Andy Vanderbeken
-
Posts
237 -
Joined
-
Last visited
-
Days Won
8
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by Andy Vanderbeken
-
-
10 hours ago, Ken Zygmunt said:
Andy
Edit your Gateway vServer and let me know what your "ICA Only" is set to in 'Basic Settings'. I'm guessing it's set to true?
Regards
Ken Z
Hi Zygmunt,
no. I clearly and explicitly mentioned my CAG installation as a "basic ICA ONLY Netscaler Gateway" in my OP to indicate that to anyone that reads this post:
-
Hi Scott, I had just added the info after creating the post. Please refresh the page
-
I'm currently setting up a copy of our productional basic ICA ONLY Netscaler Gateway from scratch for QA purposes in order to validate our existing installation procedures and implement new changes. 1 of those changes is simply replacing the deprecated classic policies by advanced policies but when I do so I find that logging on to our published Citrix desktops suddenly no longer works but instead gives:
with the following syslog message:
When I unbind that new advanced policy from the Virtual Server and bind once more the classic version (which uses the exact same session profile) instead all immediately works fine again and there is no more warning log entry in the syslog. Here are both policies side by side:
Anyone come across the same problem or have any idea ? Switching between both policies is litteraly the only change I'm making between working or not.
Additional info
Netscaler firmware version:
-
Then I fear that this may simply be a limitation of the built-in Citrix client device redirection functionality of the Citrix Workspace app. I have seen similar cases where for instance copying japanese files from the client to the Citrix session was not possible since the japanese chars could not be interpreted and thus equally got translated into something like "??????".
-
try changing the international non-unicode setting on the VDA to the slovakish matching keyboard and reboot. Then test again. If it's a non-persistent PVS image, make the change in a copy of your existing productional batch and have end users test in there.
START-RUN-"intl.cpl"
-
Hey Carl, thanks for your reply. Do you have any practical experience with any of those solutions or can recommend one in particular with regard to the functionality I'm looking for ?
-
Long ago back in the days of Citrix "Metaframe" and leading into "Xenapp" before the revamp there used to be an optional software component called "Citrix Resource Management". It kept a perfect history track of exactly who used exactly what software on your VDA servers, how many times and when exactly, down to the very last .exe (at process level). You could pull complete reports from software usage over up to a year ago and filter on specific processes and much more.
When citrix tried to reinvent all their basic components during making of Citrix CVAD as a replacement solution from scratch they came up with "Citrix Director" as closest replacement for a history of user logons etc but the super detailed application/process usage part seems to be missing still up to today.
How do you workaround this or what alternatives are you using successfully to accomplish the same thing ?
-
3 hours ago, Jens Belting said:
..We also have the issue that the mouse cursor/iBeam (the typical thext marker type of cursor) is getting white/transperent/disappear in search fields from browser, windows searchbox and in text fields/main window of MS Office apps like Outlook. Primarly when there should be the "iBeam" Cursor. CVAD 2303 on XenServer 8.2 LTSR CU1 with NVIDIA vGPU profiles (A16/A40), different images have the same issue (Win10/WinServer22). Endpoints are Dell TC3000 Thin Clients (CWA for Linux, 2209, 2302, 2305) and it also occurs for example when having CWA for Windows (latest, 2305) in fullscreen mode (in window mode it doesn't occur with the CWA for Windows). At first we thought it is a Linux problem only, but during the tests we now see it too on Windows. Not really sure about the root cause. We tried to upgrade to CVAD 2305 on VDA side, but we have some issues with that (ctxuvi errors and so on), so that we stay for the moment with CVAD 2303 on the VDA. Not opend a Citrix Case until now, that would be the next step.
Is this similar to your problems? Anyone with a valid fix or valid information from Citrix?
Thanks in advance.
and what exact version is your local machine's GPU driver right now (assuming you have already tried my solution of updating it to the latest version which solved it for me) ?
-
To fix this:
1. Temporary publish a full desktop on the same VDA server (or server pool) as where you published SAP and give access to the user that experiences this problem
2. Have the user that experiences this problem log on to that full desktop
3. Set the file association for SAP in that full desktop just as you would do on a local Window 10/11 installation.
4. Test the published application again. It should be fixed at this point
5. Optional (cleanup): Remove the temporary published application
Note: Step 3 only makes the change for that user in his/her windows userprofile. To make the change on a larger scale you simply set the default file association for SAP once inside your golden image or VDA server so that everyone that logs on to that server gets that setting by default. Alternative use scripts or other automation to set it for all users.
-
then you should do a factory reset to delete and clean out your graphic driver completely before reinstalling the latest version or use one of those GPU driver cleaner programs
-
Update and conclusion: I just received the solution from the Citrix case assigned engineer and verified it successfully so I'll just copy paste it here for all of you:
"We have checked and found that AMD had driver issues."
It's fixed in their latest release: https://www.amd.com/en/support/kb/release-notes/rn-rad-win-23-4-1
Have a great day !
