Kalpesh Mistry1709156584
-
Posts
14 -
Joined
-
Last visited
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by Kalpesh Mistry1709156584
-
-
We have a client that requires OKta integration with Netscaler to lauch published apps on XenApp 7.15.
So far we've setup a FAS server, connected this to our CA server and setup a Store on Storefront to request access to apps via this FAS.
When users authenticate with Okta it does bring up the Storefront page with the list of avaialbe apps for the user.
But when a user attempts to lauch an app they see "Cannot Complete Request"FAS server events shows that the certificate request for the users are being issued.
No errors on the VDA event logs (VDA is a Win 2008 R2 with 7.15 Agent)
Storefront events shows...Event ID : 28
Failed to launch the resource 'App Name' using the Citrix XML Service at address 'http://DeliveryControllerName/scripts/wpnbr.dll'.The XML service returned error: 'unsupported-client-type'.
Delivery Controller events shows...Event ID : 1106
The Citrix Broker Service failed to broker a connection for user 'username' to resource 'published appname'.The required protocol 'HDX' is not configured for this resource or the resource might not advertise this protocol.
Has anyone come across this before or have any suggestions on how to resolve this?
ThanksKal
-
We have a client that requires OKta integration with Netscaler to lauch published apps on XenApp 7.15.
So far we've setup a FAS server, connected this to our CA server and setup a Store on Storefront to request access to apps via this FAS.
When users authenticate with Okta it does bring up the Storefront page with the list of avaialbe apps for the user.
But when a user attempts to lauch an app they see "Cannot Complete Request"
FAS server events shows that the certificate request for the users are being issued.
No errors on the VDA event logs (VDA is a Win 2008 R2 with 7.15 Agent)
Storefront events shows...
Event ID : 28
Failed to launch the resource 'App Name' using the Citrix XML Service at address 'http://DeliveryControllerName/scripts/wpnbr.dll'.The XML service returned error: 'unsupported-client-type'.
Delivery Controller events shows...Event ID : 1106
The Citrix Broker Service failed to broker a connection for user 'username' to resource 'published appname'.The required protocol 'HDX' is not configured for this resource or the resource might not advertise this protocol.
Has anyone come across this before or have any suggestions on how to resolve this?
Thanks
Kal
-
On 7/31/2019 at 3:37 AM, OM Kaewsaenchai said:
I am having same problem with all Farm Broker is version 7.15 and VDA 2008 R2 SP1 is 7.6.xx
After enable FAS, all the VDAs are normall. But only this old VDA 7.6 group fails to launch the application with this error.
Thanks !! Greg Arkin..
Did you ever find a solution to this?
I have the same issue, but on XenApp 7.15 VDA
No errors on the VDA
Storefront shows...
Failed to launch the resource 'App Name' using the Citrix XML Service at address 'http://Delivery Controller Name/scripts/wpnbr.dll'. The XML service returned error: 'unsupported-client-type'.
Delivery Controler shows...
Event ID : 1106
The Citrix Broker Service failed to broker a connection for user 'username' to resource 'published appname'. The required protocol 'HDX' is not configured for this resource or the resource might not advertise this protocol.
-
Trying to implement the SMS OTP feature as described here - https://www.citrix.com/blogs/2020/07/01/citrix-adc-native-sms-otp-integration-for-2fa-requirements/
Has anyone being able to implement this successfully?
I've been through the Citrix docs on this https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/authentication-methods/web-authentication/sms-two-factor-authentication.html
but it does not seem to be complete.
-
On 9/11/2020 at 8:52 AM, Richard Saintot said:
Hello,
Following this citrix blog article (https://www.citrix.com/blogs/2020/07/01/citrix-adc-native-sms-otp-integration-for-2fa-requirements/) does anybody have tried to implement this feature ?
Thanks in advance
Regards
Richard
Hello Richard
Did you eventually manage to implement the SMS OTP feature?
-
Citrix ADC firmware 13.1 9.60
Following an ADC firmware upgrade from 12.1 to 13.1 9.60 we have reports of certain user accounts are unable to authenticate on the Gateway page for Storfront access.
The users see the gateway page go grey and see a spinning circle.
If the users affected login with "Domain\Username" then this works fine. Before the upgrade the users have always logged in with just "Username"
All working and non-working users connect to the same group of LDAP servers for authentication.
I have tested one of the affected user accounts on 3 other desktops and 4 browsers and don't see any problems, i.e logs in fine with "Username"
This user has a Win 10 desktop and has tried logging in via a Chrome and Edge browser.
This is what aaadebug shows when the user attempts to logon with "Username"....
/usr/home/build/adc/usr.src/netscaler/aaad/ldap_drv.c[966]: receive_ldap_user_search_event 0-134477: User search succeeded, attempting user authentication(Bind) for <SJones>
/usr/home/build/adc/usr.src/netscaler/aaad/ldap_common.c[511]: ns_ldap_check_result 0-134477: For user SJones, LDAP authentication failed (error 49): Invalid credentials
/usr/home/build/adc/usr.src/netscaler/aaad/ldap_drv.c[2262]: receive_ldap_user_bind_event 0-134477: ldap_bind user failed for user SJones
/usr/home/build/adc/usr.src/netscaler/aaad/ldap_drv.c[2289]: receive_ldap_user_bind_event 0-134477: Doing ldap authentication for user SJones, Other invalid credentials: lctx->lflags = 00000000, lconf->flags = 00000004
/usr/home/build/adc/usr.src/netscaler/aaad/naaad.c[5142]: send_reject_with_code 0-134477: sending reject to kernel for : SJones -
Hi, Did you manage to find a solution to this? We have the same issue
-
XenApp 7.12
VDA OS - Windows 2008 R2
We have an intermittent issue on our XenApp 7.12 site. Random users are unable to see their local drives within the published application that they launch.
