How do you guys add persistent VDIs in vmware to Citrix Cloud? I don't think that MCS should be used in this case and thought about using sccm to deploy the VDIs instead. MCS is working with snapshots and I noticed that the VDIs take up a lot of space and issues can occur when using MCS with single session persistent VMs.

Citrix FAS Issue: "The request is not supported" when launching a session. Working on a migration from on-prem to Citrix Daas. Fas in use without issue for the on-prem environment. New environment is Citrix Daas and Azure resource location with FAS servers in Azure also. PKI Infrastructure is on-prem still. FAS servers in Az authorised to Citrix cloud and using the same CA's as on-prem. Kerberos Logging enabled on the VDA and seeing error “KDC_ERR_PADATA_TYPE_NOSUPP” mentioned here - https://www.citrix.com/blogs/2019/04/24/troubleshooting-the-federated-authentication-service/ and here but with event id 3 instead of event id 9 - https://www.ferroquesystems.com/resource/issue-citrix-fas-sso-incorrect-username-or-password-kerberos-event-id-9/. Has anybody seen similar or got any ideas? Thanks.

Does the new Citrix Universal Hybrid Multi-Cloud licensing model really rely on named user licensing and no longer on concurrent users?

I have a VDI env where I get this error message whenever I launch the newly created VDI for the first time. But it is intermittent and will work most of the time. Appears specifically after restarting the VDIs. One click, error message, second click it works. This doesn't feel stable at all. Not sure if its related to Netscaler or what it is but I have checked everything pretty much and it all looks good. I'm running full clone persistent VDIs in vmware through Citrix Cloud MCS & just standard 2 cloud connectors and so on. Did someone have this before?

Hi everyone, I’m working with an on-prem customer who’s evaluating Citrix Cloud and wants to achieve the following: • Internal users (on company network): seamless SSO to Citrix Workspace • External users: always authenticate Since Citrix Gateway Service treats all users as external, we can’t distinguish between internal/external at that level. The customer is using Entra ID as authentication method. Would implementing Conditional Access policies help achieve this?

Hi everyone, We have a customer using Citrix DaaS with on-prem workloads (Austria) for 3D CAD users. Performance in Europe is great, and the customer now wants to extend usage to users outside of Europe (e.g., UAE). It’s a requirement that the workloads must remain on-prem in Austria. Currently, there are no additional Citrix components on-prem and all traffic runs through Citrix Workspace and the Gateway Service. Our main challenge is latency optimization for remote users. From what we understand, Citrix uses the Azure backbone from the PoP (closest to the user endpoint) only if the workloads are hosted in Azure. Otherwise, HDX traffic travels over the public internet. This was confirmed by our Citrix contact. Now our idea was the following: We’re considering setting up a site-to-site VPN or ExpressRoute from the client’s HQ to the closest Azure DC (Austria East), then place Cloud Connectors there. The assumption is that the endpoint connects to the nearest PoP, then HDX traffic travels across the Azure backbone to the Cloud Connectors in Austria East, and from there via VPN to the on-prem datacenter. Does this approach make sense? What’s your experience or recommendation for optimizing latency in such scenarios?

Can anyone login into Citrix Downloads? I'm getting throttled by Okta

image.png

I have been having this error message for a while now, intermittent. Its a full clone VDI env, persistent single session. VDIs in vmware onprem and rest of the CTX infra in Citrix Cloud. Two cloud connectors.. Citrix support can't figure it out and I can't find any logs on this either. The only thing that Citrix support has told me so far that this is happening because the Cloud Connector is closing the connection for some reason.

Did anyone else have a connection blip around 11:11 am eastern with gateway services?

I am searching for an overview of what protocol (TCP or UDP) is used at my Citrix DAAS environment. I cannot find it in any (custom) report or not through the API. I do not have any third party monitoring tools. Maybe I am missing something or someone having an idea?

Does anyone have experience with Device Posture in Citrix Cloud? I'm trying to add a device policy to check if a registry value exists, but I keep getting an error. I've tried both with and without a backslash (\) at the end of the path. Any ideas?

Working on wem deployment. Test machine is registered and agent is running. I'm having issues blocking applications (by exe path) that run from the user profile. We use fslogix, could that be why? Path set to c:\users\%username% then the executable folder and path under appdata but it's not working. VDA on-prem and using wem in citrix cloud. Any suggestions?

