Windows 10 April 2018 Update (v1803) – Citrix Known Issues

Issue 6

Issue Description

Pin prompt for Smart card authentication is not available to login into VDA session. User is prompted for “Username” and “Password” instead of Smart card PIN to login into VDA session.

[HDX-13195]

Problem Cause

Microsoft has changed the way Smart Card Service (SCardSvr) works in Windows 10 v1803. The service will run only if a Smart Card reader is connected. As ICA sessions redirect the Smart Card, it finds the service not to be running and fails.

Solution

This issue would not be encountered if earlier Windows 10 machine with VDA installed is upgraded to 1803. For a clean install of Windows 10 v1803, Microsoft has provided a mechanism to enable to enable Smart Card Service (SCardSvr) by adding a registry key. To add the registry key, follow below steps on the VDA:

Caution! Refer to the Disclaimer at the end of this article before making changes to Registry

  1. Right click on Start button and choose Run

  2. Type ‘Regedit’ and click Ok.

    On x86 machine, browse to HKEY_LOCAL_MACHINE -> Software -> Microsoft -> Cryptography -> Calais

    On x64 machine, browse to HKEY_LOCAL_MACHINE -> Software -> WOW6432Node -> Microsoft -> Cryptography -> Calais

  3. Right click on Calais in left pane, choose New -> DWORD (32 bit) value.

  4. Enter the value as ‘AllowServiceAccessWithNoReaders’ and hit enter.

  5. Double click on ‘AllowServiceAccessWithNoReaders’ and enter the value as 1.

  6. Close Registry Editor and restart the machine.

Issue 7

Issue Description

Print command from inside an ICA session of Windows 10 v1803 client fails to print using mapped Citrix UPS configured XPS Printer.

[HDX-13664]

Problem Cause

XPS Viewer is not available on Windows 10 v1803 by default. It is available as a Feature on Demand.

Solution

To install XPS Viewer, follow the below steps:

  • Open Command Prompt in elevated mode
  • Run the command “Dism /online /add-capability /CapabilityName:XPS.Viewer~~~~0.0.1.0”

Note:

  • The machine should be connected to the Internet for above command to acquire and install XPS Viewer.
  • While upgrading from earlier Windows 10 version to v1803 using ISO, if option ‘Download and install updates’ is chosen XPS Viewer will be retained after upgrade.

Issue 8

Issue Description

Citrix Workspace Environment Management (WEM) Agent fails to work when Windows 10 is upgraded to v1803.

[TPV-1184]

Problem Cause

The ‘Norskale’ key under [HKLM -> System -> CurrentControlSet -> Control] is removed during the upgrade to v1803.

Solution

Citrix is working with Microsoft to resolve this issue. To restore functionality, users could uninstall WEM Agent on the upgraded machine, reinstall and reconfigure.

Issue 9

Issue Description

Some maximized applications in Local App Access(LAA) enabled desktop sessions cannot be minimized using the minimize button. (Example application: Notepad, CMD)

[LC8813]

Problem Cause

The issue is due to an incorrect function call getting triggered for LAA enabled desktops.

Solution

This issue is resolved in Citrix XenDesktop 7.18 and CU2 for XenDesktop 7.15.


Issue 10

Issue Description

Citrix User Profile Manager (UPM) stops working after Windows 10 is upgraded to v1803.

[TPV-1307]

Problem Cause

The upgrade process is removing some of the registry entries related to UPM.

Solution

Citrix is working with Microsoft to resolve this issue.

Workaround 1:

As a workaround, users are advised to reinstall UPM after upgrading to v1803.

Workaround 2:

Add the registry keys manually that were removed during upgrade.

Caution!

