[Citrix Optimizer removed Windows Store - how to Recover/Install Windows Store and MicrosoftWindows.Client.CBS...]

On 4/11/2024 at 6:09 PM, Robert Madrian said:

Thanks

all sorted now?

[Citrix Optimizer removed Windows Store - how to Recover/Install Windows Store and MicrosoftWindows.Client.CBS...]

Add-AppxPackage 'C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\AppxManifest.xml' -Register -DisableDevelopmentMode

Make sure your version number is accurate in the above

[Very slow logon time on Citrix Virtual Apps 2203 LTSR CU2-CU4]

There are so many avenues that have been explored in this space.

 

Start here with Rankins article and work from there https://james-rankin.com/features/the-ultimate-guide-to-windows-logon-time-optimizations-part-1/

[AutoStart Desktop VDI on computer startup]

You might also like to look at transformer via WEM for some more advanced features and controls  https://docs.citrix.com/en-us/workspace-environment-management/current-release/user-interface-description/transformer-settings.html

[How to use LOCAL Windows-account with VDA Session]

You can't do that - you must logon to the VDA using the same user that brokered the session. Security 101 in the Citrix world.

You could look at anonymous access configurations which is a StoreFront feature

[Session Manager - Group Policy]

That would imply (I would think) that you have an underlying issue if that evaluation cannot apply - In all my years of doing Citrix work, I have never touched that setting, and would be dubious on doing so given that typically policy is there to lockdown/secure/control and environment, and if it cannot be guaranteed/evaluated to say "all is ok" then I wouldn't want people in those sessions

[Desktop launch timeout]

https://support.citrix.com/article/CTX140522/how-to-support-virtual-machines-with-long-startup-times-in-xendesktop-environment Are you on Prem or Cloud? If Cloud, I am not 100% sure if this works via Cloud Connectors

[Do I really need to re-bind the Delivery Controller XML port to a new cert every time it expires?]

You don't need to change it - you should as a best practice, but it won't stop working if you let it lapse - we see this with cloud connectors all the time, new version or update, the hash changes and the bindings are skewed - became obvious when I was working on this

https://github.com/JamesKindon/Citrix/blob/master/EnableSSL.ps1

[Set Defauilt File Association Group Policy is not working]

SetUserFTA can be used but you will need to pay

WEM can also do the job

But to your point, this should be working fine with the tools Microsoft give you - is it just one application failing to apply or are no extensions being honored?

It might be worth applying to the local machine policy in the first instance to see if it's a GPO failure or an XML failure etc

[Citrix MSIX App Attach with WEM]

Ah, there is a gap in the documentation here.

 

The Stage and De-Stage scripts need to be executed as machine-based scripted tasks at startup and shutdown respectively (web console). 

 

Then the register and de-register tasks can be executed in the user context

 

The (awesome) lads in the WEM team are going to get that documentation updated ASAP

[Citrix MSIX App Attach with WEM]

Have you seen this? https://docs.citrix.com/en-us/workspace-environment-management/service/how-to/configure-msix-app-attach.html

 

Might want to check your packages also to make sure they aren't trying to register services etc.

[How to Configure Cloud Connector for Citrix HDX Plus for Windows 365 with Hybrid Azure AD Join Cloud PC]

1. You need to register the CC to a Resource Location but no need to add anything in the DaaS service for hosting etc - You can use the appliances for this use case.

2. You can install the current release VDA in your base image, or you can upgrade the provisioned VDA after the install if Citrix is deploying it.

3. You can prep the VM per Win 365 requirements, there is no form of traditional MCS style provisioning at play, so the standard MS generalisation process should be followed.

[Is side by side application and desktop launch is possible on Citrix Single session Server VDI?]

Are you talking about launching word within the desktop session as a published app, or launching two completely unique sessions?

