[Citrix published apps which is minimized does not open]

The problem is fixed by installing the latest Google Chrome from 118 to 121. And by installing the latest VDA CU of 1912 on the Citrix Session Hosts.

[Citrix published apps which is minimized does not open]

Hello,

 

I've got a weird problem with Citrix published applications. We're currently running Citrix Virtual Apps and Desktops 1912 CU6. And VDA 1912 CU6 is installed on the sessions hosts. After some time a Citrix published application stays minimized on the Windows taskbar. If I click on it the Window does not reappear if we click on it with the left mouse button. Only the small language bar on the top appears. If I click with the right mouse button on the application while holding the shift key and then click on "Restore" only then the Citrix application will reappear. Does anybody have a permanent fix for this issue? Most of the users only work with Citrix remotely through Citrix ADC, so I think it only occurs when working through Citrix ADC.

 

Thank you in advance!

 

Regards,

Robby

[1 user gets security error account is disabled when trying to logon Citrix session server]

Apparently the user was locked within Cisco Duo 2FA and not within AD. This topic can be closed.

[Upgrade to 13.1-xx.xx standalone breaks Citrix Gateway]

Hello,

 

I normally configure every Netscaler ADC with the Xenapp and Xendesktop wizard. Bind certificate, bind authentication method and select storefront => done and download zip file to upload the config into Citrix Storefront to setup the Citrix gateway and TADA everything works like expected. However I noticed as of version 13.1-build-xx.xx this does not work in combination with the Citrix Workspace app it gives the error "unable to add the account with the given server URL. I then found on reddit someone saying the following which pointed me in the right direction:

 

Quote

if you use Citrix ADC 13.1-xx.xx Build, you will need to configure authentication profile on Citrix Gateway vServer (which redirects auth to aaa auth server). "Old" authentication (classic expressions) are not working anymore with workspace app and since you cannot directly bind advanced authentication policies to Gateway vServer, you will need to work with authentication profile.

 

I'm quite sure this is also my issue, but the question is how do I configure an authentication profile to redirect the basic auth to aaa auth. Can someone provide me a small guide, this will be much appreciated! Also does this work with a Standard VPX License?

 

Thank you in advance!

[1 user gets security error account is disabled when trying to logon Citrix session server]

Hello,

 

We've got a strange issue that 1 specific user cannot logon. When logging in via Citrix workspace, the user connects, but gets a windows security prompt "Your account is disabled and cannot access this application. Please contact your administrator." The user is stuck in the logon screen. Filling the user and password again, results into the same error.

Tried unlocked, disable enable etc it does not help.

 

When trying to login onto one of the Citrix session server directly with the same user account it just works.

 

Anyone had a similar issue? Thank you in advance!

[Cannot connect to Gateway with Citrix Workspace/Receiver]

On 4/26/2019 at 12:24 PM, Walter B said:

Good day,

 

I have the following environment: 

• Citrix Gateway 12.1 VPX, Storefront 1811, Virtual Apps and Desktops 7.1811.
• Applications are published via VAD through the storefront store. They are accessed internally via the storefront, and externally via the Citrix Gateway VP
• External users to access apps through the Gateway VPX - ourdomain.co.za

 

Everything works perfect in the internal environment - can access the storefront and apps via the "Receiver for Web" site, as well as via the Citrix Workspace App / Receiver for Windows.

 

From external clients, I am getting errors if I want to connect to the Gateway using the Citrix Workspace app / Receiver for Windows / Online Plugin. It keeps telling me the account cannot be added or the server cannot be contacted. However, the "Receiver for Web" site works perfect through the web browser.  So the situation is as follows for external users:

• I can access the store and apps successfully through Gateway with the URL: https://ourdomain.co.za/Citrix/storeWeb
• With Citrix Workspace app / Receiver for Windows / Online Plugin, I provide the XenApp services URL: https://ourdomain.co.za/Citrix/store/PNAgent/config.xml  , but it cannot contact the server.

 

I have went through my configuration over and over and cannot find anything wrong. Why would the Gateway work through Web URL in browser, but not with XenApp services URL in Receiver/WorkspaceApp? 

