[Couple of issues in CVAD 2203]

Hi,

 

No solution yet.

[Scope in Xendesktop got corrupted - Machine Catalogs showing Warning message]

Hi All,

 

We could see the below Warning message on Machine Catalog for the MCS created VDI machines. 

The Machine Catalog could not be loaded due to the following reason "There is a mismatch of Scope information on the machine creation related objects of the Machine Catalog".

When we select Machine Catalog, we could see only "Delete / Test Machine Catalog", no other options available.

This issue noticed with VDI alone, Servers deployed with MCS works fine.

No event logs noticed, Test machine catalog works fine. We have verified UID of Machine Catalog too.

Administrators has FULL access on the XD Site.

 

When we create new Scope and link existing Administrators, all started working fine. 

 

Is any one noticed this issue. 

 

[VDA authentication fails - login as different user - oAuth authentication]

Hi All,

 

We have configured oAuth using Authentication profile for Netscaler Gateway. Below are the queries which we have, can you please suggest.

 

1. User logged in to Gateway successfully and able to launch application from domain joined machine. If other user logged into the Gateway URL from the same device, user authentication, app enumeration is fine but VDA launch failed.

2. When user logoff from the Gateway page, it is redirecting to url/vpn/logout.html but when click on Logon button, it is not asking for authentication and directly populate application. this behavior is same even in private mode of browser.

3. is it possible to provide SF login page post authenticating via oAuth in Gateway. like 1st page oAuth and populate SF page for LDAP authentication.

 

 

NS firmware : 13.1.49.15

SF : 2203 LTSR CU3.

Workspace : 2203, 1912, 2305

 

All users, Servers and client devices are in same domain. 

 

Can you please guide if this type environment supported by oAuth / SAML ?

 

 

[Published Application with in Delivery Groups Powershell Command for XenApp7:15]

On 8/14/2021 at 1:28 AM, Spencer Weise1709157262 said:

Here's how I tackled this, it exports to html and csv and converts dg uids to names:

 

Add-PSSnapin citrix*
$a = "<style>"
$a = $a + "BODY{background-color: #f2944d;}"
$a = $a + "TABLE{width: 100%;border-width: 1px;border-style: solid;border-color: #f58025;border-collapse: collapse;}"
$a = $a + "TH{font-family: Arial;font-size: .9em;text-align: left;border-width: 1px;padding-top: 4px;padding-bottom: 3px;padding-left: 5px;border-style: solid;border-color: #f58025;background-color: White;color: Black;}"
$a = $a + "TD{font-family: Arial;font-size: .7em;border-width: 1px;padding: 2px 5px 2px 5px;border-style: solid;border-color: #f58025;background-color: #f4ddb6}"
$a = $a + "</style>"
$dgs = Get-BrokerDesktopGroup | select Name,Uid
$apps = Get-BrokerApplication -MaxRecordCount 500 | select PublishedName,Description,Enabled,@{Name='Assigned Users';Expression={$_.AssociatedUserNames -join '; '}},@{Name='Delivery Groups';Expression={@(foreach($num in $_.AssociatedDesktopGroupUids){($dgs | where Uid -eq $num).Name}) -join '; '}},commandlineexecutable,commandlinearguments | Sort PublishedName
$apps | ConvertTo-Html -head $a | Out-File .\apps.htm
$apps | Export-CSV -Path '.\apps.csv' -NoTypeInformation -Encoding UTF8

 

Hi Spencer,

 

thank you for this script, can you help to add one more option users from delivery group too please.

[Couple of issues in CVAD 2203]

Team,

 

We have built new CVAD 7 2203 LTSR on Windows 2019 servers.

 

1. Storefront name under launched via on Studio console is not visible

                               Users are able to access the published application, when we checked "Launched via" on Studio console for the user session, unable to view Storefront server name.

But we are able to see Storefront IP address for "Launched via IP". 

 

2. Storefront login page has "Home" tab, earlier versions shows as "Favorites". Is there any option to change "Home" to "Favorites".

 

Please suggest me on both the queries.

