Query to create a custom Smartcard FAS template

Request for instruction to modify FAS template or create a custom template with following configuration. Secure email Client authentication Smart card logon...

Citrix session disconnects unexpectedly which appears to be a CWA Crash

The users ICA session simply drops after a few seconds of turning grey. The cause seems to be a Workspace App crash, a dump file is created of the wfice32 process and the application crash is logged in event viewer. Error event: Faulting application name: WFICA32.EXE, version: 22.10.0.15, time...

Removal and re adding of MCS VM into Domain | Registration issue and Machine not Found error

Citrix VDA unregistered after removing/re adding into Domain. It errors out as below "The Delivery controller failed to complete an audit of the sessions running on the VDA" When we try to power mange VM's from studio we also receive Machine not found error...

How to capture and collect logs Citrix Secure Access VPN Plug-in on Windows.

Allow the capture of VPN Plug-In Citrix Secure Access debugging logs for 13.1 and higher builds...

How to Verify Load Balancing Cookie Insert Persistence on NetScaler

...

Unable to login to Citrix Cloud - Error: "incorrect username, password or token"

Unable to login to Citrix Cloud to access virtualized app. The error message "incorrect username, password or token" is displayed. The process of setting up MFA works perfectly, but once Authenticator App is paired and actual login attempted, it always fails...

MS KB5014754 - Audit events found for FAS

As Per the Microsoft KB linked below, we have found audit events on our domain controllers that indicate we will be impacted when this change is enforced. We need the remediation steps, so we can implement them before we're impacted...

How To: Check ADC's built-in ADM agent reachability to ADM Service (Cloud)

Check ADC's built-in ADM agent reachability to ADM Service Cloud...

CWA iOS - Center mouse wheel button clicks not working inside ICA sessions

When Citrix ICA sessions launched from iOS endpoints, the center mouse button clicks are not effective anymore It is only the center button clicks that are not effective inside Citrix sessions. It is still possible to scroll up & down using the center wheel inside a Citrix session...

FAQ | Azure client secrets and Citrix DaaS

General Queries on Azure client secrets and Citrix DaaS 1. If we were to modify the expiration date of application secret from DaaS console, then would it also update the new expiration date within the Azure portal? 2. The Citrix docs states that there would be an alert within the DaaS console...

Published apps and desktop shows error "The user name and password is incorrect"

The user name or password is incorrect at System.Security.Principal.WindowsIdentity.KerbS4ULogonString upn, SafeAccessTokenHandle& safeTokenHandle at System.Security.Principal.WindowsIdentity..ctorString sUserPrincipalName, String type at System.Security.Principal.WindowsIdentity..ctorString...

Microsoft Security Update Validation Report July 2023

Microsoft’s July 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing software...

Citrix Secure Access client for Windows Security Bulletin for CVE-2023-24491

A vulnerability has been discovered in the Citrix Secure Access client for Windows. The following supported versions are affected by the vulnerability: Versions before 23.5.1.3 The issue has the following identifier:...

Integration of FAS with Sectigo

...

Blank Windows Display when Open Citrix Workspace APP

When opening Citrix Workspace App, it displays blank. User cannot input store's URL or username&password to login. However, the ICA session can be launched through browser. It shows msedgewebview2.exe crashed because tsafedoc64.dll does not meet the Microsoft signing level requirement in Event...

Citrix Secure Access client for Ubuntu Security Bulletin for CVE-2023-24492

Vulnerabilities have been discovered in Citrix Secure Access client for Ubuntu previously Citrix Gateway VPN client for Ubuntu. The following supported versions are affected by the vulnerability: Versions before 23.5.2 The issue has the following identifier: CVE ID| Affected Products| Description...

Windows published desktop Signing out immediately after Logging on.

To reproduce error: 1. login to Store Front, and launch Desktop 2. New application window opens shows "Notice - Proprietary System" screen. Click OK. 3. Desktop launch begins: Starts to spin and login the user, "Please wait for Citrix Profile Management" 4. "Preparing Windows" and then goes to a...