 

Would appreciate if anyone can give some advise as to where to start troubleshooting and what to check.

 

Many thanks in advance.

 

Hello Walter,

 

Sorry to bump up your old post. I got the same problem. How did you solve it? Thank you!

[13.1 Upgrade seems to be causing issues]

14 hours ago, Yurok said:

After upgrading from 13.1.27.59 to 13.1.33.52, we are unable to launch any application from the Workspace app externally. Has anyone experienced that?  No callback URL is defined in Storefront.  What else could cause this behavior?

I've configured a new Citrix ADC appliance with new URL and also got that problem I change the FW settings to point to the new Citrix ADC appliance and change the URL on the Citrix Store. After that I set the correct SSL Certificate to match the URL. Citrix web works fine, but the Citrix workspace app, doesn't let me add the account by inputting the new URL companyb.com. If I switch everything back to old URL and in FW and SSL Certificate to old ADC (12.0) everything works. I can't find the missing part...

[Netscaler passthrough Storefront UPN not working if samaccountname is different than UPN name]

I was too soon writing this article. I've solved it filling in the SSO Attribute name field with the samaccountname and server logon attribute with the userprincipalname. This way it works.

[Netscaler passthrough Storefront UPN not working if samaccountname is different than UPN name]

Hello,

 

I've a very weird issue: I've setup  LDAP authentication with netscaler ADC to passthrough to Storefront. I've setup 2 ldap policies 1 with samaccountname, the other with userprincipalname. However only if a user where the samaccountname is different than the userprincipalname then I can't logon externally via netscaler with only the upn and I receive storefront citrix authentication issues with the following:

CitrixAGBasic single sign-on failed because the credentials failed verification with reason: Failed.

The credentials supplied were;

user: user1

domain: domain.local

However the upn what I'm filling in, is this one: user1@domain.com not user1@domain.local (the samaccountname is domain\user1.test. If I try this locally without netscaler then upn works and I can login. I've already tried checking in storefront to fullly delegate credentials to the citrix gateway, but the issue is the same, also adding trusted domains doesn't help either. I'm presuming it's the netscaler adc not passing the domain credentials correctly to the storefront server, or the storefront server is thinking the netscaler is using samaccountname instead of the upn and then the logon fails.

 

It IS correctly working with this situation:

upn: user2@domain.com and samaccountname: domain\user2 then I can logon externally perfectly.

 

I'm really clueless at the moment. Did someone have/had the same problem and solve it? I've already updated to the latest version of Storefront 2203 LSTR CU1, which I thought would resolve the issue, because of an issue with delegation, but it didn't help.

 

Thank you in advance!

 

 

[2FA for guest users only]

Hello,

 

Thank you for your reply. I thought nfactor did not work with Standard license. Are you sure about that? Maybe someone can confirm this?

 

Also a completely different question which I want to know, if you setup a nps with Azure MFA integration how does that work with a Citrix workspace client, Will it prompt for 2fa then or is this only for users authenticating via Storeweb? I found many tutorials, but I only see logon examples for Storeweb connections.

 

Thank you for the information. This helped me a lot already.

[2FA for guest users only]

Hello,

 

Netscaler VPX is succesfully working with Citrix Gateway. At this point only LDAP authentication is being used. Now I want to set up a second password (2fa) for certain guest users, so that those users besides the ldap login, this guest user also needs a seperate password to authenticate. Can this be done? I was looking at creating local users on the Netscaler itself, but then I'm stuck at how to assign this secondary password for those specific users only. Now as a side note: all users are using Citrix workspace client except the guest users, they use the web logon. Is there a way to filter on that?

 

The license being used is a Citrix Netscaler VPX Standard License.

 

I haven't got much experience in Citrix Netscaler yet, so sorry for this newb question. Thank you.

[Winlogon unexpectedly terminated]

Just to let you know, I updated the Citrix VDA to the latest 7.15 CU version and the problem was solved.

