Client Drive Mapping Fails when File Size is Larger than 4GB

In XenApp and XenDesktop, very large files that have a file size greater than 4GB are not supported with Client Drive Mapping.

For Example, when viewing a file which is greater than 4GB using a published Windows Explorer instance in a XenApp Client Mapped Drive, file size will be incorrectly displayed.

The following error message might appear:

“The file <filename> is too large for the destination file system”

When copying a file with file size greater than 4GB using a CDM mapped drive, the file is partially copied, resulting in an incomplete target file being written.


  • No Related Posts

How to Create Machine Catalog using MCS in Azure Resource Manager


  • Access to the XenApp and XenDesktop Service of Citrix Cloud.
  • An Azure Subscription.
  • An Azure Active Directory (Azure AD) user account in the directory associated with your subscription, which is also co-administrator of the subscription.
  • An ARM virtual network and subnet in your preferred region with connectivity to an AD controller and Citrix Cloud Connector.
  • “Microsoft Azure” host connection
  • To create an MCS machine catalog, XenDesktop requires a master image that will be used as a template for all the machines in that catalog.

User-added image

Creating Master Image from Virtual Machine deployed in Azure Resource Manager

Create a virtual machine (VM) in Azure using the Azure Resource Manager gallery image with either the Server OS or Desktop OS (based on whether you want to create Server OS catalog or Desktop OS catalog).

Refer to Citrix Documentation – install Citrix VDA software on the VM for more information.

Install the applications on the VM that you want to publish using this master image. Shutdown the VM from Azure Portal once you have finished installing applications. Make sure that the power status for the VM in Azure Portal is Stopped (deallocated)

User-added image

When creating MCS catalog we need to use the .vhd file that represents OS disk associated with this VM as master image for the catalog. If you have the experience of using Microsoft Azure Classic connection type in XenDesktop, you would have captured specialized image of the VM at this stage, but for Microsoft Azure connection type you don’t have to capture the VM image, you will only shutdown the VM and use the VHD associated with the VM as master image.

Create MCS Catalog

This information is a supplement to the guidance in the Create a Machine Catalog article. After creating master image, you are all set to create MCS catalog. Please follow the steps as described below to create MCS catalog.

  1. Launch the Studio from your Citrix Cloud client portal and navigate to Machine Catalogs in the left hand pane.

  2. Right click Machine Catalogs and click on Create Machine Catalog to launch the machine creation wizard.

  3. Click Next on the Introduction page.

    User-added image

  4. On the Operating System page Select Server OS or Desktop OS based on what type of catalog you want to create and click Next.

    User-added image

  5. On the Machine Management page, select Citrix Machine Creation Service (MCS) as the deployment technology and select the Microsoft Azure hosting resource and click Next.

    User-added image

Master Image Selection – This page provides a tree view which you can navigate to select the master image VHD. At the topmost level are all the resource groups in your subscription except those which represent the MCS catalog created by XenDesktop. When you select and expand a particular resource group, it shows the list of all storage accounts for the Azure Umanaged Disks in that resource group. If there are no storage accounts in that resource group, there will not be any child items under that resource group. If you have manually created number of resource groups and storage accounts to host your manually created VMs in your subscription, the master image page will show all those resource groups, storage accounts, containers and VHDs even though not all those VHDs are master images that you want to use for the provisioning. Select the storage account that has your master image. When you expand the storage account, it shows list of containers inside the storage account. Expand the container that has master image VHD and select the VHD that you want to use as master image for the catalog.

User-added image

In the case of Azure Unmanaged Disk, you need to know the VHD path in order to select it. If you have stood up a VM in Azure and prepared it to be used as a master image and you want to know the VHD path, follow the steps below:

  1. Select the resource group that has your master image VM.

  2. Select the master image VM and click Settings

  3. Click on Disks then Click OS Disks and copy the disk path.

    User-added image
    User-added image

  4. OS disk path is structured as https://<storage account name><container name>/<image name>.vhd

  5. You can use the disk path obtained in the step above to navigate the tree view to select image.

In the case of Azure Managed disk, it will be available directly under the Resource Group that you had created or as a part of the Virtual Machine’s Resource Group, as show below:

Note: If you don’t shutdown the master image VM and select the corresponding VHD to create a catalog, the catalog creation will fail. So make sure if you are selecting the VHD which is attached to running VM instance, the VM is in Stopped(deallocated) state.

