EPA for device certificate check fails on NetScaler

Users get the error "access denied" after EPA scan even with valid certificates available in the store...

Error "Windows cannot verify the digital signature for this file referencing unirsd.sys

When trying to edit a layer or publish an image with any Elastic Layering option turned on basically, any operation where our filter drivers are involved, the machine will have a boot failure, referencing File: \Windows\system32\DRIVERS\unirsd.sys, Status: 0xc0000428, Info: Windows cannot verify...

Layering multiple Office Components (Word, Visio, Project, Outlook, etc.)

There are a couple of places this can go bad. One is, never run any Office component in the Install Machine. The first time Office runs, it writes some machine-specific information into the registry, and if that layer then wakes up on another machine, it has to go through the configuration again...

Unable to install Secure Mail Public version for iOS - Incompatible app

Issue --------------- Unable to install Secure Mail Public version for iOS - Incompatible app Logs ------------- Xcode Logs Dec 14 09:29:52 iPhone WorxMailAppStore985 : -NSFileManagerMdxEncryption ctxRemoveItemAtPath:error:: errno=2 Dec 14 09:29:52 iPhone WorxMailAppStorelibsqlite3.dylib985 : BUG...

Blocking Windows Update from going to the next Windows 10 Feature Update (for example 1703 or 1709)

Citrix App layering, and probably other Citrix products, may not yet support the very latest version of Windows 10. For instance, Windows 10 1703 Creators Edition was not supported in App Layering until version 4.8. Unfortunately, "Feature Updates" are hard to block, because the Windows Update UI...

SDWAN 4000 SE- VWAN service is disabled automatically on SDWAN

MCN not working properly as the Virtual WAN Service got disabled itself. Dashboard showing the following error message: Error: Disabled by dpdkdaemon due to hardware initialization failure 4 times. The Citrix Virtual WAN Service was disabled...

How to script removing and rescanning "Ghost NIC" devices in Windows

It's sometimes necessary to run DevMgr in "nonpresent device" mode to remove all nonpresent NIC devices, and sometimes the present NIC too, and then rescan the network to fix problems. It's possible, using the Microsoft Windows Development Kit tool DEVCON.EXE, to script this operation if you know...

App Layering: Test SMB File Share function says permissions incorrect

When configuring a Network File Share for the ELM in App Layering, you get the error "Permissions incorrect on the file share for the path: . Please contact Support for more information."...

How to set customized BIOS strings to HVM VMs

This article describes the method to set customized BIOS strings to HVM VMs through xe CLI of XenServer 7.3 and later, as well as how to get customized BIOS strings on these VMs...

How to use tagged VLAN Network on management interface

This article introduces the configuration details of using tagged VLAN network on management interface on different use scenarios...

Debugging Layer Integrity Problems in Citrix App Layering

...

XenDesktop Setup Wizard completes without error, but there's no VM has been created in Hyper-V SCVMM

XenDesktop Setup Wizard completes without error, but no VM has been created in Hyper-V SCVMM. And there's noparticular error messages from CDF trace either...

High Mgmt CPU due to nsaaad process

High management CPU CPU spiked to 100% causing VIPs and LDAP server configuration on NS to go down Issue may be intermittent...

Web Insight Data Not Visible on NetScaler MAS

AppFlow aka Insight has been enabled for the VServer and Services. Enabled Web Insights on NetScaler MAS no data is displayed. Firewall port UDP 4739 is allowed from the NetScaler NSIP/SNIP to the MAS appliance. ULFD was disabled and server was removed...

Security Update for Citrix XenServer

Description of Problem A security issue has been identified within Citrix XenServer that may allow the malicious administrator of a guest VM to cause the host to crash. This issue affects Citrix XenServer 7.2 and Citrix XenServer 7.1 LTSR CU1. A CVE identifier is not presently available for this...

NetScaler 11.1 - Services flap on VPX/Interface hangs observed on XenServer

Services flaps on VPX/Interface hands observed on XenServer...