Why not use fslogix filters?

Not familiar with those, and wouldn't the user still be able to install things like spotify to appdata?

Currently, we are running Citrix sharefile / user desktop sync through home folder. Do you guys have any advice on how to configure onedrive instead? Im trying to understand which GPOs I need to configure to migrate from home folders to onedrive and to activate onedrive properly for this. I was thinking FSLOGIX with one drive containers, or is there a better way to do this? Its a single session VDI environment which is static with local profiles.

Hi all, has anyone experienced applying Citrix policies based on Device Posture? We're doing a Cloud POC and I've been tasked with testing this. I got Device Posture itself working, have it integrated with Intune and its marking devices as Compliant or Not-Compliant as expected. I've enabled Adaptive Access as per the docs. And I've enabled a Citrix Policy for Clipboard Redirection, with Access Control enabled with access condition of Compliant, basically doing like the following guide just enabling it rather than disabling Enforce smart controls on DaaS using Device Posture However the policy itself isn't getting applied to my users. I have made sure that no other policies have a higher priority either. I've checked the SmartAccess filters and can see the Compliant Filter being applied too so it does look like the correct tag is being sent. Switching between my personal PC and Intune managed device I can also see the tag changing in the SmartAccess Filters. Basically just need a sanity check to make sure I've not missed anything? Maybe I'd be better doing a policy to disable rather than enable?

I want to configure OneDrive containers only in my persistent 1to1 VDI environment. Tried to do that through both the citrix policies in Citrix Cloud but also through WEM in Citrix Cloud. It doesn't seem to work, I have confirmed that the profile management service is installed and I can see that the path is found in the UPM logs. Basically, no folder and VHDX disk is being created on the share..did anyone stumble across a similar issue before? I want to run local profiles on my VDIs with onedrive containers to have better control over the disk space so that the VDI disk space is not used when users sync their on demand OneDrive files.

Greetings. I have a question about device posture. I may be reading too much into the documentation, but on the Test Mode page (https://docs.citrix.com/en-us/device-posture/device-posture-test-mode.html) it reads "*Users who have already logged in must have to relogin to enable device posture service to scan the subscriber devices.*" Does this mean the users will be kicked off in order to force them to load the EPA or will that happen on next login? Thanks for your insight.

Is Gateway Services behind a WAF already? If so, is that documented somewhere?

for smaller deployments, is it viable to run the cloud connectors on vda's?

Install and configure | Federated Authentication Service Can you only connect a FAS server to one resource location?

Does Citrix Workspace provide both resource aggregation and deduplication, similar to StoreFront? Is there a preference on which resource it would launch first (OnPrem vs DaaS)

Does Gateway Services integrate into Citrix Console? For instance, looking at HDX/Gateway Insight under Gateway. If not, is there any ability to get that detailed information from Gateway Services into some Citrix cloud console?

Anyone having any issues with DaaS admin RBAC after the latest Cloud Connector (6.138.0.11493 / 4.416.0)? After our CC's auto-updated last Friday, SAML auth'd admins, using AD based RBAC role assignment is failing for our service desk, preventing access to Monitor. FWIW, if I create an explicit Citrix Login with mirrored permissions, that works.

Has anyone set this up on a license server? License Activation Service | Licensing 11.17.2 build 53100

I remember years ago that all citrix cloud connectors had to be able to get to all resources, even if they weren't used for it. For instance, if I have onprem cloud connectors, do they need to be able to do what is needed in a different resource location that is in AWS, or does it segment items now - if I create a host connection in a resource location for AWS, it will only try to use cloud connectors there?

Anyone having issues today with MCS and Azure? I have been getting all kinds of errors all morning, API version errors creating NSGs. Timeouts creating the preparation vm. Etc. Just have to keep retrying and retrying until it works.

Just starting to use Images in Citrix DaaS. If I create /attempt to create an image definition from a machine in AWS Workspaces, but it fails, can I safely delete the image version that failed or will it delete the source machine in AWS? It says it will delete the resource, but I can't glean if that is referring to just the item in Citrix

Stretch question here, in Storefront/Workspace, you have the ability to "restart" resources. I'm not thrilled with how Citrix does it though. (hard power off VM, then allow session launch to power on.) I know you can totally DISABLE it via accesspolicy, but is there anyway to "change" the behavior. I.e. try to be graceful, rather than power off power off, reboot/reset, etc.?