  1. Storage type selection – XenDesktop supports Locally Redundant Standard or Premium storage for provisioning VMs in Azure. Your master image VHD can be hosted in any type of storage account, but for the VMs to be provisioned in Azure, XenDesktop will create new storage accounts based on storage type you selected.

    User-added image

  2. XenDesktop will provision maximum 40 VMs in single storage account due to IOPS limitations in Azure. For example if you want to create 100 VM catalog, you will find 3 storage accounts created and VM distribution in each storage account will be 40, 40 and 20.

  3. VM instance size selection – XenDesktop will show only those VM instance sizes which are supported for the selected storage type in the previous step. Enter number of VMs and select the VM instance size of your choice and click Next.

    User-added image

  4. Network Card Selection – Select network card and the associated network. Only one network card is supported.

    User-added image

  5. Select resource location domain and enter machine naming scheme.

    User-added image

  6. Enter credentials for your resource location Active Directory.

    User-added image

  7. Review the catalog summary, enter the catalog name and click Finish to start provisioning.

    User-added image

  8. Once the provisioning is complete, you will find new resource group created in your Azure subscription which hosts, all the VMs, storage accounts and network adapters for the catalog you provisioned. The default power state for the VMs after provisioning is Stopped(deallocated).

    User-added image

Once the provisioning is complete, you will find new resource group created in your subscription that has VM RDSDesk-01 as per the naming scheme we provided, NIC corresponding to that VM and a storage account that XenDesktop created to host the OS disk and the identity disk for the VM. The VM will be hosted on the same network as that of the selected hosting resource during catalog creation and the default power state of the VM will be Shutdown(deallocated).

The resource group created by XenDesktop during the MCS provisioning will have following naming convention


To find out which resource group in the Azure portal corresponds to the catalog you created from studio, follow the steps below.

  1. Connect to your XenApp and XenDesktop service using Remote PowerShell SDK. Please visit this link to find our how to interact with your Citrix Cloud environment using Remote PowerShell SDK.
  2. Run command Get-ProvScheme -ProvisioningSchemeName <Catalog Name>
  3. Note down the ‘ProvisioningSchemeUid’ from the output of the above command.
  4. Go to the Azure portal and search for the resource group name that contains ‘ProvisioningSchemeUid’ you obtained in step 3.
  • Note:

    As a best practice you should always create a copy of your master image and use the copied image as input to the provisioning process. In future if you want to update the catalog, you can start the master image VM and make necessary changes, shut it down and again create a copy of the image which will be your update image. This helps you to use the master image VM to create multiple image updates.

    Remember to shutdown the master image VM from Azure portal before starting to create the catalog. The master image needs to be copied into catalog’s storage account once provisioning starts, so we need to make sure it is not in use by any VM, otherwise it will lead to image copy failure and eventually provisioning failure.

  • Make sure you have sufficient cores, NIC quota in your subscription to provision VMs. You are most likely going to run out of these two quotas. You may not be able to check your subscription quota limits,
  • If your master image VM is provisioned in the Premium storage account then just shutting down the VM from the portal isn’t enough. You also need to detach the disk from the VM to use it as master image in provisioning. But in Azure Resource Manager you can not detach the disk while the VM is still available. So you need to delete the VM from the portal, this will only delete the VM but keep the OS disk in the storage account. The NIC corresponding to the VM also needs to be deleted separately.
User-added image


Citrix ADC Deprecated Classic Policy Based Features and Functionalities FAQs

Q. Which all Classic policy based features and functionalities are being removed from Citrix ADC?

Answer: All the features and functionalities mentioned in “Feature Description” column in Table 1 below are being removed from Citrix ADC. These features were deprecated in 12.0 builds and will be removed in a future release (targeted NetScaler GA release in Q2 2020).

