Jump to content
Welcome to our new Citrix community!
  • 0

Citrix Session Freezing 3to10 minute freezing (Windows SRV 2019 2203 LTSR CU2)


Aaron Perkins

Question

Hi All,

 

Wondering if anyone has experienced the following.

PLATFORM: Windows 2019 2203 LTSR CU2

 

User's experiencing 3-10 minutes freezing amongst their Citrix session. Session reliability kicks in and resumes their connection however the range seems to be 3-10 minutes intervals. This also appears to be happening amongst external experiences doesn't surface internally. ADC resources (Memory) have been upgraded and latest firmware has been applied. Have also resorted to 1902 VDA client on the 2019 servers and experience the same results. Wondering if anyone has experienced the same and could relay some clues. Thanks in advance

Link to comment

6 answers to this question

Recommended Posts

  • 0

Hi

 

I'm in the middle of a similar issue for one of my customers but they're running 1912 CU7. 

They have 500 AVD desktops with Workspace App installed.

There is an IPSec tunnel between Azure and the internal network (not express route).

remote users connect to AVD via https://client.wvd.microsoft.com/ and start a browser to browse to StoreFront, log in, and click on an icon

Between 5-10 minutes (varies, might also be longer than 10 mins) the session will freeze. Data packets are going out but packets never return to the session (watching this via Connection Center/Properties) The back end session is working because if an admin sends a message to the user via Director, the user can disconnect the session and reconnect, and everything springs back to life and the admin message appears on the screen

Initially I thought it was https://support.citrix.com/article/CTX462384/windows-cwa-ica-session-freezes-810-minutes-after-session-launch but disabling client printer mapping made no difference.

 

If I stop using the full Workspace App and switch to Workspace App for HTML5 then the freezing no longer occurs.

 

NOTE that they're not using Citrix ADC - they've got SSL certs on every VDA so can use HTML5 directly to the VDAs. This means that it's using DTLS for Workspace App full client on TCP 443 and also for HTML5 - I'd initially thought it might be due to port 2598/1494 being blocked as it returned back to Azure, but as both access methods are using TCP 443 that cannot be the case. Also there is no IDS/IPS inline that I'm aware of.

 

Regards

 

Ken

 

Link to comment
  • 0
11 hours ago, Ken Zygmunt said:

Hi

 

I'm in the middle of a similar issue for one of my customers but they're running 1912 CU7. 

They have 500 AVD desktops with Workspace App installed.

There is an IPSec tunnel between Azure and the internal network (not express route).

remote users connect to AVD via https://client.wvd.microsoft.com/ and start a browser to browse to StoreFront, log in, and click on an icon

Between 5-10 minutes (varies, might also be longer than 10 mins) the session will freeze. Data packets are going out but packets never return to the session (watching this via Connection Center/Properties) The back end session is working because if an admin sends a message to the user via Director, the user can disconnect the session and reconnect, and everything springs back to life and the admin message appears on the screen

Initially I thought it was https://support.citrix.com/article/CTX462384/windows-cwa-ica-session-freezes-810-minutes-after-session-launch but disabling client printer mapping made no difference.

 

If I stop using the full Workspace App and switch to Workspace App for HTML5 then the freezing no longer occurs.

 

NOTE that they're not using Citrix ADC - they've got SSL certs on every VDA so can use HTML5 directly to the VDAs. This means that it's using DTLS for Workspace App full client on TCP 443 and also for HTML5 - I'd initially thought it might be due to port 2598/1494 being blocked as it returned back to Azure, but as both access methods are using TCP 443 that cannot be the case. Also there is no IDS/IPS inline that I'm aware of.

 

Regards

 

Ken

 

Hey Ken - this would warrant its own post I think - have a look at this for traffic fragmentation in Azure https://github.com/MicrosoftDocs/azure-docs/issues/69477 

Link to comment
  • 0
On 6/26/2023 at 9:11 AM, Ken Zygmunt said:

Hi

 

I'm in the middle of a similar issue for one of my customers but they're running 1912 CU7. 