 

 

[Application enumeration not happening from Cross Forest]

Hi All,

 

Environment Details :

SF: 3.15 

DDC : 7.15

ZDC : Xenapp 6.5

Forest : Users are in 1st Forest and Xenapp Servers are in 2nd Forest and Two way trust enabled.

 

Issue:

 

Domain Local / Global groups are created in 1st Forest and added to Published application in both Xenapp 6.5 and 7.15. When user login to SF URL, applications from 7.x are visible irrespective of type of AD groups.

Xenapp 6.5 applications which are pointing to Domain Local groups are not enumerating but applications linked to Global group are visible.  

If i run Search by users on Appcenter console i can see applications from both Domain Local and Global groups. 

 

Can you please suggest here. 

 

[Does fido2 supported with any CVAD 1912 LTSR versions]

Hi All,

 

We have CVAD 1912 LTSR CU2 on-premises environment. Customer came up with request to use FIDO2 for authentication.

As per below article "FIDO2 support in the virtual session was recently released in Citrix Virtual Apps and Desktops 7 2009 and the corresponding Citrix Workspace App for Windows 2009.5.

This version was released on Sep 2020. 

 

https://www.citrix.com/blogs/2020/10/01/introducing-end-to-end-password-less-authentication-using-fido2/

 

Would like to know if FIDO2 supported with CVAD 1912 LTSR CU2 (released on Nov 2020). If this version of LTSR is not supported, please let us know CU3 or CU4 supports this functionality. 

 

[fetch list of users hitting to load balancer]

Hi Brooks,

 

thank you for the reply.

I have raised a vendor ticket and they collected the logs by enabling Debug.

But received a response that no logs found which is reaching the VIP.

I'm surprised to hear it. 

cant we find logs or user details who hit the LB VIP which is configured on NS. 

[fetch list of users hitting to load balancer]

Hi,

Client IP address will work. 

Is there any way to see the flow when user hit Load balancer. 

[fetch list of users hitting to load balancer]

Hi All,

 

We have a VPX used as load balancer alone. I would like to know users details who hits this load balancer VIP.

In GUI, i checked for Statistics on the Virtual Server, but didnt get thre required information. 

Can you please guide if there is any command or option to view the users details.

[Manchine_temporaryStorage.vmdk file growth unexpectedly]

Hi All,

 

Need suggestion.

We have noticed on VMware end, the Storage Usage for each VM is getting increased regularly. On analyzing VMName_temporaryStorage.vmdk file size getting increased on every reboot. 

MCSWCDisk is getting freedup on reboot as expected.

  

DDC : 1912

VDA : 1912 CU2

OS : Windows 2012

RAM : 16GB

CPU : 2

HDD : 280GB (thin)

Provisioned Method : MCS

MCSWCDisk : 280 GB (thin)

 

We have rebuild a machine to test but same behavior noticed. 

Could you please guide me if any one noticed this behavior. 

 

Also, once the Storage Usage for VM shows one value it cant reduce. is it correct ? example: Storage usage shows as 100GB on VM console for a VM, this value cannot reduced though the usage on the VM is less.   

[The POST form doesn’t contain all necessary fields]

Hi Carl,

 

thank you for coming late.

Just checked with F5 team and yes, we are using F5 iApp but still issue exists.

[The POST form doesn’t contain all necessary fields]

Hi All,

 

We have internet facing URL via F5 with 2 factor authentication, post successful authentication the URL redirects to Store URL with the error message "The POST form doesn’t contain all necessary fields". If we click on OK, prompt for credentials again on SF page and works fine on application enumeration/accessibility.

 

Can you please guide me hoe to avoid "The POST form doesn’t contain all necessary fields" error and goes directly to SF. 

