-
Posts
776 -
Joined
-
Last visited
-
Days Won
39
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by Jeff Riechers
-
-
It depends on the AV agent. Most agents execute in each user space to monitor that particular user's session.
If you are using Windows Defender you can offload the definitions to make it lighter per user. https://www.jeffriechers.com/wiki/vdi-defender-offloading/
-
Do you have any type of IAM in place for users to request access? If so you could publish that interface as an application, users requests control, then when they refresh storefront they see the new app.
-
Also Citrix is working to get SSO setup with Windows Hello, so check out the new LTSR that just hit yesterday to see if there are more features there.
-
-
You can use oData to pull data from director. So if your monitoring tool can query with that then that would work.
Also if you have CPL licensing you can use uberagent to ingress data into Splunk from your farm specifically for Citrix Data.
-
Yes, if the machines are non-persistent just make a new catalog, swing that into your delivery group. Then put the old machines in maintenance mode and once they are drained, remove the machines from the delivery group, shut them down, and then delete the machine catalog.
I just did this yesterday for a customer that had moved machines to new storage and then could no longer update to newer images.
If you are using PVS then you can use the Citrix Virtual Desktop creation tool on the farm.
-
If using NetScaler Gateway you can set that to use the same Azure AD connections and it may pass through if it is bringing the token from the initial login. Also check the Enhanced Authentication in updated CVAD and Workspace App. Features in Technical Preview | Citrix Workspace app for Windows
-
Are you hitting NetScaler Gateway? Or are you hitting Storefrront directly.
-
If you are using an on-premise Citrix Gateway you can block it with responder policies.
https://www.jeffriechers.com/wiki/block-non-us-and-canada-sites-from-vservers/
This should also work with Advanced Auth on Gateway Services.
For regular gateway service I wonder if Citrix Cloud support could put that restriction in place for you.
-
Have you updated to the latest firmware, and done any hardening of the SSL ciphers on the unit?
Also isolation of SSH access to dedicated management networks would mitigate this attack as well by restricting that access.
-
They do have a new flex licensing model that acts a lot like the pooled licensing. They are currently pretty backed up on quote creation, but try and talk to your Citrix rep about what options you have going forward. If you have a large CVAD deployment along with the Netscalers there is the possiblity of going to CPL, thus getting you near unlimited licensing for NetScalers.
-
503 is if the web server is responding, but services within that server are not working.
404 is if the web server is not responding at all, or if the page requested is not there.
-
Do you have these machines using hybrid azure join? If they retrieve a PRT correctly it will help with the authentication.
However, if you aren't doing hybrid join you would need FSLogix to use legacy token preservation. So make sure you have your admx for fslogix updated to the latest to give you that legacy token option.
-
Do you have Recycle Bin disabled on the system? That should change all deletes to permanent deletes.
-
Yes, you can do this. I have used powershell to downgrade this in the past.
-
I think Extrahop can give you more data, since you would need to gather info from all the datacenter side devices.
-
It depends on your licensing level. Have you updated to the new licensing models that allow on-prem access to Azure resources?
-
Platform layers are primarily for different hardware/hypervisors. There are only certain items in the Platform layer, but if you are deploying everything to the same hypervisor just create a single platform layer and use that for all your building.
Do you have any software that requires going into the platform layer?
-
Did you do the backup inside optimizer before you ran it? You can use that to attempt a rollback, but in all honesty, I usually have had to rebuild.
-
That directory is locked out by design with Windows. See this article for info.
-
When you have the NetScaler set to use SAML, the external federated provider does all the MFA and then returns with the data to the Storefront URL.
-
Make sure you have loopback using http enabled. As you are using the loopback there that IP won't match your https cert.
-
Look under the Applications and services Logs under Citrix Delivery Service. This usually is because you don't have delegation to NetScaler setup, or XML service not set to trust.
-
Custom reports is going to give you the best data. Otherwise, you might be able to do an odata request from Excel.
Create new store by duplicating settings from existing store
in StoreFront
Posted
We have wanted this for quite some time. Unfortunately, you will have to manually duplicate your settings.