The drive in some of the applications is displayed as "Other" with a blank icon.
This has been working fine for many years and i can see that the Citrix Policy to allow fixed client drives is still in place.
We use roaming profiles with UPM. For most cases where a user has reported the issue it can be resolved if the roaming profile is deleted.
For most users that are affected I also see this entry in the VDA Application log...
Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights
DETAIL - The file cannot be accessed by the system
for C:\users\<username>\Appdata\Local\Microsoft\Windows\\UsrClass.dat
The local profile path show the UsrClass.dat as zero bytes size. I have seen some articles that mention that the above error can occur if the HKEY Users DEFAULT profile in the registry is bloated, but i have checked this and it is not the case.
-
Hi All
I'm trying to install XenApp 7.15 CU5 VDA using the cmd line as an unattended install. This is how my script looks...
xendesktopvdasetup.exe /quiet /noreboot /components vda /controllers "<FQDN of controller(s)>" /disableexperiencemetrics /enable_hdx_ports /enable_remote_assistance /installdir "E:\Program Files\Citrix" /logpath "E:\Logs" /exclude "Personal vDisk, Machine Identity Service, Citrix Personalization for App-V - VDA"
This works fine, but with or without the "/noreboot" option the install still requires a server reboot a couple of times.
(This is from a msg in the the log file - "XenDesktopSetup:To complete the process, restart the machine.").
This is not such a big problem, but the issue i have is that the installation will only continue after i log onto the server desktop following the reboots.
Has anyone found a way around this so the install can complete without any user interaction?
-
Hi Silvio
Managed to find a solution to this,...
On my 7.5 VDAs I have the following registry items which are missing from the 7.15 VDA....
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
Value : c:\progra~2\citrix\system32\mfaphook.dll
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs
Value : 1
Once I added both of these the apps are launching without the need to reboot the server.
I did not implement the 7.5 Site, so its likely these were added manually.
Kal
-
XenApp 7.15 CU5
VDA's on Windows 2008 R2
Delivery Controllers on Win 2016
Storefront on Win 2016
I've recently upgraded our XenApp 7.5 VDA's to 7.15 CU5. This was done by uninstalling 7.5 before installing 7.15.
The VDA's were then registered against a new 7.15 CU5 site.
Apps launch fine from this new site, but every 2 to 3 days any of the servers in the delivery group would fail to launch the application.
The receiver progress bar goes through the motions with no issue, but no app appears on the client screen.
Citrix studio and the app server show that a session has been started on the server with "Active" state.
Nothing obvious is seen on the VDA, DDC or Storefront event logs.
Its only after the VDA is rebooted that apps start to launch again successfully.
The Delivery group is only configured for apps and no desktops, however if i configure the DG with a desktop it opens up with a grey screen.
Legacy Graphics is disabled on the DG
With Legacy Graphics enabled the desktop seems to open ok. And when i launch applications these also open, but within a non-seamless window.
So it does seem to be some sort of graphics display issue.
I have tried setting the registry key Seamlessflags with 0x4 (as recommended by Citrix), but still no joy.
Has anyone come across this or have any suggestions?
Thanks
Kal
-
Hi Julian
The setup we have does use SSL 636 and the "Allow Password changes" is ticked on the LDAP policy
I can see that the password expired messages does work when I test it myself with an account which has the "Change password at next login" ticked.
The issue is that we have reports of some users seeing the message when their password has expired, but there are many other users that never see the message and the gateway seems to accept the expired password.
Its only after they launch their apps and get disconnected that we see events on the Windows OS Security log showing the users account has become locked.
This is what's making me think it maybe a client browser setting that maybe preventing the "password expired" message from being display?
Regards
Kal
-
Netscaler - V11.0 71.22 nc
We have a Netscaler accessing Storefront. Both are configured so that users are allowed to change their password.
So i'm aware that the Netscaler will only prompt a user that their password has expired and will NOT warn the user when the password is about to expire.
We are seeing that random users never receive the Password Expired message even when their AD account has the flag "Password Never Expires" disabled. These users are able to sign into the gateway with their expired password and launch the app, but are then disconnected when the published apps Windows OS recognises that their password has expired (security event logs)
Anyone come across this? Could this be a client browser setting that's failing to display the message?
Thanks
Kal
The required protocol 'HDX' is not configured for this resource or the resource might not advertise this protocol.
in XenApp 7.x
Posted
Hi Jeff
Controller is on CU5
VDA are on CU8
Just tested on another VDA with the same setup and i'm not seeing the same error which is a bit odd.
Maybe a VDA Agent re-install may help ?
Thanks
Kal