-
Posts
199 -
Joined
-
Last visited
-
Days Won
5
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by ArnaudP1
-
-
Hi Fabio
You have to use rate-limiting. Limit Identifier would be CLIENT.IP.SRC. Set the limit wisely (for example 3 attempts in 5 minutes). Than bind a responder policy, resetting the connection.
-
Hi Jonathan
A Citrix gateway is recommended to provide more security but not required.
you may need to look at your load balances storefront vserver.
look at the service group to ensure to see both storefront and confirm they are both shown as UP.
thanks
Arnaud
-
Jeff,
You need to have both NetScaler with same Firmware if you want to create a HA Pair.
My suggestion here would be:
1. Upgrade from 12.0 to 12.1 with same Firmware.
2. Configure HA Pair.
3. Validate HA Pair synchronization is working and test Failover.
4. Upgrade secondary node to 13.0 or later and reboot.
5. After reboot, failover and test connection.
6. Upgrade remaining node, reboot and failover.
7. Test connection.
Thanks
Arnaud
-
8 hours ago, Support SADIES said:
Yes the possible solution is upgrade but I read this:
https://www.carlstalhood.com/system-configuration-citrix-adc-13/#upgrade
I don't have licence support and my file licence file has date 2020.0700... I don't sur can upgrade the firmware...
Thanks
Can you try to redownload your license file which should present newer date and as so allow you to upgrade the Firmware.
Thanks
Arnaud
-
39 minutes ago, Support SADIES said:
In this case I would recommend to update Firmware. Starting from release 13.0 build 67.x, nFactor authentication is supported with Standard license.
So Upgrade Firmware and then follow DUO documentation.
Thanks
Arnaud
-
4 minutes ago, Support SADIES said:
So here, you have 2 options:
1. Use nFactor to configure DUO and follow this article:https://duo.com/docs/citrix-netscaler-nfactor
2. Check the LDAP configuration, on LDAP-Receiver, you can uncheck authentication to hide Mode de passe 2, if I am correct.
Thanks for letting me know.
Arnaud
-
22 minutes ago, Support SADIES said:
Hello,
Not . It's a normal Citrix Gateway virtual server. I don'k know why try to launch java
Stuck with this issue
So in this case you need to check your session Profile configuration.
-
On 1/19/2023 at 6:22 PM, Support SADIES said:
I add authentication in Authentication/Dashboard section and bind to vs
For your authentication profile i have:
I dont know how configure it...
I use this guide https://duo.com/docs/citrix-netscaler#configure-the-proxy-for-your-citrix-gateway and I obtain de login a prompt for duo like this:
I can login but after a pop-up and this message appears:
is something about the Content-Security-Policy header.?
Thanks a lot a lot for your help
The message above shows that your are trying to launch SSL-VPN, I think you create an Unified Gateway site instead of Citrix Gateway using the Wizard, no?
Thanks
-
10 minutes ago, Lukas Meyer1709162786 said:
Because we do not have a license for creating a VIP in Netscaler (Traffic Management - Virtual Serer) we think about following setup:
Netscaler ADC
Server 1 with Storefront and Delivery Controller
Server 2 with Storefront and Delivery Controller
DNS-Entry for sf.contoso.com with IP of Server 1 and 2 (Round robin)
On Netscaler Session profile shows to sf.contoso.com
Both Servers as STA configured
Netscaler uses intermal DNS-Server, so will resolve sf.contoso.com with IP1 or IP2
On Store Server 1 and 2 are configured as Deliery Controller with https and load balancing enabled
When we test this by shutdown one of the Servers mostly login failes, sometimes with the message "Ica mode status is not okay".
When we delete one of the dns-entries and wait long enough until Netscaler sees the server as down, it is working well
Could it work like that with dns round robin or is this bullshit?
Thanks for feedback.
Lukas
Which license do you have to now have the option to create Load Balance Virtual Server?
Thanks
Arnaud
-
2 hours ago, Anders Eriksson 2 said:
Hello Anders,
The bookmark should be a web address not UNC path?
-
Hello Dirk,
Yes you are impacted, an update of the article has been done.
