Jump to content
Welcome to our new Citrix community!
  • 0

User layer - policy evidence is not updated


Alexey Kutuzov1709163409

Question

Hi All,

We stumbled on the following issue with the user layer (ELM2306 + CVAD 1912CU8 LTSR + Windows 10 1809 LTSR) :

Somehow policy evidence Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\1\Evidence\ClientIP is not updated on connection and following user logon leads to the policies applied incorrectly.  In our case, the policies are filtered using Client IP filters (for scenarios when users come from home via VPN and from an internal network). It is possible to fix policies behavior by manually fixing the evidence and making disconnect followed by reconnect.

Digging a bit we also found:

1 ) The evidence actually taken from Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Citrix\PortICA\Policy\Machine\PolicyInputValues

2) There is no issue if the user layer is not used in the same environment, e.g. elastic layers and UPM profiles works without issues. 

3) If we reset the user layer the problem does not appear some time and then gets back.

 

Could you please advise how to fix the described issue? 

Link to comment

3 answers to this question

Recommended Posts

  • 0

By default, we only exclude from virtualization keys that we know should be excluded.  There are millions of keys that get added to the registry, so we don't know by default which ones have to be excluded until someone actually brings them to our attention.

 

In this case, this is a key that we were not aware of.  But you can add this key to the list of keys that we will exclude by adding a value to your registry to add this key to the ones that you want us to exclude.  I would make an OS revision or possibly add a revision to your platform layer where I would imagine you have your VDA code installed.  In regedit, navigate to HKLM\System\CurrentControlSet\Services\Unirsd and add a MULTI-SZ value called ExcludeKey.  Add the following as you see it here because the strings at the front are key to tell the driver what key to exclude: \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Citrix\PortICA\Policy\Machine\PolicyInputValues  Finalize and deploy new images with the change.  That will tell us to skip that key when it is updated when users are logged in.  We will in turn add this key to ones that we will exclude by default in later releases (because now that we know about it, we can exclude it going forward).

  • Like 1
Link to comment
  • 0

I do confirm that applaying the setting below to the platform layer solved the issue.

 

Add the following entry to the Windows Registry: HKLM\SYSTEM\CurrentControlSet\Services\Unirsd\ExcludeKey [multi_SZ] = "\Registry\Machine\SOFTWARE\WOW6432Node\Citrix\PortICA\Policy\Machine\PolicyInputValues" "\Registry\Machine\SOFTWARE\WOW6432Node\Citrix\PortICA\Policy\Session\PolicyInputValues"

 

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...