Citrix Provisioning Console Error: 0x00000057 – Invalid Parameter

There are two possible solutions:

1. Upgrade your existing VHD vDisks to the VHDX file format.

– This can be done by running the Citrix Provisioning vDisk Creation Wizard and selecting the VHDX format.

– Alternatively, you can leverage Hyper-V to properly convert the format from VHD to VHDX.

https://docs.microsoft.com/en-us/powershell/module/hyper-v/convert-vhd?view=win10-ps

2. Use 512 byte based storage disks.

Guidelines with regard to vDisk sizing and storage disk compatibility according to Microsoft

1. VHD (512 logical sector size) must be on storage with 512 logical sector size. No RMW.

2. VHD (512 logical sector size) does not support storage with 4096 logical sector size. PVS has not implemented RMW for performance reasons.

3. VHDX (512 logical sector size) can be on storage with 512 logical sector size. No RMW.

4. VHDX (512 logical sector size) can be on storage with 4096 logical sector size (PVS implements RMW). Citrix recommends VHDX 4096 logical sector size for optimal performance.

5. VHDX (4096 logical sector size) can be on storage with 512 or 4096 logical sector size. No RMW.

*Read-Modify-Write (RMW) results in degraded overall disk performance.

Related:

  • No Related Posts

How to license Citrix Hypervisor versions 5.6 and higher

Upgrading Citrix Hypervisor 5.6-6.1

Free Citrix Hypervisor 6.2

Installation of license for Citrix Hypervisor 6.2

Retail Citrix Hypervisor


Upgrading Citrix Hypervisor 5.6-6.1

Note: Free Citrix Hypervisor 5.6-6.1 is no longer available; only upgrades.
  1. To upgrade 5.6 – 6.1 software, refer to: https://activate.vmd.citrix.com

Free Citrix Hypervisor 6.2

With the release of Citrix Hypervisor 6.2, Citrix has unlocked all features in the free version and removed the need for a license. To obtain the free version, follow the below steps:

  1. Go to www.xenserver.org
  2. Select the Software link at the top of the page
  3. The next page provides all downloads applicable to Citrix Hypervisor, Select the media desired
  4. Save the media on the desktop and proceed to install.


Installation of license for Citrix Hypervisor 6.2 Free version

There is no license to install therefore there will be no need for a license. To view the system and verify there is no license, follow the below steps:

  1. Open XenCenter
  2. Navigate to the Tools menu and click License Manager
  3. This will show the license manager server option as Unsupported

Retail Citrix Hypervisor editions

There are two types of Citrix Hypervisor editions available which uses retail licensing. The types of hypervisor editions are Citrix Hypervisor Standard Edition, and Citrix Hypervisor Premium Edition. All Citrix Hypervisor editions licenses have to be added to a separate Citrix Licensing Server. The license files are maintained and controlled using Citrix License Administrative (LAC) console

Each host in a resource pool must be individually licensed. (For example, if you are supporting four hypervisor hosts in a resource pool, you must configure the license type to use on each of the four hosts separately.) As a result, license settings are configured on each host in the pool. However, in XenCenter, you can select multiple hosts at once in the License Manager and apply the same settings to them.


Tasks required to License Citrix Hypervisor retail editions

Follow the below tasks to license Citrix Hypervisor retail editions:

  1. Create a Citrix license server. Citrix Hypervisor release requires the Citrix License Server, version 11.6.1 or higher http://support.citrix.com/proddocs/topic/licensing-1110/lic-install.html

  2. Download and add the Citrix Hypervisor license file to the Citrix License Server CTX130884-How to Download the Citrix Hypervisor License File from My Account Portal / CTX126338-How to Add Allocated License Files to the License Administration Console.

  3. Configure each Citrix Hypervisor host to use the Citrix License Server that is hosting the license you allocated for it CTX130884-How to Download the Citrix Hypervisor License File from My Account Portal / CTX126338-How to Add Allocated License Files to the License Administration Console.