-
Update: I have opened Citrix CASE 81812600 as well as provided the case assigned engineer with this public discussion thread for follow up. In addition we did some testing and troubleshooting and found the following new and relevant information:
-The cursor does not go invisible in fact but turns from color black to color white whenever it hovers over an editable field (=enter text) where the default Windows mouse cursor typically is being replaced by the so called "text cursor" as shown below:
Since this cursor's color turns from black to white on affected machines it gives us the illusion of dissappearing alltogether in text editable fields with a white background but I noticed that if you do the same in the body of an email that has black text in it you can in fact see this exact cursor in White color as you move it over black text or other black background.
On a Windows 2019 server inside the VDA I do not see any options to forcibly change the cursor color other than these:
and these also seem to have no effect on the problem or those settings are being completely ignored as the cursor stays white no matter what I select here.
Also interesting to note if someone else sees your screen through Team sharing they WILL see the text cursor correctly in black color while you yourself do not ! Also if you freeze the image with a screenshot capturing tool for instance then in that frozen moment where you make a screen selection you will also see the cursor in the correct color so it's really some sort of emulation error.
Finally the problem also happens in RDP sessions, not only in Citrix ICA sessions
-
1 hour ago, Stefan Wielers said:
You could try to change the mouse pointer scheme to "Windows Black (system scheme)" inside the session.
it was the very first thing I tried when I noticed this problem the first time. To my great surprise the black cursor dissappeared just as well. That's when I realized the problem runs deeper
-
Exact same problem here on a Lenovo Ideapad 5 series 14" with a ryzen 5 cpu and integrated AMD Radeon GPU. Been driving me nuts so far. Also solved as soon as I reconnect from my other pc's. My bet is that this problem is related to the integrated AMD graphics.
-
Did you make sure to also set the necessary matching permission on the client-side (Workspace app) ?
-
Rado,
you need to:
1. Log into your Citrix online license portal https://www.citrix.com/account/#/manage-licenses-tool/overview
2. Make sure the CVAD licenses are correctly allocated to your on-prem license server name there. Correct if needed
3. Redownload your license file while selecting to includ ALL allocated Citrix products you are using (pvs, cvad, ...) and import it into your on-prem Citrix licensing tool until you see:
-
-
2 minutes ago, chris walker1709156149 said:
I am in this situation with this license. Could somebody please explain what Andy Vanderbeken means in the last post when he says.
"The solution was to simply completely decommision our existing license definitions in the online portal and starting the new ones instead".
Is it possible for me to update the license files with the date updated or will it always stay with the old date? because these 2 products have old "Product Dates".
#CITRIXTERM FEATURE 2.0 CNS_V5_SERVER DE Citrix ADC VPX 5|Server
#CITRIXTERM FEATURE 3.0 CNS_SSE_SERVER DE Citrix ADC Standard Edition|Server
Although I can not confirm the dates when the products expired.
To be able to upgrade to the latest firmware and maintain Citrix Gateway functionality do I need to buy a new license?
Hi Christopher,
It practically speaking means that you will have to:
1. Log on to your license portal and view your current licenses and click on "view my products"
2. Inspect the expiration dates there for your existing Netscaler products, identify any obsolete as well as active licenses with correct future expirations
and note the order numbers on the right side for the ACTIVE (=valid) ones
3. Go look on the other tab "Manage my licenses"
"View all licenses"
4. Find the specific Netscaler licenses with the same order number, ensure those are the ones allocated to your Netscaler (return faulty ones first if needed) and then download the resulting generated file for that active license to replace your current faulty one by uploading this new file into the Netscaler.
-
30 minutes ago, Thamarai Kannan1709157603 said:
Hi Andy,
I saw your note and facing the same problem as DG information gets duplicated after performing import/export options. Can you please let me know how do correct them manually? I have posted my question here.
https://discussions.citrix.com/topic/417882-citrix-policies-migration-from-715-to-2203-ltsr-cu1/
Hi Thamarai,
I saw your screenshot but I do not remember getting these duplicates. I believe I named my new delivery group something slightly else in the target environment so this problem didn't happen for me.
-
To everyone: After the source of this problem has become clear and the solution validated I have this conclusion to share:
As of the mentioned Netscaler firmware Citrix (sneakily) built in a hard check for the technical license file format causing it to fail whenever something is considered wrong with that file. On top of that, much earlier Citrix had also made a non-communicated technical change to our licenses on our online licensing portal during our yearly renewal (creating new identical license definitions beside our existing ones) causing the existing format of our downloaded license files to no longer be accepted by this new firmware and cause it to revert to freemium, even after return and reallocation.
In other words in retrospect our existing license definitions had become a technical problem as of that moment in the past but we never realized as a customer because there was no hard check in the firmware and no communication from Citrix
The solution was to simply completely decommision our existing license definitions in the online portal and starting the new ones instead that Citrix had put there without communicating. License files downloaded from these new definitions have the correct technical license format with up-to-date dates in it and cause no issues.