[Winlogon unexpectedly terminated]

Hello,

 

For one of our clients I setup a Citrix environment. I've setup new 2016 servers for a clean start, there are also old 2016 server which are running fine in production, but there are a couple of problems on it and I wanted to start with a clean state. I've setup the newly created template server via the manual way (thus not via MCS). I've created a template server and deployed new machines from this template. put those computer back in workgroup environment and rejoined them to the domain with a new name.

 

On the machines I registered the VDA with the Citrix Delivery Controller and added the machine to the machine catalog via AD and the status is "Registered". All looks okay. However when I want to connect to the published desktop with the Citrix client to the newly deployed server I get nothing no logon screen, completely nothing. If I look in the event viewer, I get the following error: Source winlogon => Event ID: 4005. "The Windows logon proces has unexpectedly terminated". However if I use RDP to connect to the server and put the standard user in the "Direct User Access" security group I can logon normally. So most likely this problem is Citrix related.

 

I've googled and found the RDS licensing is not configured correctly, I've changed this to local policy setting and I get no errors anymore, so I don't think this is the case. All Citrix services are running.

 

I'm currently using Citrix VDA 7.9. This is the last thing I can remember is to maybe update this to a new version. However the old servers were also running VDA 7.9 and those have no problem.

 

Maybe I forgot something during the deployment proces, but I did this twice and I've got the problem twice, so the new server don't work..

 

Hopefully you could help me out. Thank you!

[Second delivery group added to store not remotely accessible]

Firewall was indeed the problem! Thank you!

[Second delivery group added to store not remotely accessible]

Hello,

 

Currently I've added a new machine catalog and added a second delivery group to the existing store. Accessing the store internally via citrix.domain.com I can access the published applications on the new delivery group. However I can not access this remotely. When I click on the application from the second delivery group I get the error "Unable to connect to the server. Contact your system administrator with the following error: The Citrix SSL Server you have selected is not accepting connections".

 

A Citrix Netscaler is used.

 

Can someone please help me with this. Very much appreciated!

 

 

[Citrix Server 2016 stays on not registered]

Hello,

 

One of our clients has a Citrix Xenapp 7.9 set up. The machines are manually deployed from a template. The new server 2016 machines will be manually deployed from the template in Vcenter using a customization policy, first joining to a workgroup then joining to a domain. Then the computer object will be created. We Add a machine to the existing machine catalog. That all works, however the new deployed server is not registered.

 

What I've tried is the following: - Changing the existing VDA install and customize this, so it points to the delivery controller. However when I do this nothing changed.

I then found the following article: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/manage-deployment/vda-registration.html#listofsids

 

I manually created the registry key ListOfDDC and restarted the Citrix Desktop service. That worked! However when I reboot the server, the registry key is gone and the status of the server is yet again unregistered.

 

Thanks for an answer!

 

 

[Multiple domains sharing same UPN connecting to different VDI Server OS domains]

Hello,

 

We currently have 2 different domains (contoso.local and siteb.local), but all users exist on contoso.local and siteb.local with the same UPN accounts on site A and site B. There is a site to site VPN to Site A and site B with a 100mbps line.

 

Current setup SiteA (Xenapp 7.15):

Netscaler SiteA (citrix.contoso.com) (LDAP authentication happens on contoso.local) => DDC with (Storefront store.contoso.com) (joined to domain contoso.local) => VDI server OS based pool SiteA. (joined to contoso.local)

 

Now on SiteB we have an old XA 6.5 environment with 2 Application servers (joined to domain siteb.local). We want to delete the old application servers and just add  2 VDI server OS based pool to the same NS portal and DDC on siteA, however the 2 VDI server OS based pool are in a different domain (joined to siteb.local). These machines will be created by creating a new machine catalog on DDC siteA, the machines will then exist on SiteB via MCS.

 

Is it possible to authenticate the users with the UPN account on the NS and Storefront server with the same LDAP authentication to a different domain server OS based pool? Both AD's are using the same UPN account and password.