They have 500 AVD desktops with Workspace App installed.

There is an IPSec tunnel between Azure and the internal network (not express route).

remote users connect to AVD via https://client.wvd.microsoft.com/ and start a browser to browse to StoreFront, log in, and click on an icon

Between 5-10 minutes (varies, might also be longer than 10 mins) the session will freeze. Data packets are going out but packets never return to the session (watching this via Connection Center/Properties) The back end session is working because if an admin sends a message to the user via Director, the user can disconnect the session and reconnect, and everything springs back to life and the admin message appears on the screen

Initially I thought it was https://support.citrix.com/article/CTX462384/windows-cwa-ica-session-freezes-810-minutes-after-session-launch but disabling client printer mapping made no difference.

 

If I stop using the full Workspace App and switch to Workspace App for HTML5 then the freezing no longer occurs.

 

NOTE that they're not using Citrix ADC - they've got SSL certs on every VDA so can use HTML5 directly to the VDAs. This means that it's using DTLS for Workspace App full client on TCP 443 and also for HTML5 - I'd initially thought it might be due to port 2598/1494 being blocked as it returned back to Azure, but as both access methods are using TCP 443 that cannot be the case. Also there is no IDS/IPS inline that I'm aware of.

 

Regards

 

Ken

 

Hi There,

Were you able able to find a solution to your issue? 

Link to comment
  • 0
On 6/27/2023 at 1:11 AM, Ken Zygmunt said:

 

 

 

Hi

 

I'm in the middle of a similar issue for one of my customers but they're running 1912 CU7. 

They have 500 AVD desktops with Workspace App installed.

There is an IPSec tunnel between Azure and the internal network (not express route).

remote users connect to AVD via https://client.wvd.microsoft.com/ and start a browser to browse to StoreFront, log in, and click on an icon

Between 5-10 minutes (varies, might also be longer than 10 mins) the session will freeze. Data packets are going out but packets never return to the session (watching this via Connection Center/Properties) The back end session is working because if an admin sends a message to the user via Director, the user can disconnect the session and reconnect, and everything springs back to life and the admin message appears on the screen

Initially I thought it was https://support.citrix.com/article/CTX462384/windows-cwa-ica-session-freezes-810-minutes-after-session-launch but disabling client printer mapping made no difference.

 

If I stop using the full Workspace App and switch to Workspace App for HTML5 then the freezing no longer occurs.

 

NOTE that they're not using Citrix ADC - they've got SSL certs on every VDA so can use HTML5 directly to the VDAs. This means that it's using DTLS for Workspace App full client on TCP 443 and also for HTML5 - I'd initially thought it might be due to port 2598/1494 being blocked as it returned back to Azure, but as both access methods are using TCP 443 that cannot be the case. Also there is no IDS/IPS inline that I'm aware of.

 

Regards

 

Ken

 

 

Same issue here with 2203 CU3, affecting some clients but not others. We have a support case open, but nothing so far. Ours is all on-prem, but same type of configuration (VDA SSL etc). Did you find a resolution?

Link to comment
  • 0

Hi Guys

 

yes, we resolved this. Turns out it was an issue caused by IPSec and MTU size. We hardcoded the MTU on each Citrix VDA as the main issue was with data coming back from the VDA not data being sent to the VDA.

 

see also https://support.citrix.com/article/CTX231821/how-to-configure-mss-when-using-edt-on-networks-with-nonstandard-mtu

 

When using Azure:

If ICA traffic has to traverse an Azure Gateway, the EDT MTU must be set to 1350 since Azure limits the MTU on the Azure Gateway to 1400.

If using an Azure-hosted Citrix Gateway, the EDT MTU must be set to a value lower than 1500

 

Regards

 

Ken Z

Edited by KAZIMIERZ ZYGMUNT
typo
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...