[Create new store by duplicating settings from existing store]

We have wanted this for quite some time.  Unfortunately, you will have to manually duplicate your settings.

[AV on VDA]

It depends on the AV agent.  Most agents execute in each user space to monitor that particular user's session.

If you are using Windows Defender you can offload the definitions to make it lighter per user.  https://www.jeffriechers.com/wiki/vdi-defender-offloading/

[Temporary access for users?]

Do you have any type of IAM in place for users to request access?  If so you could publish that interface as an application, users requests control, then when they refresh storefront they see the new app.  

[Citrix Workspace App Azure AD SSO On-Prem Deployment]

Also Citrix is working to get SSO setup with Windows Hello, so check out the new LTSR that just hit yesterday to see if there are more features there.  

[Is there any REST API integration available from Citrix monitor or Director with third party monitoring tool like Splunk?]

About Citrix Monitor Service API | Citrix Monitor API Reference latest

[Is there any REST API integration available from Citrix monitor or Director with third party monitoring tool like Splunk?]

You can use oData to pull data from director.  So if your monitoring tool can query with that then that would work.

Also if you have CPL licensing you can use uberagent to ingress data into Splunk from your farm specifically for Citrix Data.

[Not possibe tp Add Machine to Catalog after upgrade to 2311]

Yes, if the machines are non-persistent just make a new catalog, swing that into your delivery group.  Then put the old machines in maintenance mode and once they are drained, remove the machines from the delivery group, shut them down, and then delete the machine catalog.  

I just did this yesterday for a customer that had moved machines to new storage and then could no longer update to newer images.

If you are using PVS then you can use the Citrix Virtual Desktop creation tool on the farm.  

[Citrix Workspace App Azure AD SSO On-Prem Deployment]

If using NetScaler Gateway you can set that to use the same Azure AD connections and it may pass through if it is bringing the token from the initial login.  Also check the Enhanced Authentication in updated CVAD and Workspace App.  Features in Technical Preview | Citrix Workspace app for Windows

[Citrix Workspace App Azure AD SSO On-Prem Deployment]

Are you hitting NetScaler Gateway?  Or are you hitting Storefrront directly.

[Cannot open applications after use Cloudflare with dns for blocking connections from other country.]

If you are using an on-premise Citrix Gateway you can block it with responder policies.

https://www.jeffriechers.com/wiki/block-non-us-and-canada-sites-from-vservers/

This should also work with Advanced Auth on Gateway Services.

For regular gateway service I wonder if Citrix Cloud support could put that restriction in place for you.

[cve 2023-48795 in citrix netscaler]

Have you updated to the latest firmware, and done any hardening of the SSL ciphers on the unit?  

Also isolation of SSH access to dedicated management networks would mitigate this attack as well by restricting that access.

[Is it true that Citrix stops the pooled capacity licensing program?]

They do have a new flex licensing model that acts a lot like the pooled licensing.  They are currently pretty backed up on quote creation, but try and talk to your Citrix rep about what options you have going forward.  If you have a large CVAD deployment along with the Netscalers there is the possiblity of going to CPL, thus getting you near unlimited licensing for NetScalers.

[Content Switch responses with 404 instead of 503 if LB vServer is down]

503 is if the web server is responding, but services within that server are not working.

404 is if the web server is not responding at all, or if the page requested is not there.

["Something Went Wrong [1001]" error when launching M365 published apps on Win2019 CVAD 2203 VDA's]

Do you have these machines using hybrid azure join?  If they retrieve a PRT correctly it will help with the authentication.

However, if you aren't doing hybrid join you would need FSLogix to use legacy token preservation.  So make sure you have your admx for fslogix updated to the latest to give you that legacy token option.

[Desktop deleted Item do not sync on citrix profile user store]

Do you have Recycle Bin disabled on the system?  That should change all deletes to permanent deletes.

[Change functional level to older VDA version?]

Yes, you can do this.  I have used powershell to downgrade this in the past.

 

https://support.citrix.com/article/CTX239687/vda-registration-fails-when-a-vda-versions-functional-level-is-lower-than-its-machine-catalogs-minimum-functional-level

[HDX Network Monitoring]

I think Extrahop can give you more data, since you would need to gather info from all the datacenter side devices.

[Citrix Licensing on azure question]

It depends on your licensing level.  Have you updated to the new licensing models that allow on-prem access to Azure resources?

[Application Layer - WITHOUT Platform Layer ?]

Platform layers are primarily for different hardware/hypervisors.  There are only certain items in the Platform layer, but if you are deploying everything to the same hypervisor just create a single platform layer and use that for all your building.

Do you have any software that requires going into the platform layer?  

[Citrix Optimizer removed Windows Store - how to Recover/Install Windows Store and MicrosoftWindows.Client.CBS...]

Did you do the backup inside optimizer before you ran it?  You can use that to attempt a rollback, but in all honesty, I usually have had to rebuild.

[Adding Registry Entry to HKEY_CURRENT_USER by 3rd party application not allowed]

That directory is locked out by design with Windows.  See this article for info.

https://support.officetimeline.com/hc/en-us/articles/204957688-Cannot-write-to-registry-key-HKCU-Software-Classes-CLSID

 

[Error: "Cannot complete your request" when login to the Netscaler with SAML]

When you have the NetScaler set to use SAML, the external federated provider does all the MFA and then returns with the data to the Storefront URL.  

[Error: "Cannot complete your request" when login to the Netscaler with SAML]

Make sure you have loopback using http enabled.  As you are using the loopback there that IP won't match your https cert.

[Error: "Cannot complete your request" when login to the Netscaler with SAML]

Look under the Applications and services Logs under Citrix Delivery Service.  This usually is because you don't have delegation to NetScaler setup, or XML service not set to trust.

[Director : Get a list of all Applications name running and per user]

Custom reports is going to give you the best data.  Otherwise, you might be able to do an odata request from Excel.