[dual ip for MCS clone vm's]

Hi All,

 

Master/Golden image is running on Windows 2012 / Windows 2016 servers, VDA version 7.15 LTSR CU5 and Static IP assigned to it. We have deployed clone machines using this Master image. Servers were working fine from past 2years and DHCP has 30% free IP's available in the same VLAN. Suddenly from past 1 month Clone servers started getting dual IP's - 1 IP same as Master (Master and Clones get same IP address) and other one is APIPA IP on updating Machine Catalogs, both clone and Master has different MAC addresses. I logged into clone machine using local admin and noticed the NIC settings are same as Master (Static IP), if i change the NIC setting to Dynamic, clone server started working normally until it is rebooted. The only changes made on the Master server was installing MS security Patches. It is not related to OS specific as the same issue noticed on both Windows 2012 and 2016, not related to DHCP as issue noticed in multiple DHCP VLAN's. 

 

1. Is there any article / recommendation like Master server should have DHCP alone enabled IP.

2. Is there any Microsoft patch which links to this issue.

3. We tried to remove the NIC card from clone machine and add new NIC from same DHCP but the same issue.

4. Created new Master image (with Static IP) and deployed new Clone servers, same issue. 

 

Anyone please guide me on this please.

[How to Get all (enumerated) Published applications or Desktops assigned to a user in Citrix 7.18 CVAD using PowerShell scripts?]

Hi All,

 

Is there any way to fetch for Published Server desktop details in XA 7.15 or earlier. 

[OTP received for wrong ldap password]

Hi,

 

thank you for the reply. If we use nFactor, we don't require external Radius server as Netscaler has the functionality to generate OTP correct. 

But the management is interested to use other vendors as Radius server. 

[OTP received for wrong ldap password]

Hi All,

 

We have Netscaler ADC configured with LDAP and Radius for user authentication. Noticed a strange behavior as if user enter wrong LDAP credentials, still OTP triggers from Radius.  Is any one come across this scenario. 

[Can we change Temporary storage for MCS machine catalog]

Hi All,

 

We have an existing MCS Machine Catalog with pooled Server OS deployment. In hosting connection OS storage is pointing to SAN and Temporary Storage is pointing to Local ESX host disk.  

1. As far as i understood, 16MB HDD of clone machine will be deployed in ESX Local storage.. is it correct.

2. If the ESX Local storage is not available, what is the impact to Clone servers. 

3. Is it possible to change this Temporary Storage location to SAN (where the OS disk located) with out recreating the Machine Catalog. 

4. Temporary storage which is pointing to ESX Local HDD shows as Unavailable, and got a confirmation from VMware team there is no files available in local ESX storage. In this case, if the 16MB disk is pointing to same SAN location where OS disk located, is it OK to point Temporary Storage location under hosting connection to point to SAN. Will there be any impact for this action and do i need to redeploy Machine Catalog.

 

Please help. 

[otp for password expiry via Netscaler]

Hi All,

 

There is an requirement as below and request your guidance if this can be achieved. 

 

We have a Netscaler 13.0.67 which has LDAP and Azure MFA (for 2nd factor Radius) for external connecting users. On password expiry, users can change the password without any issues (at this step OTP will not generate). 

But, i would like to know if there is any way to generate OTP to change the password too. If yes, could you please provide the steps to configure the same. 

 

Thank you in advance. 

[login to Netscaler admin console with domain account]

Thank you both, we'll try and let you now the update. :) 

[login to Netscaler admin console with domain account]

We have Netscaler VPX 13.0.67 with multi domain infra servers in the backend. We have same admin accounts (Admin1, Admin2 etc) in each domain (domain 1, domain2) which are in different forest. Currently we are able to login with Admin accounts from doamin1. We need help on below scenarios.

 

1. How to make admins to login to Netscaler console from Domain2.

2. If the admins login to Netscaler console, how can we check which domain account authenticated. 

 

[Same Authentication policies displays in both Primary and Secondary Authentication of Gateway]

Thank you, we'll update the firmware.

[Same Authentication policies displays in both Primary and Secondary Authentication of Gateway]

Hi All,

 

We have upgraded VPX firmware to 13.0.64.35 version and post upgrade the list of LDAP and RADIUS policies added in Primary Authentication automatically added to Secondary Authentication. 

To make it clear, if we add one LDAP policy in Primary Authentication, it'll automatically visible in Secondary Authentication and we cannot unbind it from Secondary Authentication. 

Though there is no end user impact noticed.

Could you please help me to understand is it common behavior in new version.