PowerShell queries against secondary, elected broker during LHC (outage) mode

In order to interact with the Secondary Broker by making Get calls, do the following:

Add a registry key “EnableCssTestMode” with a value of 1:

New-ItemProperty -Path HKLM:SOFTWARECitrixDesktopServerLHC -Name EnableCssTestMode -PropertyType DWORD -Value 1

Set the SDK auth to “OnPrem” so that the SDK proxy does not try to redirect the cmdlet calls:

$XDSDKAuth=”OnPrem”

At this point you will be able to use the Broker snap-in to make Get commands to the Secondary Broker provided you point it to the correct port.

For example on a controller you would specify the Secondary Broker as below:

Get-BrokerMachine -AdminAddress localhost:89 | Select MachineName, ContollerDNSName, DesktopGroupName, RegistrationState


NOTE:

Only GET calls should be used when quering against the secondary broker.

PowerShell queries against the secondary broker should only be run when in outage mode.

Related:

  • No Related Posts

How to Configure MTU when using EDT across VPN solutions

Create UDPStackParameters registry key, which is missing by default:

HKCUSOFTWARECitrixICA ClientEngineConfigurationAdvancedModulesUDPUDPStackParameters

User-added image


If using Receiver for Windows 4.7 / 4.8 / 4.9 / 4.9 CU1 / 4.9 CU2 / 4.9 CU3:

There is a legacy issue in these Receivers for Windows where OutbufLength, when passed in an ICA file, is ignored.

Even if the registry value is modified to “*”, meaning accept everything from the ICA file, the ICA file setting is still ignored.

For this to work, in addition to creating the “UDPStackParameters” key as mentioned above, it is also necessary to modify the OutbufLength value in the registry and set it to the desired value determined above (1480 in the example):

Related:

Error:”An SSL connection to the server couldn't be established” while trying to authenticate to StoreFront using Linux Receiver

1. Obtain the root certificate in PEM format.

Tip: If you cannot find a certificate in this format, use the openssl utility to convert a certificate in CRT format to a .pem file.

2. As the user who installed the package (usually root):

  • Copy the file to $ICAROOT/keystore/cacerts.
  • Run the following command: $ICAROOT/util/ctx_rehash

Related:

  • No Related Posts

Error: The trust relationship between this workstation and the primary domain failed

Option 4) CMD line using NETDOM tool:

1. Logon to the machine with a local administrator account.

2. Obtain the tool netdom.exe from Windows Server 2008 or Windows Server 2008 R2 CD to enable the Active Directory Domain Services role.

3. Note: For Windows Vista and Windows 7, utilize the Remote Server Administration Tools (RSAT) to enable the Active Directory Domain Services role.

4. Run netdom.exe to change the password.

5. Open command prompt with administrator rights.

6. Execute the command: netdom.exe resetpwd /s:<server> /ud:<user> /pd:*

7. Restart the machine



Provisioning Services Target Device

Make sure that you have configured the PVS environment properly.

Reference the following article: https://support.citrix.com/article/CTX132289


Once that is confirmed. Shut the target device down and reset the machine account password for the affected target device in the PVS console.

User-added image

Related:

  • No Related Posts

Seamless application window incomplete display in Dual-Monitor Windows 10 client

Surface Pro 3 external display and Citrix XenApp: https://community.spiceworks.com/topic/663199-surface-pro-3-external-display-and-citrix-xenapp

https://support.microsoft.com/en-in/help/3025083/windows-scaling-issues-for-high-dpi-devices

Versions of Citrix Receiver for Windows 4.10 and higher are now “DPI scaling aware”, and provide improved support for handling higher DPI resolution in a session. To learn more about high DPI scaling, please visit the following links –

Related:

  • No Related Posts

Citrix Client SSL Error Codes

This article provides information on Citrix Client SSL Error Codes.

To assist with troubleshooting, Citrix Technical Support has compiled a list of generic SSL error codes that the Citrix client might present the user or write in the Event log when an error occurs.

Important! This article is intended for use by System Administrators. If you are experiencing this issue and you are not a System Administrator, contact your organization’s Help Desk for assistance and refer them to this article.

Note: This list contains general information and might not fully explain the reason for your error. This information is provided “as is” and is not meant to be an official rendering of the SSL error code definitions. Refer to the Disclaimer for more information.

