Jump to content

Sabine Ludewig1709156713

Members
  • Posts

    44
  • Joined

  • Last visited

  • Days Won

    1

Posts posted by Sabine Ludewig1709156713

  1. Hi guys,

    I keep getting eventlog entries on the delivery controller saying that plaintext password was used.

    This happens during log on through Netscaler and whenever I start a published application.

    Setup is Win2019, Citrix 1912 CU2, Netscaler 13

    What I've already done to secure communication channels:
     

    - Bind certificate to IIS on Storefront servers for Default Website port 443,  but kept default port 80
    - Set communication with DDC on each SF-Store to HTTPS
    - Install certificate on DDC
    - Register certificate with brokerservice.exe (netsh http add sslcert...)
    - On Netscaler set STA to https for Citrix Gateway Virtual server

    - LDAP policies (LDAP server) authentication is set to SSL, Port 636

     

    What am I missing ? Do I need to enforce SSL at some point?

    Thanks a lot

     

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Event ID:      4624
    Task Category: Logon
    Level:         Information
    Keywords:      Audit Success
    User:          N/A
    Computer:      DDC.MyDomain
    Description:
    An account was successfully logged on.

    Subject:
        Security ID:        NETWORK SERVICE
        Account Name:        DDC$
        Account Domain:        MyDomain
        Logon ID:        0x3E4

    Logon Information:
        Logon Type:        8
        Restricted Admin Mode:    -
        Virtual Account:        No
        Elevated Token:        Yes

    Impersonation Level:        Impersonation

    New Logon:
        Security ID:        MyDomain\MyUser
        Account Name:        MyUser
        Account Domain:        IBLZ
        Logon ID:        0x838503BF
        Linked Logon ID:        0x0
        Network Account Name:    -
        Network Account Domain:    -
        Logon GUID:        {AnyGUID}

    Process Information:
        Process ID:        0xd24
        Process Name:        D:\Program Files\Citrix\Broker\Service\BrokerService.exe

    Network Information:
        Workstation Name:    DDC
        Source Network Address:    -
        Source Port:        -

    Detailed Authentication Information:
        Logon Process:        Advapi  
        Authentication Package:    Negotiate
        Transited Services:    -
        Package Name (NTLM only):    -
        Key Length:        0


     

  2. Hi guys,

    I hope you can advice me on some best practises for this scenario.

    Our environment is Virtual Apps 1912LTSR CU3 on Windows server 2019, clients with current Workspace App.

     

    I know there's a huge manual about optimizing Teams in Citrix (https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/multimedia/opt-ms-teams.html), just wondering if this is all neccessary and applicable in my situation.

    My client doesn't have its own MS tenant, they only want to participate in meetings set up by externals. So their users don't have a O365 account and there is no on-premises Teams  environment.

    What would be the best way to install the Teams client on the VDA and use optimization with Workspace App.

    Where can I get the appropiate Teams Client from MS (their downloads are bit confusing)?

     

    Thanks a lot

  3. Hi guys,

    I wonder if this is by design or what am I missing here.

    Setup is Windows 2019 with Citrix 1912 CU2 and UPM

    When a user starts a  desktop he receives applications through a Storefront Store and they appear in the startmenu just fine.

    When a user pins a shortcut to an application to the desktop or taskbar, logs off, logs on again, the icons disappear.

    You can see this is happening on refreshing apps, that is starting Workspace App and refreshing applications or starting selfservice.exe -poll

    If we don't refresh apps (usually through logon script), the icons remain white but are useable

     

  4. Hi there

    I'm looking for a way to accomplish the following task

    Old Profile Dirfor Win2012R2: ...\TSProfileXA7$\#SamAccountName#.!ctx_osname!\ -> Testuser.Win2012R2

    New profile Dir for Win2019: ...\TSProfileXA2019$\#SamAccountName#.!ctx_osname!\ ->Testuser.Win2019

     

    'Migrate User Store'  ist set to ...\TSProfileXA7$\#SamAccountName#.!ctx_osname!\

    'Path To Userstore' is set to : ...\TSProfileXA2019$\#SamAccountName#.!ctx_osname!\

    'Migration of existing profile' is set to: Local & Roaming

    'Automatic migration of existing application profile' is set to: Enabled

     

    The idea is to migrate old profiles from Win2012R2 to Win2019 AND move them to a new store in the same step

     

    Migration to Win2019 works fine if I don't enable 'Migrate User Store'

     

    When I enable 'Migrate User Store', UPM looks for a Win2019 profile in the old Store, which doesn't exist. So a new profile in the new store is created

     

    Is it possible to do both task in one step?

     

    Thanks a lot

  5. We finally figured it out ourselves. It turned out my collegue had converted the local c:\ drive into a dynamic disk because he was tight on disk space for the inplace upgrade. Since the docs only mention this as being incompatible with the write cache disk, he didn't bother.

    After using the ver first version of the reverse image which was a basic disk, verything worked fine.

    Citrix really needs to update their docs because this and the incompatiblitiy of GPT partitions is only mentioned regarding the write cache disk,not the c:\ drive

     

    • Like 1
  6. Hi there

    hope someone can help me on this

     

    We did a reverse image of a Win2012R2 / Ctx 7.15 device, uninstalled all Citrix components and Vmware Tools.