Upload Failed due to an Internal Error - When Upgrade SD-WAN Center 9.0.0

When a customer attempts to upgrade their SD-WAN Center from 9.0.0 to versions 9.1.0 or above, they face the below error message in the GUI: Customer can also see the below error message in their browsers: Warning: POST Content-Length of 76632859 bytes exceeds the limit of 62914560 bytes in Unkno...

Secure Mail - Not able to send emails with attachments more than 8MB

Unable to send email with attachments more than 8 MB...

StoreFront monitor shows down if "Check Backend Services" is enabled

When NetScaler admin try to create a service group and bind StoreFront monitor, the effective state shows down...

App Layering: Published image to PVS prompts user to restart computer

Customer publishes an image to PVS. When the machine boots up, it prompts for a restart with a box like this: "You must restart your computer to apply these changes." This is telling you that a new device has been detected and the driver has been installed, but Windows must restart to properly...

AppLocker Occasionally Blocking Layered Software

Customer reports that sometimes Office was not running, and it was being blocked by AppLocker...

Configuring Citrix StoreFront with the Secure Browser Service

This article describes how existing on-premise XenApp/XenDesktop customers can integrate and deliver Secure Browser via their existing Storefronts to end users...

How to configure Monitor to check services status of RADIUS servers ?

Configure Monitor for RADIUS server...

CVE-2017-17549 - Information Disclosure in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Client TLS Handshake

Description of Problem A vulnerability has been identified in the Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway Packet Engine that could result in the disclosure of cleartext traffic from the backend client TLS handshake. This vulnerability only affects connections...

CVE-2017-17382 - TLS Padding Oracle Vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway

Description of Problem A vulnerability has been identified in the Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway Packet Engine that could allow an attacker to exploit the appliance to decrypt TLS traffic. This vulnerability has been assigned the following CVE:...

Password Management for SDX's and VPX's utilizing NMAS

To manage passwords and accounts from one centralized location...

How to open Secure Mail email links with Native or 3rd party browser on android devices

This article explains how to open secure mail links on a native browser on Android devices...

Receiver Warning: "A Potentially UNSAFE Connection to the Computer Has Been Initiated"

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. -Getting warning message:"A potentially UNSAFE connection to the computer has been initiated" when...

SSL Handshake Fails When Server Name Indication (SNI) is Enabled on ADC

SSL handshake fails when Server Name Indication feature is enabled on NetScaler Server Name Indication aka SNI is an extension of the TLS protocol. For SNI to work, the server name in the client hello must match the host name configured on the back-end service that is bound to an SSL virtual...

"An error occurred during the Create Store Wizard. Please check the log in Event Viewer and try again" While Creating Store

The objective of this article is to solve the issue with StoreFront no able to create Stores. Error Message: Here is the error message from event log which is received when trying to create new Store: System.UriFormatException: Invalid URI: The hostname could not be parsed. at...

Error: "One or more issues were detected with your licensing configuration" during XenApp/XenDesktop upgrade to 7.16

When upgrading a Delivery Controller to version 7.16, a Citrix licensing error message might appear "One or more issues were detected with your licensing configuration. If unresolved, such issues will affect users' ability to access applications and desktops after the site upgrade"...

App Layering: Machine Time on a Published Image is Wrong at First Boot

When booting a published machine for instance, the template VM for MCS the first time, the local time for Windows is wrong by hours. The timezone is correct, but the initial time is set incorrectly for that time zone. This can break Windows and Office activation, and potentially cause other...

Controlling Citrix Workspace app Refresh Time

Note:- This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team. Citrix Workspace app would periodically refresh the resources from the server. By default, periodic refresh happens every 60 minutes after th...

PowerShell script to check what vdisk version is being used

Looking for assistance with powershell script to check what vdisk version on the PVS is being used by the VDI desktops Target Devices...

How to configure H.265 video VDA encoding for NVIDIA GPUs

Support for H.265 Encoding/Decoding H.265 video encoding on 7.16 VDAs with H.265-compatible NVIDIA GPUs and H.265 video decoding on Citrix Receiver for Windows 4.10 is supported for hardware acceleration of remote graphics and videos...