  • Refer to the Disclaimer at the end of this article before making changes to Registry.
  • Below steps need to be performed by an administrator as it involves changing of permissions of Trusted Installer key of registry.
Part A – Setting permissions to Administrator group.
  1. Login to the VDA as domain administrator
  2. Right click on Start button and choose Run
  3. Type ‘Regedit’ and click Ok.
  4. Browse to HKEY_LOCAL_MACHINE -> System -> CurrentControlSet -> Control -> Winlogon -> Notifications
  5. Right click on Notifications and choose ‘Permissions…
  6. Click on Advanced and switch over to the Owners panel by clicking on the link Change next to ‘Owner:’.
  7. Enter Administrator under ‘Enter the Object name to select’ and click Ok.
  8. On the Advanced Security Settings window, check the box for ‘Replace owner on subcontainers and objects’.
  9. On the Permissions for Notifications window, grant Full permission to Administrators group.
Part B – Add the missing registry keys
  1. Browse to HKEY_LOCAL_MACHINE SYSTEM -> CurrentControlSet -> Control -> Winlogon -> Notifications -> Configurations -> Default -> Logon
  2. On the right pane, double click on Logon
  3. Add a comma separated value ‘UserProfileMan’ right after SessionEnv and click Ok. It should look similar to below:User-added image
  4. Double click on Logoff
  5. Add a comma separated value ‘UserProfileMan’ right after Profiles and click Ok. It should look similar to below.
  6. Browse to HKEY_LOCAL_MACHINE SYSTEM -> CurrentControlSet -> Control -> Winlogon -> Notifications -> Components
  7. Right click on Components and choose New -> Key
  8. Name it ‘UserProfileMan’ and double click on it.
  9. Once under ‘UserProfileMan’, in the right pane, right click on empty space and choose New -> String Value
  10. Enter String name as Events and value as ‘Logon,Logoff‘ and click Ok.
  11. Right click on empty space and choose New -> String Value
  12. Enter String name as ServiceName and value as ctxProfile and click Ok.
Part C – Restore permissions to TrustedInstaller
  1. Browse to HKEY_LOCAL_MACHINE -> System -> CurrentControlSet -> Control -> Winlogon -> Notifications
  2. Right click on Notifications and choose ‘Permissions…
  3. Click on Advanced and switch over to the Owners panel by clicking on the link Change next to ‘Owner:’.
  4. Select Object Types and check all the boxes and click Ok.
  5. Select ‘Locations…’, then select Local Computer.
  6. Enter ‘NT ServiceTrustedInstaller’ under ‘Enter the Object name to select’ and click Ok to close.
  7. On the Permissions for Notifications window, uncheck Full permission to Administrators group.

Issue 11

Issue Description

With Windows 10 v1803 as PVS Target Device (PVS 7.15 CU2), when Cache Type for vDisk is set as ‘Cache in device RAM’, a BSOD is encountered while booting.

[PVS-3634]

Problem Cause

This issue could be due to Kernel changes made in Windows 10 v1803 which might be preventing the Citrix PVS bootstrap and drivers from using reserved memory for RAM cache.

Solution

Citrix is investigating this issue. As a workaround, “Cache in device RAM with overflow on hard disk” option can be used.

Note: This only affects Legacy bootstrap PXE booting, which includes BDM and ISO booting. Using UEFI bootstrap works fine, including UEFI BDM and ISO booting.

Issue 12

Issue Description

Virtual Smart Card Reader (created by tpmvscmgr.exe) stops functioning after Windows 10 is upgraded from v1709 to v1803 with Citrix VDA installed.

Problem Cause

The Windows Upgrade process is rendering the Virtual Smart Card Reader non-functional. This issue is not encountered with a fresh install of Windows 10 v1803

Solution

Citrix is investigating this issue. As a workaround, users could login to the VDA using user name and password, go to the Device Manager and disable the Virtual Smart Card Reader and enable it again. This can also be done programmatically via Powershell with the following:

From a PoSH session run “Get-PnpDevice | ft FriendlyName,InstanceID”

In the Output match the friendly name with the name in device manager and also the one given when it was created with tpmvscmgr.exe. The InstanceID should look something like ROOTSMARTCARDREADER000

Once the InstanceID is identified the cmdlets to enabledisable the device are relatively simple:

Disable-pnpDevice –InstanceID ROOTSMARTCARDREADER000 –Confirm:$false

Enable-pnpDevice –InstanceID ROOTSMARTCARDREADER000 –Confirm:$false

Running a script with these cmdlets restores the Virtual Smartcard to a working state and could be incorporated into a startuplogon script.

References:

https://docs.microsoft.com/en-us/powershell/module/pnpdevice/get-pnpdevice?view=win10-ps

https://docs.microsoft.com/en-us/powershell/module/pnpdevice/disable-pnpdevice?view=win10-ps

https://docs.microsoft.com/en-us/powershell/module/pnpdevice/enable-pnpdevice?view=win10-ps

Related:

  • No Related Posts

Leave a Reply