Retail Licensing for Citrix Hypervisor activation using License Manager in XenCenter

Follow the below procedure to activate Citrix Hypervisor using License Manager in XenCenter:

  1. Open XenCenter. Click Tools and select License Manager.
  2. The License Manager pop up box is displayed. Select required hosts (you can select more than one host file) and Click Assign License.
  3. The Apply License dialog box is displayed. Under the License Edition section, select the type of your hypervisor (For example, if you have Citrix Hypervisor Premium Edition, click on the radio button against it).
  4. Under License Server section, enter the name of the server in Name field (by default, it will have Local host text, Delete it and enter the name of the server) and port number of the server in Port Number field.
Note: If you have changed the port on the Citrix License Server, specify the changed port number in the Port Number field. If you have not changed the port, leave the default value 27000 as is. 27000 is the default port number used by Citrix products.
  1. Click OK.
  2. The licensing file will be associated with Citrix Hypervisor and the server is ready to use.

Related:

Citrix Provisioning does not support VHD vDisks on 4Kn storage – Console Error: 0x00000057 – Invalid Parameter

There are two possible solutions:

1. Upgrade your existing VHD vDisks to the VHDX file format.

– This can be done by running the Citrix Provisioning vDisk Creation Wizard and selecting the VHDX format.

– Alternatively, you can leverage Hyper-V to properly convert the format from VHD to VHDX.

https://docs.microsoft.com/en-us/powershell/module/hyper-v/convert-vhd?view=win10-ps

2. Use 512 byte based storage disks.

Guidelines with regard to vDisk sizing and storage disk compatibility according to Microsoft

1. VHD (512 logical sector size) must be on storage with 512 logical sector size. No RMW.

2. VHD (512 logical sector size) does not support storage with 4096 logical sector size. PVS has not implemented RMW for performance reasons.

3. VHDX (512 logical sector size) can be on storage with 512 logical sector size. No RMW.

4. VHDX (512 logical sector size) can be on storage with 4096 logical sector size (PVS implements RMW). Citrix recommends VHDX 4096 logical sector size for optimal performance.

5. VHDX (4096 logical sector size) can be on storage with 512 or 4096 logical sector size. No RMW.

*Read-Modify-Write (RMW) results in degraded overall disk performance.

Related:

  • No Related Posts

How to Manually Install and Configure Citrix Receiver for Pass-Through Authentication

Single Sign-on authentication can be configured on both new and upgraded setup.

Configuring Single Sign-on on a new Citrix Receiver for Windows setup
Configuring Single Sign-on on an upgraded Citrix Receiver for Windows setup
Single Sign-on Troubleshooting and Diagnostics
More How Do I

To configure Single Sign-on on a new setup:

  1. Enable Domain pass-through and optionally User name and password authentication on StoreFront or the Web Interface.

  2. Configure XML trust services on the Delivery Controller.

  3. Modify Internet Explorer settings and Install Citrix Receiver for Windows with Single Sign-on.

1. Enable User name and password and Domain pass-through on StoreFront or the Web Interface

Depending on the XenApp/XenDesktop deployment, Single Sign-on authentication can be configured on StoreFront or the Web Interface using the Management Console.

  • StoreFront server: Launch StoreFront Studio, go to Store > Manage Authentication methods > enable Domain pass-through.

Note: Single Sign-on is not supported if Citrix Receiver for Windows is connected to XenApp/XenDesktop using NetScaler Gateway.

Scenario Steps Description
Configured on StoreFront or the Web Interface with Management Console StoreFront server: Launch StoreFront Studio, go to Store > Manage Authentication methods > enable Domain pass-through. When Citrix Receiver for Windows is not configured with Single Sign-on, it automatically switches the authentication method from Domain pass-through to Username and Password, if available.
Receiver for Web IS Required Launch Stores > Receiver for Websites > Manage Authentication methods > enable Domain pass-through.

User-added image

When Citrix Receiver for Web is not configured to allow Domain pass-through, it automatically switches the authentication method to Username and Password, if available.

If you are launching published applications using Internet Explorer for Storeweb, enable the Single Sign-on feature as described in the section Group Policy Settings.

StoreFront IS NOT configured If Web Interface is configured on a XenApp server, open XenApp Services Sites > Authentication Methods > enable Pass-through.