PVS Configuration Wizard Crashes applying configuration

The PVS Configuration Wizard crashes and exits when applying configuration settings at the end of the wizard. This is visible in PVS Server application event logs, event IDs 1026 and 1000. Faulting application name ConfigWizard.exe...

ADC LB VIP sending Reset with code 9872

1. Application was being accessed through the LB vServer and it was not loading 2.nstrace taken on the ADC showedRST flag:0x014 sent by VIP to the client in response to almost every GET request sent by the client. 3. ADC was sending RST with window size 9872 which means Websocket upgrade request...

Both NetScaler HA nodes in secondary state

Both HA nodes in secondary state...

Explanation about 'nshttpd' internal services up on ports 80.

After a recent upgrade from 13.0 build 90.11 to 13.1 build 48.47, I noticed a new internal service was installed. "set service nshttpd-gui-x.x.x.x -80 -cip ENABLED" Is this a necessary service and what is it's purpose? If it's not needed, I'd like to disable since it's using port 80...

How to use the CLI to disable HTTP OPTIONS Method for virtual server

Some security scanning reports suggest to disable the OPTIONS HTTP Method on web server. The article provides the use of a rewrite policy to avoid processing the OPTIONS HTTP Method...

How to Vmotion ADM HA deployment

Vmotion in ADM HA...

ICA latency in Director frequently displays high (not 64000ms) when accessed via NetScaler Gateway

When user accessed Virtual Desktop via NetScaler, admin may find the "ICA latency" in Director frequently displays unreasonable high valuenot 64000ms, while "ICA RTT" value is in normal range. It's telling ICA RTT ICA latency. In fact, users have no high latency or bad interaction experience whil...

Reauthorize Error "Your FAS rules are not using the latest authorization certificate".

FAS console shows the message "Reauthorize Error "Your FAS rules are not using the latest authorization certificate" when you attempt to Reauthorize...

Driver Disk for Intel i40e 2.22.20 - For Citrix Hypervisor 8.2 LTSR

Who should install this driver disk? Note: This driver disk is superseded by a more recent build of i40e 2.22.20. The latest version is availabel at https://support.citrix.com/article/CTX677875/driver-disk-for-intel-i40e-222205-for-citrix-hypervisor-82-ltsr Customers running the Citrix Hypervisor...

Monitor Stays Black After Terminating a Remote session on Remote PC.

Black screen on Remote PC after disconnecting. Session appears to be hung or unresponsive...

Service Provider SAML Signing Certificate FAQ

Q: What is SAML signing? A: SAML signing certificates are X.509 certificates used to verify data sent between the Service Provider SP and SAML provider IdP. Your SAML provider IdP uses the Citrix Cloud SAML signing certificate to verify the signature sent by Citrix Cloud within its SAML...

How to Change NSIP of VPX Instance in SDX

Thisarticle explains how to modify the NSIP on a SDX VPX instance. Background User has already provisioned a VPX instance with NSIP on SDX and later decides to change the NSIP of the instance. To do this, the user had chosen “config ns” utility on instance and successfully modified and verified...

Cannot Add Applications/Desktops to Favorite when Accessing by ADC

After user login the store through Citrix Gateway, it is failed to add Applications/Desktops to favorite...

Rotate the Citrix Cloud SAML signing certificate used by ADFS relying party trust

On ADFS server -- Click on Event Viewer -- Applications -- ADFS -- Admin -- search for the error log at the time-stamp you replicated the login. If you see the following error in the ADFS event logs: Error: "Encountered error during federation passive request. Additional Data Protocol Name: Saml...

How to configure EPA domain check combined with Smartaccess feature

Configuring the EPA policy to identify the Client domainjoined info, distinguishing with/without the domain info, then enumerating different resources for user...

How to Change the Maximum Segment Size on a NetScaler Appliance

This article describes how to change the Maximum Segment Size MSS for all sourced packets from a NetScaler appliance. Requirements Command line access to the NetScaler appliance through the console or a Secure Shell SSH client General knowledge of the NetScaler Command Line Interface CLI and UNIX...

Unable open PVS console: The specified authorization group does not exist

Unable open PVS console:The specified authorization group does not exist...