Arnaud
-
On 5/18/2022 at 5:48 AM, Jonas Henriksson1709156842 said:
He have issues with bad logon performance on Windows 10 20H2 VDI. We are using PVS and Citrix Hypervisor to host the machines. For user profiles we use Ivanti Environment Manager Personalization. Citrix Optimizer was run on the image.
With ControlUp we get the following result when running Logon Analysis. Can anyone help with how to handle this AppX Load time and the Gap between Group Policy and AppX Phases?
Source Phase Duration (s) Start Time End Time Gap (s)
------ ----- ------------ ---------- -------- -------
Windows Windows Logon Time 0.0 11:27:36.4 11:27:36.4
Windows User Profile 0.5 11:27:38.2 11:27:38.6 1.8
Windows Group Policy 1.0 11:27:38.6 11:27:39.6 0.0
Shell AppX File Associations 3.9 11:28:26.7 11:28:30.6 47.0
Shell AppX - Load Packages 111.4 11:28:26.8 11:30:18.1
Shell ActiveSetup 0.0 11:28:27.0 11:28:27.0
Windows Duration 160.0Hello Jonas,
Did you look here: https://www.controlup.com/resources/blog/entry/logon-duration-research-appx-packages/
It's well explained with lot of tests and details that could help you.
Thanks
Arnaud
-
On 5/19/2022 at 7:08 AM, Nicolas Bautista Correa said:
Hi all:
We are deploying EPA in n-factor for ICA proxy access and we would like to know if EPA uses citrix gateway universal license or the standard licenses.
Currently our citrix gateway virtual server has set the ICA-only option as ON and the CItrix ADC has installed an ADC advanced license
Thank you and best regards
Hello Nicolas,
I would say no as Universal Licenses are used for VPN, running an EPA on Ednpoint does not bring up a VPN.
Thanks
Arnaud
-
1 hour ago, Bert Kaeding said:
Hi all,
netscaler 13.0 85.15 throws the following error when adding an intranet url:
> add vpn url OWA OWA "/owa" -vServerName lb_vsrv_ex2016_owa_ugw -ssotype unifiedgateway -applicationtype VPN
ERROR: Invalid URLSame via GUI.
Any suggestions?
Thanks in advance
Bert
Hi Bert,
The bookmark should not be "/owa" but "https://server_name_fqdn/owa"
Thanks
Arnaud
-
2 hours ago, Matthew Riddler1709154367 said:
Sorry, also I am using LDAP for password auth & hoping to use duo just for 2fa. Also this store will also only be used by the web browser, no requirement for receiver config. Do I need to have the 2 entries in the duo proxy with different ports?
Matt,
I would say no only one port required but you will need to test.Thanks
Arnaud
-
Matt,
Yes StoreFront is just configured with domain.
Thanks
Arnaud
-
3 minutes ago, John Francis1709163149 said:
Arnaud,
Thanks for the info. We installed VDA 2112 on a PC and the user was trying to get connected to that PC through Citrix Workspace and he is getting this. The user logs in and then disconnects, logs in and it automatically disconnects. So, I am not sure what is going on. We have not had any issues when I installed Remote PC on other computers. Also, why would Remote PC use a license since during day time we are connected from the laptop/desktop at office, at this time it should not use the license right? Only if we connect remotely from our home PC or laptop to the REMOTE PC it should take up a license, but when you are physically logged in why would it take the license?
Can you send me the registry key settings?
I found this and we tried adding this
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PortICA\RemotePC
RpcaMode (dword):
1 = The remote user will always win if he does not respond to the messaging UI in the specified timeout period.
2 = The local user will always win. If this setting is not specified, the remote user will always win by default.
John,
I would suggest you to try with on older VDA on the RemotePC, you can just test with 1 one them, just to ensure issue is not a Bug with this release.
You can find details on Reg Keys here: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/install-configure/remote-pc-access.html
Thanks
Arnaud
-
5 minutes ago, John Francis1709163149 said:
We have 25 licenses for now in a test environment. A user is connecting to Remote PC (VDA 2112) and is getting kicked out and looking at the Director Monitor it says session limit reached.
1. How is the licensing for these? Does Remote PC take one full license?
2. We have only 7 users with Remote PC and couple of more users accessing the VDI but we still have enough licenses
Why would it do this behavior? Also, just from last night I started getting
"Connection Interrupted - Citrix Receiver will try to reconnect for 5 minutes
This never used to happen to me at all even though I am using wireless.