User-added image

When Citrix Receiver for Windows is not configured with Single Sign-on, it automatically switches the authentication method from Pass-through to Explicit, if available.

2. Configure XML trust services on the Delivery Controller

On XenDesktop 7 or later or XenApp 7.5 or later, run the following PowerShell command as an administrator on the Delivery Controller:

asnp Citrix*

Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $True

Refer to the Knowledge Center article: Error: “An error occurred while making the requested connection“.

Note: On XenApp 6.5, XML Service Port and Trust is enabled using the Graphical User Interface. For more information, see Configuring the Citrix XML Service Port and Trust.

3. Modify Internet Explorer settings and Install Citrix Receiver for Windows with Single Sign-on


3.1 Modify the Internet Explorer settings

Modify the Internet Explorer settings to add StoreFront URL or Web Interface URL to the list of Security Zones in Internet Options. There are two methods to modify Security Zones:

NOTE: At any time, use only one of the following methods.

Option 1
  1. Local Intranet: Open Internet Explorer > Internet Options > Security > Local Intranet, Click Sites. The Local intranet window appears.
  2. Click Advanced.
  3. Add the URL of the StoreFront or Web Interface FQDN with appropriate http or https protocol.
Option 2
  1. Trusted Sites: Open Internet Explorer > Tools > Internet Options > Security >Trusted Sites > Sites
  2. Add StoreFront or Web Interface FQDN with appropriate http or https protocol.
  3. In the Internet Options > Security tab, select Trusted Sites.
  4. Click Custom level. The Security Settings – Trusted Sites Zone window appears.
  5. From the User Authentication options, select Automatic logon with current user name and password.

User-added image
Note: Automatic logon with current user name and password can be configured using Group Policy. For more details, see Managing Browser Settings with Group Policy Tools.

3.2 Install Citrix Receiver for Windows

  1. Download Citrix Receiver for Windows (CitrixReceiver.exe) from Citrix Downloads.
  2. Log onto the client device with administrator privilege.
  3. You can install Citrix Receiver for Windows in two ways:
    Using the Graphical User Interface Using the Command Line Interface
    1. Double-click CitrixReceiver.exe.
    2. In the Citrix Receiver Installation wizard, select Enable Single Sign-on.User-added image
    3. Click Next.
    4. After the installation is complete, log off from the client device and log on again.
    1. Open a command prompt as an administrator and change to the directory to where CitrixReceiver.exe is located.
    2. Run the following command to install Citrix Receiver for Windows with the Single Sign-on feature enabled:

      CitrixReceiver.exe /includeSSON /silent
  4. After the installation is complete, log off from the client machine and log on again.
  5. Launch the Task Manager to verify that the ssonsvr.exe process is running.

User-added image

Users should now be able to log on to an existing Store (or configure a new Store) using Citrix Receiver for Windows without providing credentials.

Group policy settings

Configuration described in this section is required in two cases:

• When access to StoreWeb using web browsers is required.

• Citrix Receiver for Windows version 4.3 or earlier is used.

For newer versions of Receiver (4.4 onwards) that do not require SSON via web browsers, the configuration is optional

Using Citrix Receiver for Windows Group Policy template files

• Add Citrix Receiver for Windows template files to the Local Group Policy Editor. For more information, see Configure Receiver with the Group Policy Object template . Be sure to use the ADM template of the same version as the Receiver on the Client.

Follow the below steps to configure the policy

1. Open Local Group Policy Editor. Navigate to Citrix Receiver > User authentication.

2. Open the Local user name password policy.

3. Select Enable pass-through authentication.


4. Click Apply and OK.

Note: If the existing version of Citrix Receiver for Windows does not have the Single Sign-on component installed, upgrading to the latest version with the /includeSSON switch is not supported.

After the installation is complete, log off from the client device and log on again.

Single Sign-on Diagnostics

In Citrix Receiver for Windows Version 4.5, you can use Configuration Checker to diagnose the Single Sign-on configuration.

  1. Right-click the Citrix Receiver icon in the notification area and select Advanced Preferences > Configuration Checker.

    The Configuration Checker window appears.

    User-added image

  2. Select SSONChecker and click Run.

    The test runs on all the SSON checkpoints.

