[USB redirection not working in Chrome OS]

In general using Webcam redirection is preferred instead of USB.

 

To redirect webcam over USB we need to whitelist both on ChromeOS and also set ALLOW rule for webcam classes on the VDA.

However even if you get it to work, the performance won't be great as video content would be sent as raw USB packets and would use lot of bandwidth.

 

Unfortunately with webcam redirection there is a limitation with 64-bit apps. https://support.citrix.com/article/CTX223199 
This is fixed in 7.17 and above VDA as mentioned in the article.

 

One  more caveat: Webcam redirection uses two codecs - Theora and H.264 (This is the reason it gives better experience than USB). Which one is chosen depends on the client capability. To get 64-bit working you would need client to support H.264 even if you have latest VDA.

On Chrome OS, Workspace app will try to use H.264 if available on a device else it will fallback to theora. This can be confirmed in logs.

 

Finally, if you are able to get webcam working, the default frameRate is just 4. You can change this using web.config.

Use '{"nacl":{"video":{"config":{"frameRate":16}}}}'
(When copy pasting paste into notepad and see if quotes got copied correctly. Use a number that looks acceptable)

 

[Citrix Receiver Single Sign-On and password synchronization after password changes]

After workspace app is installed with sso enabled, a logout or reboot is required so that user's credentials are stored during login. If the dialog box is appearing to enter credentials then sso is not working.

[Windows Hello for business / Hybrid AD – Azure ad joined Windows 10 client breaks SSO]

On 12/12/2018 at 0:53 PM, Martin Gråtrud said:

If I enable certificate-based Windows Hello for business for the user, SSO stops working and configuration checker complains about ssonsrv not running

For windows domain passthrough authentication SsonSvr.exe needs to capture domain credentials during windows login. In case of certificate based auth it cannot capture anything. It is also possible that Windows doesn't run network providers with this auth method so Ssonsvr.exe never got a chance to run during windows logon.

 

However once the login method is back to AD username/password in windows, it should have returned to original state. Does error looks same in SSONChecker once Windows hello auth is disabled?

[Issue with Port 8008 and Receiver HTML 5]

This document in case you have not already followed it should help:

 

https://docs.citrix.com/content/dam/docs/en-us/categories/advanced-concepts/downloads/netscaler-gateway-11-1-for-storefront-3-6-and-XD-7-9-externa-ica.pdf

 

To clarify my previous point, you would not need to set ws:// or wss://, URLs yourself. If Storefront and Netscaler Gateway are configured correctly to handle ICA connections externally, you would see the url changed automatically.

 

When using storefront internally, you would see connection being attempted directly to VDA.

When using Netscaler gateway (NSG), connection would be attempted to NSG which then proxies it to VDA.

[Issue with Port 8008 and Receiver HTML 5]

INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: websocket-url=ws://172.16.10.26:8008

 

When connecting externally via Netscaler gateway, it should not directly connect to VDA like above. Receiver (browser) won't be able to reach the VDA from external network typically as the IP would be internal only most likely.

 

Can you check if Storefront and NSG are configured correctly to handle ICA proxy connections.

 

You should see log something like this ideally:

INIT :|: CONNECTION :|: WEB SOCKET :|: INFO :|: websocket-url=wss://nsg.xyz.com:443 

(where nsg.xyz.com is your gateway FQDN)