Any ideas guys. I saw some registry settings and hopefully we could apply that and get it resolved using this. Any other thoughts or Policy that can be applied. The are regular desktops with VDA installed.
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PortICA\RemotePC
RpcaMode (dword):
1 = The remote user will always win if he does not respond to the messaging UI in the specified timeout period.
2 = The local user will always win. If this setting is not specified, the remote user will always win by default.
Hi John,
Remote PC sessions consume licenses in the same way as other Citrix sessions.
Do you have only 1 user access for each Remote PC VDA?
If not, when a user try to connect, can you check if you already have a user connected to this Remote PC.
Also, by default, a remote user's session is automatically disconnected when a local user initiates a session on the computer, you can change this with a reg key.
For the connection interruption it's usually due to network interruption.
Do you have monitoring in place on your network to check that?
Thanks
Arnaud
-
8 minutes ago, John Francis1709163149 said:
My questions are:
1. Do we have to sysprep a MCS persistent desktop image?
2. I have MS Defender installed on the image, should I do something that it displays properly on the Defender console and it is gettings its updates or scanning properly?
3. Anything else that can be thought of?
Hi John,
To reply to your questions:
1. No, Citrix MCS will take care of it.
2. You should be able to see the VDA in Defender console when they will be deployed.
3. Depend of the applications to be installed ?
Thanks
Arnaud
-
1
-
-
On 3/15/2022 at 11:53 AM, John Francis1709163149 said:
We have cloud connectors for machines that are domain joined that we can access. How can we access non-domain joined virtual desktops and are sitting on EXTERNAL network in Azure.
Hi John,
Did you check information here: https://docs.citrix.com/en-us/tech-zone/learn/tech-briefs/citrix-managed-desktops.html
Thanks
Arnaud
-
10 minutes ago, Patrick Loftheim said:
I have tried creating another admin account just for this purpose, same error...
It gets stuck on connecting when i try to open the session from workspace.
I have tried re-creating several master-images without any improvement.
Yes everything did work before we changed the name of resource-group and network in Azure..
I am having a hard time seeing why these things should be affected in this way by that change.
Patrick,
I would suggest you to use PoSH SDK to connect to Citrix Cloud and retrieve details from there.
You will have more details on your configuration, hosting, machine catalog and delivery group.
Thanks
Arnaud
-
3 hours ago, Patrick Loftheim said:
Hi Arnaud
I have only 1 host connection now.
If i create the object manually in AD and then use existing computer account i get further but then i run in to another issue, the citrix session gets stuck on connecting..
things looks good from verification as far as i can see. (tried both the machine catalog and delivery group)
Patrick,
If you can create computer account locally and then use it with MCS, I would suggest you to review your connection settings (I mean the user account used to create AD computer).
When you said the Citrix session get stuck on connecting, it's after publishing a Desktop on the Delivery Group?
Did you ever create a machine catalog with same image, publish and access desktop/apps from this image?
Thanks
Arnaud
-
Hi Matt,
you have LDAP server on which you will need to uncheck Authentication
Arnaud
-
4 hours ago, Patrick Loftheim said:
Hi after a rename / restructure of Azure resource groups, we can no longer create machine catalogs.
First we had issues with an old network name, to fix this we had to re-add the host connection, now we are at least getting further, but stuck on this error(see attachment)
The account used is a local AD domain admin account which we have not touched or done any changes to.
Any suggestions?
Exception:
DesktopStudio_ErrorId : UnknownError
ErrorCategory : NotSpecified
DesktopStudio_PowerShellHistory : Create Machine Catalog '#####'
3/11/2022 7:51:36 AMError Source : CitrixOrchestration
Hi Patrick,
Do you still have 2 hosting connection defined?
Did you test resource to validate everything looks good?
Did you try to create computer account in AD using same account and then select use existing computer account?
Thanks
Arnaud
Windows Login Prompt when using Azure AD SAML Integration
in NetScaler Gateway
Posted
Hello,
Does your FAS GPO apply to FAS and Storefront servers as well as VDAs?
Did you run the PoSh command on storefront server for FAS claims?
Thanks
Arnaud