After the test is complete, the results are displayed for each test.

The test describes if all the configuration requirements for Single Sign-on are met.

For more information, see Using Configuration Checker to validate Single Sign-on configuration


Verify the list of Network Providers

If users face any issues with Single Sign-on, Citrix recommends that you verify the list of network providers list on the client machin e as described below:

  1. Click Start.

  2. Enter View network connections. The Network Connection window appears.

  3. Press ALT to display the menu. Click Advanced > Advanced Settings

    Advanced Settings
    window appears.

  4. Click the Provider Order tab.

  5. Move “Citrix Single Sign On” to the top of the list to change the order of network providers.

    User-added image

Related:

  • No Related Posts

Sophos Anti-virus for Linux: Linux endpoint not reporting as registering to Central though the MCS.log file and config file show that it has registered.

A LInux endpoint is not reporting as registering to the Cloud though the MCS.log file and config file show that it has registered. The following error may be seen if the Linux machine is not registered in the DNS A records or hosts file so the lookup against itself fails:

subprocess.CalledProcessError: Command '['hostname', '-f']' returned non-zero exit status 1

This will probably be due to a name resolution issue when the Endpoint is trying to register itself to Cloud. During this process two DNS queries are performed from the EP, one to the AWS cloud server,the other is to the Linux machine itself

The lookup process is as follows:

  1. DNS lookup from EP for AWS cloud
  2. Once IP address is identified by DNS lookup, TLSv1 session to AWS cloud is made. (typically ‘Server Hello’ is communicated.)
  3. DNS lookup for the Linux machine itself.
  4. Once the lookup for itself is successful, the next TLSv1 session with AWS cloud is made. (typically ‘Client Hello’ is communicated.)

When this error is seen the Linux machine is not registered in the DNS A records or hosts file so the lookup against itself fails.

The following sections are covered:

Applies to the following Sophos products and versions

Sophos Anti-Virus for Linux

Once a record in the DNS server for the Linux machine has been specified the registration with Sophos Central should proceed. Alternatively, the hosts file can be updated by adding the machine name of the Linux machine itself.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

  • No Related Posts

Advisory: Sophos XG, UTM, Cyberoam and Central Email may be quarantining legitimate emails

Sophos is investigating reports from Sophos XG, UTM, and Central customers that legitimate email is being quarantined.

Applies to the following Sophos product(s) and version(s)

Sophos UTM

Sophos Firewall

Sophos Central Email

Some Sophos customers may experience legitimate emails being blocked or quarantined. Inbound and the outbound email are affected.

[Update] Spam rules have been updated and spam detection has returned to normal.

This issue has now been resolved. Any customers still experiencing issues with SPAM are requested to refer to the articles in the related information section and to contact Sophos Support.

Moving forward, customers should subscribe to the Sophos SMS Mobile Notification service to be notified of product issues such as this.

If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.

This is invaluable to us to ensure that we continually strive to give our customers the best information possible.

Related:

  • No Related Posts

Linux XDPing Tool

This software application is provided to you “as is” with no representations, warranties or conditions of any kind. You may use and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the software application may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software application fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software application. In no event should the code be used to support of ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE APPLICATION, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the code.

Related:

  • No Related Posts

Backend SSL Connection Fails on NetScaler due to missing extensions

NetScaler missing renegotiate extension in Client Hello for backend server.

For example, when using Secure-LDAP which uses port 636 (TCPs) it fails in services/monitor. The reason for failure is SSL extension “renegotiation” is missing in client hello by NetScaler.

Client Hello missing renegotiate extension when it fails

without-renegotiate-ext

When SSL-renegotiate extension is present it appears as below

with-renegotiate-ext

Related:

Folder Structures – Best Practices at the Root Level Folder

Quick Jump (click one!)

Who will be creating the structure? Who will need access? Personal Folders Advanced Folder Settings Limitations Tips and Full Guide

Who will be creating the structure?

The ability to create root level folders is dictated by the employee permission ‘Create root-level folders.’ This permission is not for Admin users only. Employees with this permission will be able to create root level folders. To allocate this permission to an existing employee, navigate to ‘People’ -> ‘Manage Employees’ -> Select a user’s profile -> Allocate permissions at the bottom of the screen under ‘User Access’.