 

Ideally you launch word from within the desktop session, and use vPrefer configurations to keep it local

[Azure Tags in Citrix DAAS]

Yes. You need to define a Machine Profile on your Prov Scheme. If you have Tags on the Gold Image VM or ARM Spec, then they will be mirrored when you provision machines

[Citrix Studio: PowerShell snap-in 'Citrix.DelegatedAdmin.Admin.V1' is not installed]

Try the "\x64\Citrix Desktop Delivery Controller\DelegatedAdmin_PowerShellSnapIn_x64.msi" from the ISO

[FAS configuration in multi-forest PKI set up in separate forest than users]

The Cloud Connector appliance doesn't help in your scenario - you already have achieved what it would achieve via Cloud Connectors in each forest

 

Your easiest path is to put the PKI into the same domain as they users and VDA's, it's likely a far smaller ask to do that, than change the Trust Levels

 

It's really a PKI architecture challenge at the end of the day. I have done cross forest deployments with PKI and FAS, and as long as the trusts and Domain Controller certs etc are all trusted across forests, it was fine - but quite a few moving parts on the PKI front vs colocation. Might be a nice time for a dedicated FAS only CA local to the users/VDA

[Open ports to and from VDA (Source and Destination)]

The techzone link above has everything and more that you are asking for here - it's pretty clearly laid out already?

[RDS CALs License type for Citrix Hosted Shared Desktop Deployment]

You should engage with a Microsoft L.icensing partner to discuss the appropriate licensing model. There are considerations that may be unique to your environment - best to get the full picture based on your organization

[Citrix WEM logs for Administration]

https://docs.citrix.com/en-us/workspace-environment-management/service/using-environment-management/administration#administrative

[Can FSLogix use RW Disk inside of Cloud Cache Containers using Azure Blob Storage?]

I haven't seen blobs used in Azure for FSLogix in years - https://learn.microsoft.com/en-us/fslogix/concepts-container-storage-options#azure-page-blob-storage-accounts

[WEM and importing ADMX templates]

Good stuff, I know of a few customers that keep BIS-F locally to the image so you definitely aren't doing anything too strange :)

[WEM and importing ADMX templates]

You don't need to do anything with ADMX on the endpoint - they ADMX is the frontend for Admins to configure and play with, ultimately, policy settings are written as reg keys on end the endpoint.

 

I would not put your BIS-F config in via WEM, BIS-F will help with resetting the WEM cache, which in turn could remove your configurations - I am not sure how well that would pan out.

 

You could use BIS-F locally ADMX on the base image (I know you want to avoid that), or you could use BIS-F shared configuration instead.

[HDX direct, Direct Workload, and Rendezvous explained and differences]

? Hopefully it's on the money ? 

[HDX direct, Direct Workload, and Rendezvous explained and differences]

A standard Cloud connection flow does this assuming you are using the Gateway Service:

 

Citrix Workspace handles Authentication and Resource Enumeration -> The user launches a desktop -> The connection is tunneled via the Gateway Service -> through the Cloud Connector -> To the VDA

 

If you turn on Rendezvous Protocol, the following occurs:

 

Citrix Workspace handles Authentication and Resource Enumeration -> The user launches a desktop -> The connection is tunneled via the Gateway Service directly to the VDA. The Cloud Connector is no longer in the connection path. The VDA reaches out to the Gateway Service on 443 to make this happen

 

Direct Workload Connection changes things again:

 

Citrix Workspace handles Authentication and Resource Enumeration -> The user launches a desktop -> IF the network where the user lives has been defined as a network location in Citrix Cloud AND that location has direct line of sight to the VDA -> The Gateway Service is bypassed entirely, and the user connects straight to the VDA

 

This makes it very similar to a traditional storefront flow on-prem. You now have a single connection from endpoint to VDA

 

HDX Direct is the future of Direct Workload Connection, it will effectively do the same thing, but you will not need to define network locations for the behavior to occur. It uses the Gateway Service to establish a connection, and then learns if there is a direct connection to the VDA possible. There are certs and other info passed around along with some use of STUN etc to make this secure a bit more robust

 

[Citrix Autoscale for Onprem LTSR]

Citrix direction is that the product sets should be effectively on par - it's just the Cloud will likely get new features first due to the release pipelines etc

 

If you want to compare being on prem to Citrix Cloud from a feature standpoint, you probably need to shift the thinking to more of a Current Release strategy. The next LTSR is going to have a load more stuff, but like any LTSR, it will be static capability whilst the CR and Cloud streams run ahead with new stuff so you will end up watching features arrive that you won't have in LTSR - Autoscale for example is something that has features added to it fairly regularly