CVAD 2203 CU2: Error: "Your OneDrive folder can't be created in the location you selected.”

On CVAD 2203 CU2, you followedhttps://docs.citrix.com/en-us/profile-management/current-release/configure/enable-the-onedrive-container.html to configure OneDrive Container with Citrix Profile Management but it does not work. The Policy was applied via Citrix Active Directory GPO...

How to check the number of NSPPEs running on Netscaler

This article describes how to check number of NSPPEs running on Netscaler...

Failed to paste the copied content from client to Linux VDA

Copy content from a client machine to a Linux desktop failed randomly, nothing will be pasted into the Linux desktop. Meanwhile, this issue is not observed in a Windows VDA accessed from the same client machine. Copy content from a client machine, e.g. text. Move the mouse to the Linux desktop an...

Error "Couldn't connect to server 'https://gwfqdn:non-443' when log on to non-443 port vpn vserver

You may get the following error message"Couldn't connect to server 'https://gwfqdn:non-443'; while attempting to log on to non-443 port NetScaler Gateway virtual server using the latest Windows Secure Access Client. :...

CEM 23.6.0 - Apple Restriction Policy not getting deployed on iOS DEP Devices

There is a known issue with Apple Restriction Policy not getting deployed on iOS DEP Devices when using CEM 23.6.0...

Noticeable Delay of Adding User Store in CWA for Mac Residing within a Restricted Intranet

In an isolated intranet that can't connect to the Internet, CWA for Mac users may notice an obvious delay of around 30 seconds during certain operations e.g. adding a store, user authentication, and launching published resources...

How to Extend CA Validity Period and Renew FAS Certificates

This article is designed to describe how to extend CA Validity Period and renew FAS Certificates...

[NetScaler] Service State doesn't sync to Secondary node in HA setup

When you build NetScaler HA pair with VPX on SDX platform. You may observe the issue that Primary doesn't sync service UP/DOWN events to Secondary node. The issue can impact SDX platforms:SDX 8900, SDX 15000, SDX 15000-50G, SDX 26000, and SDX 26000-50S...

"Cannot Complete Your Request" via Oauth after Upgrading NetScaler from 12.1 to 13.0

After ADC is upgraded from 12.1 to 13.0, the user keeps getting "Cannot Complete Your Request" when attempting to access resources through ADC with Oauth authentication. As a comparison, there is no issue accessing StoreFront directly in the intranet without Oauth...

'ERROR: Minimum Cache Memory Not Configured' When Setting Global Cache Parameter

After upgrading to version 13.1 Build 42.47+from any previous version, you may notice a different behavior when configuring the global cache parameter. You are unable to set the cache global parameters unless the value of "-memLimit" is=N 4MB N is the number of NSPPEs. Attempting to set the cache...

VMs Boot Extremely Slowly on Specific Hosts

VMs boot extremely slowly on specific hosts, the booting process mainly stuck in the phrase when vm icon changes from yellow to blue...

Citrix FAS - Incorrect username and password

Incorrect username and password FAS After launching desktop when users tries to log on. No error on the certificates, no error in "Application" and "System" in the FAS server. VDA event logs Windows logs Security and looking for audit failure at the same time as the login failure: 0xC000006A| use...

DNS Resolution through NetScaler Fails with Unknown Host Error

DNS resolution for FQDN fails and following error is received when pinging FQDN from NetScaler: VPX-190 ping www.citrix.com ping: cannot resolve www.citrix.com: Unknown host ERROR:...

WEM Server Failed to Connect Database after SQL AlwaysOn Failover to Secondary

User has followed Citrix Doc below to setup AlwaysOn for WEM: https://docs.citrix.com/en-us/workspace-environment-management/current-release/system-requirements.htmlsql-server-always-on However, the WEM server won't be able to connect AlwaysOn database after a failover from primary SQL to...

How to Block HTTP TRACE Method by Using Responder Policy

This article describes how to use responder policy to block http trace method when clients access origin web servers behind lb virtual server...

Pre-configure the Store-URL in the “Citrix Workspace App” for MAC

...