Jump to content
Welcome to our new Citrix community!
  • 0

VDA becomes Unregistered because I have to change the date in the VDA Server


Marcelo Flores

Question

Hello people,

 

For a particular reason I need to set different date in VDA server in order to register some data in a published app. But when I do that the VDA will became unregistered and no new sessions will start. In XenApp6.5 with Windows 2008R2, you can do that.

 

I tested this in one server with all core components of CVA7 1912 (with Windows 2019) on it. Ergo, Delivery Controller and VDA have the same date. So, it seems that it is the Active Directory the problem, specifically a Kerberos Policy. But I modify GPO in order to not have a NTP server and to have enough maximum tolerance for computer clock synchronization  and I obtain same error: Citrix Desktop Service cannot connect to Delivery Controller because the system clock is not synchronized. (But VDA and Controller are in the same server!)

 

Is it possible to have a registered VDA if I delay the date in the server? is it possible to fool the Delivery Controller and/or AD in order to have the VDA Server registered?

Link to comment

8 answers to this question

Recommended Posts

  • 0

Hi Marcelo,

This issue probably presents itself due to the Kerberos time skew (which has a default of 5 mins) as you already figured out. 
Changing the time skew to have a bigger difference is a security risk, and I would strongly disrecommend doing that.
It is normal Citrix behaviour that the VDA does not register if the time skew is not met. 

It might be worth your while to build your own NTP server, set the custom time here and prevent it from syncing with any internet services.
Then use this NTP server for both your director/vda etc.

Kind Regards,

Mick Hilhorst

Link to comment
  • 0
On 5/5/2021 at 2:51 AM, Mick Hilhorst said:

Hi Marcelo,

This issue probably presents itself due to the Kerberos time skew (which has a default of 5 mins) as you already figured out. 
Changing the time skew to have a bigger difference is a security risk, and I would strongly disrecommend doing that.
It is normal Citrix behaviour that the VDA does not register if the time skew is not met. 

It might be worth your while to build your own NTP server, set the custom time here and prevent it from syncing with any internet services.
Then use this NTP server for both your director/vda etc.

Kind Regards,

Mick Hilhorst

Thanks for your answer. 

I changed that 5 min default time, but it do not solve my issue. 
I will try building my own NTP Server.

Link to comment
  • 0

I try with a NTP Server as Mick suggested and I do not lose the register, but when I try to open a published app, it will not open. Maybe I have to change the date in de AD server but I do not want to do that.
If anybody have other ideas to fool the CVA site in order to change the date in the VDA, please let me know.

Link to comment
  • 0
On 6/9/2021 at 1:46 AM, Mick Hilhorst said:

Hi Marcelo,

Great that building your own NTP solved the first issue.
Now let's tackle the second one together :).

Do you have any logs from storefront / error messages why the published app won't launch?

Kind Regards,

Mick Hilhorst

 

Hi Mick, the log is in the image. Basically an error with the system clock.

image.thumb.png.74f548d853e5ac2741e81d1584d5a063.png

I opened a case with Citrix and the y told me that nothing We can do. Clock must be syncronized.

Link to comment
  • 0
On 6/23/2021 at 2:07 AM, Mick Hilhorst said:

Has the NTP server also been selected for the Citrix infra, or only the VDA?
The Infra and VDA do need to match. 

Kind Regards,

Mick

Hi Mick, I solved my issue with RunAs Date for the app that I need to run with different date. Thanks for your answers. 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...