    Then we did an inplace upgrade o Win2019 and installed VDA and PVS target software for ctx 1912CU2

    PVS server is 1912CU2, fresh install

    target device boots from iso image and connects to pvs server just fine.

    vdisk is found during boot process and is visible in tray icon

    image.thumb.png.431903d3e65828b50e5b6541c7557eb5.png

     

    Nevertheless i receive the following error after rebooting

    image.png.7f9185cf431e268832b4e29a76754958.png

     

    If I start P2PVS.exe manually, I get this one

    image.png.d234ce1679401650c02f8424b9423a01.png
    A file cannot be created if it already exists

     

    According to https://support.citrix.com/article/CTX133272, I checked:

    one network card, is vmxnet3, no ghost nics

    IP6 is off

    vdisk is in private mode

    no locale virus scan, guest introspection via vmware

     

    There are tons of filter drivers, but I don't know what they are used for or how to change their order
    image.thumb.png.443a2db33ea3e52529d64b66cd0f09c8.png

     

    This has been driving me crazy for two days now

     

    Thanks a lot

     

     

    image.png

  7. Hi guys

    we are planning a farm upgrade from Citrix 7.15 to 1912 LTSR AND Windows 2012R2 to 2019

    I'm struggeling wih PVS server/target device compatibility.

    Can I connect a Windows 2012R2 /7.15LTSR target device to a Windows 2019 / 1912LTSR PVS server?

    If not, what would be the best path to upgrade?

     

    For pre-testing purposes of target devices, which target device version works on Windows 2019 that can connect to PVS 7.15 PVS server?

     

    Thanks

  8. Hi there

    I just upgraded successfully to SF 1912. 

    My question is: Is there a way to sort icons on the home tab/favorites?

    As of now they are all unsorted, perhaps in the order they were added years ago.

    But since there is no way of rearraning them by he user himself, can we just sort them alphabetically ?

    Thanks

  9. Hi

    my client wants to change passwords of all service accounts.

    So is it possible/recommended to change the passwords of SF service accounts like 

    NT SERVICE\CitrixClusterService

    NT SERVICE\CitrixConfigurationReplication, etc
     

    If possible, how can I achive this and what Storefront tasks need to be done afterwards, i.e change password in SF services etc

     

    Thanks a lot

  10. Hi guys, hope you can give me some advice on this.

    My client want to migrate from Win2012r2 to Win2019 and from XenApp 7.15 to 1912

    My original idea, as found in a CTX article, was to set up two new Servers with Windows 2019, install SF 7.15 CU6, Export/import SF settings and upgrade to SF 1912.

    But according to the product manual, SF 7.15 is not supported on Win2019, only up to Win2016.

    Would it work anyway or do I have to get two temp. server 2012R2, do the SF upgrade as planned and then move to Win2019 in a second step?

    Thanks a lot

  11. Hi there

    I'm running a Netscaler VPX 13 and I need a user who is only allowed to download log filesv ia SFTP

    I understand, that I can't limit him on directory level and that's ok.

     

    I created a command policy which only allows  (^sftp.*) and he can log on just fine.

    But he can also do everything on file level, like renaming, deleting, uploading etc

    He is only assigned this policy. Adding the default read-only policy doesn't change anything.

     

    Is there a way to limit him to

    - log on

    - change directory 

    - download (get)?

     

    Thanks a lot

     

  12. On ‎6‎/‎11‎/‎2019 at 1:04 PM, Anthony McCloat said:

    Many thanks.

    Appended "|(^sftp.*)" to the end of my existing expression and resolved my problem.

    Can you share your custom exporession please. I have the same issue

    Tried to extend the default read-only policy by adding "|(^sftp.*)", but can't login  via SFTP

    Thanks a lot

  13. I have the same question. We need to keep the logfiles for an extend period of time and I'm worried /var will not be big enough. Netscaler VPX13 on Vmware.

    So if I attached a second disk, where would this additional space go? To the / filesystem?

  14. Hi there,

    I've set up a netscaler VPX v 13 (CAG only license) to authenticate via LDAP & Radius, Radius on different appliance

    LDAP only works fine

    Radius services show online in netscaler and monitor with testuser authenticates fine, too.

     

    My problem is that I can't connect with LDAP plus RSA token.

    According to the Radius guy the token is in new-pin mode and therefore requires to set a new pin on first Login.

    But the window to set a new pin doesn't come up when I try to connect, ,neither via Receiver For Web nor for Receiver Self Service

    I can't find any clue as to whether this would even be possible.

    Any help is very much appreciated

    Thanks

  15. I know this post is pretty old, but did you find a solution?

    We have the same Problem with Xendesktop 7.15

     

    - Set-BrokerEntitlementPolicyRule "DeliveryGroup" -SessionRecoonection DisconnectedOnly run on DG

    - GPO RDS Setting "Restrict eah user to a single session" - Disabled

     

    Doesn't work neither on Webinterface nor on SF

    Webinterface Settings are the same as for the old XA 6.5 farm where it works perfectly.

    Not matter if I disable or enable Workspace Control, makes no difference

     

    Thanks

×
×
  • Create New...