How to Troubleshoot Browser Content Redirection

This article provides an overview of the Browser content redirection BCR feature and use cases before providing general troubleshooting guidelines. It is highly recommended that you first read through the Browser content redirection and Browser content redirection policy settings sections of the...

EDT Session Connection/Reconnection Attempts using UDP and TCP in Parallel

Enhancement to existing EDT feature Starting with 2017 Q4 EDT-compatible versions of Receiver check “Requirements for this feature” section, session connections will be attempted using EDT and TCP in parallel. This will occur during: Initial connection Session roaming from one Receiver device to...

EDT Security using DTLS

EDT Security using DTLS As from XenApp and XenDesktop 7.16 VDAs, DTLS is supported refer to the Windows OS VDA 7.16 Schannel library support for DTLS article. This means that backend connection between NetScaler and the VDA could optionally use DTLS. In addition, Receiver could optionally use DTL...

How to Troubleshoot EDT Connections

Adaptive transport is a data transport mechanism for Citrix Virtual Apps and Desktops. It is faster, can scale, improves application interactivity, and is more interactive on challenging long-haul WAN and internet connections. Adaptive transport maintains high server scalability and efficient use...

StoreFront 3.7 - Chrome Does Not Detect Receiver on Client

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. While launching applications from Chrome, it uses HTML Receiver instead of Locally installed Receive...

How To check Per-App VPN Works on iOS?

The article describes how to validate the proper functionality of Per-App VPN on iOS...

XenServer Loses Network connectivity on Pool join (LACP bond entry incomplete)

Upon adding a host to an existing Pool configured with NIC Bonding of type LACP , the newly added host's NIC bond entry never finishes updating, as seen on the image below, where the Management interface never merges with the bond. The previous NIC remains as IP Setup None and the bond shows...

Mouse Offset Behavior During Multiple ICA Session in Receiver for Windows and Windows (Store)

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Attempting to run multiple ICA sessions simultaneously, may cause high memory and Disk I/O activity,...

Predefined Setting Values Configured on NetScaler MAS

This article list the predefined setting values configured on NetScaler MAS. NetScaler MAS Prune settings Number of days to keep data is default 15 Pruning happens everyday at 00:00 for Events, Audit Log, Task Log tables NetScaler MAS Backup Settings Every 12 hours NetScaler MAS will back up...

PVS Console | Fails to load farm\site\server details with error 'Server communication timeout'

The PVS Console throws following error while expanding farm\site\server details: 'Server communication timeout' MMC Console timeouts may also be seen. Now consider a Large AD Environment, where there are multiple Domains and the PVS Administrator User account used to access the PVS Console is par...

Error "Packets dropped due to licensed throughput rate being reached" on NetScaler

The following error is recorded in the ns.log file on NetScaler: EVENT Message 62992 0 : "410 packets dropped due to licensed throughput rate being reached"...

How to disable Interrupt Safe Mode in Provisioning Services

How to disable Interrupt Safe Mode in Provisioning Services The "Interrupt Safe Mode" configuration is a special setting designed to handle bad PXE implementations that do not comply with PXE standards or have bugs. The setting forces a reset on the UNDI Interface after sending every packet into...

Cache file size of "Cache on device RAM with overflow on hard disk" is growing faster than "Cache on device hard disk"

Cache file size of "Cache on device RAM with overflow on hard disk" is growing faster than "Cache on device hard disk"...

Error: "ProcessAttribute: failed getting 135292-byte attribute"- When Copying Folders Recursively

The import task will fail with this: The CachePoint Appliance could not import the gold image VM to create the Operating System Layer. Error is: Failed to copy folders recursively. Details: Note there are other reasons you could have a failure to copy files recursively.Always check UniSysLibLog f...

Citrix XenServer Multiple Security Updates

Description of Problem A number of security vulnerabilities have been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to compromise the host. These vulnerabilities affect all currently supported versions of Citrix XenServer up to and including Citrix...