LISTEN      1421/sshd            off (0.00/0/0)
tcp6       0      0 ::1:631                 :::*                    LISTEN      1414/cupsd           off (0.00/0/0)
tcp6       0      0 ::1:5432                :::*                    LISTEN      1489/postgres        off (0.00/0/0)
tcp6       0      0 ::1:25                  :::*                    LISTEN      1814/master          off (0.00/0/0)

[kjss@aallxppdc001 ~]$ ps axfu | grep 12274
kjss     12969  0.0  0.0 112704   980 pts/1    S+   12:06   0:00              \_ grep --color=auto 12274
root     12274  1.2  2.3 9310776 374712 ?      Sl   11:57   0:06  \_ java -Dlogfile=/var/log/xdl/vda.log -Dperflogfile=/var/log/xdl/vdaperf.log -Dfile.encoding=UTF8 -Dsun.security.krb5.msinterop.kstring=true -Djavax.security.auth.useSubjectCredsOnly=false -Djava.util.prefs.PreferencesFactory=com.citrix.cds.common.DbPreferenceFactory -Dcom.citrix.cds.brokeragent.dburl=jdbc:postgresql://localhost/citrix-confdb -Dcom.citrix.cds.brokeragent.dbcred=/etc/xdl/ctx-vda.conf -Djava.net.preferIPv4Stack=true -Dlog4j.configuration=file:/etc/xdl/log4j.xml -Duserhz=100 -jar /opt/Citrix/VDA/lib64/ctx-vda.jar

 

Now just waiting for a hard-registration from the delivery controller.

 

 

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...