-
On 10/14/2022 at 9:41 PM, Carl Stalhood1709151912 said:
Citrix removed that license long ago. The replacement is the freemium license, which doesn't include Citrix Gateway. I think the 13.1 firmware is now checking the dates in the license file and thus that's why the license stopped working.
Hi Carl,
I suffer from the same problem and notice that indeed after the upgrade my valid license now instead gets interpreted as a "freemium" license as of 33.xx, even after reallocation and generation of a new and different license file ! I also tried just changing the date mentioned in the 3 green locations (screenshot below) but it doesn't seem to change the behaviour. As soon as I reboot the Netscaler after editing the date in the license is considered "freemium" once more, even before upgrading the firmware. This leads me to believe that as soon as you manually tamper with that file it becomes invalid.
Note that redownloading the license file or even reallocating does not change that date mentioned in the license file for me. If I read your documentation:
https://www.carlstalhood.com/system-configuration-citrix-adc-13/#upgrade
I'm lead to believe that for you it does change it.
Have you been able to successfully fix it by changing the date ? If so, what exact modification did you make to get it to work ?
Thanks in advance
-
Hi Derek,
yw. Yes it's a bit of a mess right now tbh in order for administrators like us to try and find the 'right combination' of Citrix product versions in order to build a nice and stable cocktail while having all the features. I'm doing pretty ok now running VDA 2203 CU2 with a few hotfixes, CWA versions 22.7-22.10 on our clients and Teams 1.5.0.21668 in the (Windows 2019 Server) VDA golden image used over Netscaler 13.1 24.38
In general design-wise for the future I greatly advise you to go as flexible as possible in order to be able to switch server and client versions easily and on-the-fly as the Citrix landscape can change any second nowadays ?
-
Following up here as well after running 1 week with as only extra change the following key:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Reconnect
Name: DisableGPCalculation
Type: REG_DWORD
Value: 1
=> no impact of any kind at all since adding this reg key. Then again I didn't have this problem anymore since the private fix.
However, another problem I'm having though is occasional winlogon.exe crashes when people try to reconnect:
Application:20221027080232.285346-000:1000:1000:Error:Application Error:Faulting application name: winlogon.exe, version: 10.0.17763.3232, time stamp: 0x21195be7 Faulting module name: icagfxstack.dll, version: 7.33.1000.7, time stamp: 0x62e2a099 Exception code: 0xc0000005 Fault offset: 0x000000000000c2e8 Faulting process id: 0x6d18 Faulting application start time: 0x01d8e9da753bd514 Faulting application path: C:\\Windows\\system32\\winlogon.exe Faulting module path: C:\\Program Files\\Citrix\\HDX\\bin\\icagfxstack.dll Report Id: 759953b4-659d-46b6-8583-87c6df3dcb1a Faulting package full name: Faulting package-relative application ID:
People that have this problem then often (but not always) can no longer reconnect correctly to the session until I restart the "Citrix Desktop service" service on the VDA server where the user's session resides.
Is anyone else having this in their environment ?
-
On 9/27/2022 at 4:34 AM, npatel287 said:
@Andy Vanderbeken What registry fixes are you using?
FastReconnect
DisableGPCalculation
EnforceUserPolicyEvaluationSuccess
Support wants us to test FastReconnect alone without the other two, but we did see EnforceUserPolicyEvaluationSuccess work as my noted in my previous post.
Oh totally missed this question somehow.
EnforceUserPolicyEvaluationSuccess I haven't used up till now but I'm going to start trying it out this very week to see if it does anything additional to my environment
DisableGPCalculation I don't use at all apparently in my build
I have been using Fastreconnect since March 2020 because it was a known fix for occasional reconnection issues because of a new windows 2019 mechanic. I immediately opened a case even before bringing this new build productional which eventually lead me to this particular reg key fix. I just dove into my old personal build notes from back then and there I find the following relevant part:
-Added the following Registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Reconnect]
"FastReconnect"=dword:00000000Note: this solves an issue where people sometimes cannot reconnect anymore to a (disconnected) session and thus lose all their open applications and unsaved data.
(https://support.citrix.com/article/CTX256900)
*this build will go live on all relevant servers at 21-03-2020
-
1
-
Netscaler Content-Security-Policy: This policy contains 'unsafe-inline' which is dangerous in the script-src directive
in NetScaler Gateway
Posted
dear colleague administrators,
When you nowadays perform a clean fresh install of a Netscaler using the latest Citrix sources (e.g the .OVF VMware images) I notice that Citrix has embedded specific Security Content Policy parts inside the firmware that are yet considered unsafe in terms of best security practices by pretty much all external security check sites:
When doublechecking Citrix' latest official recommendation on this in their documentation I find:
https://support.citrix.com/article/CTX233095/how-to-create-rewrite-policy-for-security-headers
In this article which was updated only last month we see in fact that manually adding the "Unsafe-Inline" entries is actually still being recommended for Netscalers running older firmware that don't have this code baken in yet. I'm lost as to which is the correct action to take in terms of best security practices. Either Citrix or the CSP security world out there must be wrong. Any input or thoughts ?