If a user is granted upload rights on a folder, they will have the ability to create subfolders within that folder.

TIP! If you are using the ShareFile User Management Tool to provision users directly from AD, you can allocate the ‘Create root-level folders’ permission to users at the time of group rule creation.

Who will need access?

Understanding who will be accessing the data in a folder structure is extremely important to the planning process. ShareFile allows for sharing folder access with both internal (employees) and external (clients) users. To share a folder with a user, you will need to be an admin user on the folder, or the creator. Simply navigate to that folder location > Select the ‘People on this Folder’ tab > ‘Add People to Folder’ > Select the user and assign permissions > ‘Add’. Click here for more info on how to Add People to a Folder.

TIP! You can add users to a folder in bulk by utilizing distribution groups.

Personal Folders

Personal Folders are automatically created for each Employee User at the time of provisioning. The user should reserve this location for private use and any folders in this location should not be shared with other users. Any folders that are going to be shared should be created or moved to the ‘Shared Folders’ area. By default, employees have the ability to upload and download files from this folder. They also will be able to create subfolders and add other users to those subfolders with desired permissions. Click here for more info on ShareFile Personal Folders.

TIP! As an Admin, you can always view an employee’s Personal Folder to ensure they are adhering to best practices and internal standards. This can be done by navigating to:

‘People’ -> Manage Employees -> Select Profile -> ‘View folders and activity logs’ -> ‘Access Personal Folder’

Advanced Folder Settings

As a ShareFile Admin, you have the ability to set account-wide folder defaults within the Admin Settings console. These settings will be applied to any net new root-level folders that are created within your account. However, Advanced Folder Settings allows folder Admins to override these defaults to apply custom policies on a per root-level folder basis. Click here for more info on how to Create a Folder & Advanced Folder Options.

TIP! By default, a user given Admin rights at the root-folder level has the ability to adjust the retention policy on that folder (and therefore all subfolders beneath). However, ShareFile offers a setting that can be enabled by Citrix Support that only allows employee users with ‘Modify account-wide settings’ to adjust folder retention policies via Advanced Folder Settings.
Limitations

Although ShareFile does not provide defined parameters regarding folder size, depth, or number of items allowed, the following best practices will ensure optimal performance.

File Path Limit

ShareFile recommends adhering to Microsoft File Path limitations by avoiding path names that exceed 250 characters. Shorten paths by renaming folders and files or moving deep lying folders higher up the tree. This is extremely pertinent if you are planning on deploying the ShareFile Sync for Windows application.

Horizontal not Vertical

As mentioned earlier, it is best practice to keep your folder structure spread wide at either the root level or the second level down. This will prevent a narrow, deep structure from evolving that can cause a poor user experience and strain the ShareFile system. These changes can help to disburse items and prevent a folder from hitting the upper limits. This is linked to the number of calls required when adjusting folder settings, user access, and account wide policies. Furthermore, users will lose productivity if they’re required to click through a deep folder tree to access documents.

File Versioning

Adjust your file versioning to only keep the last 25 or less files. This can be adjusted from the Admin Settings under Advanced Preferences > File Settings.

Limit items in each folder

ShareFile folders should not contain more than 5,000 items within an individual folder or sub-folders. An “item” includes any elements within a folder. This includes files, folders, additional versions of files, and notes. Additionally, items in the recycle bin from the affected folder before emptied are included in the overall item count. When a folder reaches or exceeds this limitation, the consequences can be detrimental to the account and explicitly the folder in question.

The impacts could include:

  • Inability to upload documents.
  • Slow or inaccessible folder operations such as browse, copy, move, delete, and restore.
  • Time-outs in Web application
  • Inability to temporarily access particular folder
  • Temporary account lock out.

If you are currently experiencing these issues or are approaching these folder limits, please contact support for assistance.

Folder Size

ShareFile folders should not contain more than 10GB of data. Exceeding this limit will result to slow folder operation like copy/move/delete/restore.

Tips:


Complete Folder Structure Best Practices Document

Related:

  • No Related Posts