* 0 Everything is fine *
* 1 Redo handshake before other things *
* 2 Handshake loop is complete *
* 3 An error occurred that cannot be further defined *
* 4 An error occurred while reading *
* 5 An error occurred in the provider. No further information is available *
* 6 A required library is missing *
* 7 A required library has no entry point? *
* 8 Initialization (of whatever was being initialized, library) failed *
* 9 There is no memory left for the application to use *
* 10 Can’t locate your certificate. *
* 11 Your certificate isn’t in a format readable by the provider *
* 12 You do not have permission to access the specified certificate *
* 13 The SSL package isn’t there (SChannel specific) *
* 14 Can’t work to the cipher strength required *
* 15 The context has expired or isn’t properly initialized *
* 16 The buffer read isn’t a valid SSL packet *
* 17 The buffer read isn’t a valid socks 5 packet *
* 18 Your SSL packet has been modified illegally *
* 19 Your SSL packet is out of sequence *
* 20 The data received is not a complete packet *
* 21 The server response to socks hello is bad *
* 22 The server response to socks connect request is bad *
* 23 We do not support the given address type *
* 24 Send the given buffer, and terminate the communication (SChannel specific) *
* 25 Do socks 5 server side redirection before completing handshake (SChannel specific) *
* 26 Unable to open the specified keystore *
* 27 Unable to find the specified identity cert *
* 28 The socket given to a function is not of the right type (SChannel specific) *
* 29 The socks 5 handshake broke down in an unspecified manner *
* 30 The buffer supplied is not big enough for all the data *
* 31 The SDK context supplied is not valid for the function called *
* 32 The clients socks 5 hello is bad *
* 33 The clients connect request is bad *
* 34 The socks 5 command requested is not supported *
* 35 The socks 5 server refuses to redirect to the required destination *
* 36 The destination network requested is inaccessible *
* 37 The destination host requested is unreachable *
* 38 Connection to the destination host requested is refused *
* 39 The TTL on the packet sent the destination host requested expired *
* 40 The hostname could not be resolved *
* 41 A socket could not be created *
* 42 Connection to the host is refused *
* 43 A close notify alert was received *
* 44 An unexpected message alert was received *
* 45 A bad mac alert was received *
* 46 A decompression failure alert was received *
* 47 A handshake failure alert was received *
* 48 A no certificate alert was received *
* 49 A bad certificate alert was received *
* 50 An unsupported certificate alert was received *
* 51 A certificate revoked alert was received *
* 52 A certificate expired alert was received *
* 53 A certificate unknown (untrusted) alert was received *
* 54 An illegal parameter alert was received *
* 55 An unknown alert was received (probably TLS alert) *
* 56 Unable to set the CA certs verify path (OpenSSL specific) *
* 57 Unable to set identity certificate *
* 58 Unable to set private key *
* 59 The common name on the ID certificate is not what was expected *
* 60 (OpenSSL specific) a zero depth self signed cert was received *
* 61 (OpenSSL specific) a root cert to match the identity received could not be found locally *
* 62 (OpenSSL specific) a root cert to match the identity received could not be found at all *
* 63 (OpenSSL specific) a self signed cert was in the chain received *
* 64 (OpenSSL specific) unable to verify the signature on the leaf cert *
* 65 (OpenSSL specific) unable to decode the issuers public key *
* 66 (OpenSSL specific) unable to verify the signature on a cert *
* 67 (OpenSSL specific) the before field in the cert is corrupt *
* 68 (OpenSSL specific) the certificate is not yet valid *
* 69 (OpenSSL specific) the expiry field in the cert is corrupt *
* 70 (OpenSSL specific) the certificate has expired *
* 71 A method called is unimplemented *
* 72 The provider could not load any of the root certs in the keystore *
* 73 The provider could not load some of the root certs in the keystore *
* 74 Client authentication failed *
* 75 The connection timed-out *
* 76 A server certificate was revoked *
* 77 No CRL could not be retrieved for one of the certificates *
* 78 Revocation support is not available *

Additional Resources

User-added image

Disclaimer

CITRIX MAKES NO REPRESENTATIONS OR WARRANTIES OF NONINFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE INFORMATION IN THIS ARTICLE. THIS INFORMATION IS DELIVERED ON AN “AS IS” BASIS. YOU SHALL HAVE THE SOLE RESPONSIBILITY FOR ADEQUATE PROTECTION AND BACK-UP OF ANY DATA USED IN CONNECTION WITH THIS INFORMATION. IN NO EVENT SHALL CITRIX BE LIABLE FOR (i) SPECIAL, INDIRECT, DIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, OR (ii) ANY OTHER CLAIM, DEMAND OR DAMAGES WHATSOEVER RESULTING FROM OR ARISING OUT OF OR IN CONNECTION WITH THIS INFORMATION, WHETHER AN ACTION IN CONTRACT OR TORT, INCLUDING NEGLIGENCE, OR OTHERWISE.

Related:

  • No Related Posts

VDA Cleanup Utility

Disclaimer

These software applications are provided to you as is with no representations, warranties or conditions of any kind. You may use and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the software application may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the software application fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the software application. In no event should the code be used to support of ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SOFTWARE APPLICATION, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the code.

Related:

  • No Related Posts

Support Information for Citrix License Server for Windows

The following table lists the minimum supported license versions for Citrix Virtual Apps and Desktops, XenApp, and XenDesktop.

Current Release Minimum Supported License server Version MSI Installer Version
2006 11.16.3.0 Build 28000 16.0.0.28000
2003 11.16.3.0 Build 28000 16.0.0.28000
1912 11.16.3.0 Build 28000 16.0.0.28000
1909 11.16.3.0 Build 28000 16.0.0.28000
1906 11.15.0.0 Build 24100 15.4.0.24100
1903 11.15.0.0 Build 24100 15.4.0.24100
1811 11.15.0.0 Build 24100 15.4.0.24100

Long term service Release Minimum Supported License server Version MSI Installer Version
1912 LTSR CU1 11.16.3.0 Build 28000 16.0.0.28000
1912 11.16.3.0 Build 28000 16.0.0.28000
7.15 LTSR 11.14.0.1 Build 21103 14.2.0.21103
7.6 LTSR 11.14.0.1 Build 21103 14.2.0.21103

Note:

For Current Release 2006 minimum supported License Server versions for Windows, please refer to:

https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/manage-deployment/licensing.html

For LTSR 1912 minimum supported License Server versions for Windows, please refer to:

https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/manage-deployment/licensing.html

For LTSR 7.15 minimum supported License Server versions for Windows, please refer to:

https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/manage-deployment/licensing.html

Related:

  • No Related Posts