-
Posts
776 -
Joined
-
Last visited
-
Days Won
39
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by Jeff Riechers
-
-
Probably network interruption between you and your system. We don't support your company, this is a community for the software as a whole. Call your helpdesk.
-
Where are you setting the Citrix policies? From studio, or GPO? Moving them to GPO might provide faster enumeration with the disabled FastReconnect.
-
Search the forums for posts about Ghost Sessions. There were quite a few fixes for 2019 to help address these.
- 1
-
Narrow down as to what they mean by slow user sessions.
Are you talking screen redraws? File copies? Mouse movements?
Are the users on-site or remote?
Do they go through a netscaler or VPN?
-
Caching does make the profiles balloon up. But there are ways to keep them as lean as possible.
1. Exclude temp and cache from roaming with the profile. (Edge, Chrome, and Teams are a big waste of space.)
2. Use Files on Demand to only roam down from OneDrive items that are being used.
3. Dehydrate your OneDrive so that if things fall out of time frame they get sent back to cloud only.
4. Compact profiles so that empty space is returned to the system.
I wrote up a huge article on this that works really well. The majority of my profiles are under 1 GB, and only a few people that do a lot of Office work have the profiles over 5 GB.
https://www.jeffriechers.com/wiki/keeping-fslogix-profiles-small/
-
On your image before you seal it for deployment, run "C:\Program Files (x86)\Citrix\Workspace Environment Management Agent\AgentCacheUtility.exe" -refreshcache This will ensure your local policies are cached. See if that gets it to kick off quicker.
-
Those are local domain based settings, not Azure AD credentials.
So when people login to workspace for web, does it prompt for their Azure Ad creds, and then does SSO into the session? Or does it prompt again for LDAP credentials.
-
For persistent machines that is used to add new machines to the domain. Existing machines shouldn't utilize the machine account password changes.
But even if it did, it just updates the AD password, something Windows does anyways in rotations.
- 1
-
1. Nope, but there is no harm installing Studio on multiple machines. It's just an MMC snap-in.
2. Open mmc and manually load the Citrix Studio snap-in, it will ask you which DDC you want to connect to, just specify the new machine.
-
Do you get an error message?
-
So, I updated my Intel based Macbook Air to Sonoma, setup my local printer with Air print and it successfully connected and printed from my Citrix Session. It auto connected with the Citrix PDF Printer Driver.
I have an M2 based Mac coming for me to test it with this.
Do you have the Citrix PDF Universal Printer driver installed on your XenApp image?
-
The sessions are a webshell, so you would only see it as something running in memory, and if it is there you are compromised. Other sessions like LB, Gateway, etc would just migrate around the cluster. So I would do a rolling reboot and scan the device directly.
-
Administrative access to the Netscaler is only to the NSIP or a SNIP configured with management access.
NetScaler does have AAA for both authentication and Gateway access. These do not use the nsroot account as an authentication point.
There have been security flaws with NetScaler code released in June and October. So if you are on an unpatched version you are potentially compromised.
-
From the GUI
Under Settings-->Administration--> Network Configurations --> IP Address you can adjust the IP there.
From the CLI
login with nsrecover for the username nsroot for the password. Then execute ./networkconfig to get the cli setup for setting the base ip.
NetScalers also can be offline from the license server for up to 30 days and still work. So if DR instances are going to be shorter than that I wouldn't worry too much about DR of it.
- 1
-
Did the UPM profile exist before the container was added? I have had something similar happen in FSLogix when directories are excluded from the profile. The data still lives in the folder structure, but it is not referenced as the other location now holds that data.
Have you tried connecting with an empty profile to see if the problem still exists?
-
-
Can you post the content of the ICA file?
Could be something in the default.ica of storefront that the new client doesn't like.
-
Make sure to deploy it in this method.
https://www.stephenwagner.com/2023/10/07/deploy-install-new-teams-vdi/
As of right now only Published Desktop - Desktop OSes are supported for Teams acceleration.
-
That data should be available in director.
-
If you aren't using FAS then the SSO token would come from your AD hybrid communication, so no worries about doing any of the Certificate setup with Azure AD.
So getting the PVS target device set to do the workplace join on startup, and you have the workplace join also set to run on user logon, then it should connect everything.
Test from a desktop, and see if a dsregcmd /status shows Azure AD connectivity.
If you are using published apps, make sure to have the shellbridge settings set as well, so that the authentication links up correctly with the azure AD.
The only items you need to set on the VDA are
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Citrix Virtual Desktop Agent Name: Shellbridge Type: REG_DWORD Value: 1
Even though that article talks about hidden password fields, I also have had to enable shellbridge for proper Edge sign-ins as well.
- 1
-
To do it with PVS, you manually modify the Workplace Join scheduled task to run at startup and at login. Then make sure your Azure AD tenant information is stored in GPO.
If you are using FAS for sign-in then you also need to setup Azure PRT.
https://www.jeffriechers.com/wiki/azuread-prt-with-fas-certificates/
-
If they are not keeping a trust between the on-premise AD domains, then you would deploy a new FAS instance to the new split out domain.
- 1
-
What version number of nvidia driver were you running? I would check with compatibility with that with the new 2309 clients rendering engine.
-
Probably going to be a while until Citrix has some form of universal printer that can map to the new sonoma driver.
Direct network connection, or print to pdf is going to be your best option until they have some of universal matchup.
WEM excessive logging
in WEM (Workspace Environment Management)
Posted
Check the agent options settings on your configuration set. It looks like it is seeing GPO and Full Armor policy updates, and the Refresh when Environmental Settings Change setting might be causing additional logging messages.