 

Summary: User connects with UPN through citrix.contoso.com (authenticates on contoso.local) (LDAP authentication happens on contoso.local on SiteA)  => to Delivery controller (Storefront store.contoso.com) (authenticates with UPN on contoso.local) to delivery group siteB (which points to the new machine catalog) => VDI server OS based pool located on SiteB (SiteB.local).

 

Will this work this way or will the logon fail, because another domain is used for the VDI Pool, although the user is logging on with UPN credentials?

Also is the performance going to be fine, because of connecting through a 100mbps line from SiteA to SiteB?

 

Thanks in advance.

 

 

 

[Multiple Dc's with single portal]

Ok, so I found this topic: https://discussions.citrix.com/topic/392849-netscaler-unified-gateway-with-multiple-storefronts-in-different-domains/

 

The above is similar to my environment what I want to achieve. So I'll implement it like that, it's unclear if it'll work though, because the topic starter never mentioned it's actually working. However if I implement it like that, can I still use the Citrix Workspace app to connect to the environment, using the UPN to logon?

 

Thanks for the answers!

[Multiple Dc's with single portal]

I've found this from a blog from Carl, by creating multiple ldap policies. Can't I use this or is this only possible if there is a domain trust? 

 

https://www.carlstalhood.com/netscaler-gateway-ldap-authentication/

 

Look under the part "Multiple Domains"

 

Thank you for an answer

[Upgrading VDA but not the controller]

Thank you! I will try that.

[Multiple Dc's with single portal]

Hello,

 

Thank you for sharing this topic. However if i'm reading correctly. It seems that all user accounts which exist in site B have to be creatief on siteA in order doe this to work? This is not an option. Also it seems that this way it is not possible to connect directly with the Citrix workspace app to Storefront, of i'm reading correctly?

 

Is it also possible to use 1 Netscaler Gateway and 2 storefronts? 1 for site A and 1 for site B? Maybe this is easier to do it this way and I eliminate the need of creating extra accounts on DC A? Do I have to create multiple sites on the Netscaler aswell or can I use the same companyA.com website for this.

 

Thank you!

 

 

[Multiple Dc's with single portal]

I'm still quite new to Citrix and I'm still learning. I hope someone van help me with this 

 

At the moment there is one active portal for our Company A. Going to companyA.com. The Netscaler will pass the authentication to Storefront and the delivery controller and DC A at Site A. Site A has a VDI pool server OS based machines.

 

Now my question is, is it possible to let users from Company B, which is

Also site B use the same portal from companyA.com (Netscaler gateway) with the same Storefront and delivery controller to let users authenticate with DC B? Site B has a different set of VDI pool server OS based images.

 

So I probably need 2 MCS machine catalogs.

 

There is a site to site tunnel between the 2 sites. There is no trust between DC A and DC B.

 

If it's not possible what are my best options.

 

Thanks in advance! This will really help me a lot understanding what's possible.

 

[Upgrading VDA but not the controller]

I've got a simple question, I think it will work, but I just want to be sure. Is it possible to run Citrix VDA 1906CR to have the Citrix optimization for teams and use this together with a Citrix 7.6 delivery controller? Thus, without updating the controller?

 

Thanks in advance.

[Can we change Temporary storage for MCS machine catalog]

There is no other options then to recreate the machine catalog. If you use local storage then you can't migrate the Citrix vm's to another host. When creating the new machine catalog you have an option to set the temporary storage to local storage. deselect that, so you van set the temporary storage on a datastore on the SAN.

 

You can just delete the machine catalog. The vm's will still coexist. The users can still work on those vm's who are logged on. Only new logons will not be processed. During the creation of the machine catalog, then you have an option to create new machines. You can choose to have Citrix let them create for you or create the computer accounts yourself and link them to the existing account. Point MCS to the vda template and let it build the machines again. If you use the same computer accounts and names then you have to power off thé existing ones. So if you're doing this during production hours it is best to create new computer accounts.

[Citrix Receiver desktop on Windows 7 Embedded Standard not working]

To update my previous post. I did not solve the issue with the Citrix receiver. I installed the Citrix online plugin. I enabled the Citrix legacy XML login method so It could use the Citrix Online Plugin to connect to the store.