Citrix recommends that all Citrix ADCcustomers take steps to switch from the following deprecated features & functionalities to corresponding feature replacements as suggested in Table 1.

Table 1. Classic policy based features & functionalities deprecated with feature replacement.

Feature Description Deprecation Initiated Feature Replacement
Citrix ADCfeatures and its functionalities: –

  • SureConnect (SC)
  • Priority Queuing (PQ)
  • HTTP Denial of Service Protection (HDoSP) AppQoE
HTMLInjection AppFlow with Client-Side Measurements
Filter Responder (for ERRORCODE, or DROP or RESET on the request side), Rewrite (for ADD or CORRUPT, or DROP or RESET on the response side), or Content Switching (for FORWARD).
Q and S prefixes in Advanced expressions HTTP.REQ and HTTP.RES
Pattern function in Rewrite action -Search Rewrite action parameter
Classic Named (policy) expression Advanced policy expression
Application Firewall Classic policy Application Firewall Advanced policy
Compression Classic policy Compression Advanced policy
Classic Cache Redirection policy Advanced Cache Redirection policy
Content Switching Classic policy Content Switching Advanced policy
SSL Classic policy SSL Advanced policy
Classic Audit SYSLOG policy Advanced Audit SYSLOG policy
Classic Audit NSLOG policy Advanced Audit NSLOG policy
Classic AAA Pre-authentication policy Advanced AAA Pre-authentication policy
Authentication Local policy

RADIUS Authentication policy

LDAP Authentication policy

Authentication Certification (cert) policy

TACACS Authentication policy

Authentication Negotiate policy

SAML Authentication policy

Delegation Forms Authentication (DFA) policy

Web Authentication policy Advanced Authentication policy (“add Authentication policy”)
Classic Authorization policy Advanced Authorization policy
Classic Traffic Management Session policy Advanced Traffic Management Session policy
Classic Tunnel Traffic policy Advanced Tunnel Traffic policy
Classic VPN Traffic policy Advanced VPN Traffic policy
Classic VPN Session policy Advanced VPN Session policy
Trace Classic expression Trace Advanced expression
SYS.EVAL_CLASSIC_EXPR Classic function Converting function to Advanced, replacing SYS.EVAL_CLASSIC_EXPR
Q. How do I convert deprecated Classic policy based features & functionalities to Advanced policy based features and functionalities?

Answer: You can use the Citrix ADC proprietary nspepi tool to convert commands, expressions, and configurations. nspepi tool helps to convert all the Classic expressions in the Citrix ADCconfiguration to the Advanced policy. More details about nspepi tool is available at:

Q. From which Citrix ADC release will Classic policy based features and functionalities not be supported?

Answer: Citrix ADC GA,2020 releases onwards.

Q. What actions do I need to take when I will be moving from a build where a feature mentioned in Table 1 is supported (example, Citrix ADC 11.0) to a build where the feature is not supported (example, Citrix ADC 13.1)?

Answer: Citrix recommends to replace the Classic policy based features and functionalities with the replacement features and functionalities mentioned in Table 1 above before upgrading to 13.1.

Q. What actions do I need to take when I will be moving from a build where a feature mentioned in Table 1 is deprecated (example, Citrix ADC 12.0.56) to where a build where the feature is not supported (example, Citrix ADC 13.1)?

Answer: Citrix recommends to replace the Classic policy based features and functionalities with the replacement features and functionalities mentioned in Table 1 above before upgrading to 13.1.

Q. I am using a build on which a feature mentioned in Table 1 is supported and have no immediate plans of upgrade, how long will I have support for deprecated feature?

Answer: Citrix will support the policy based features and functionalities as per current software support guidelines. For more details please refer to :

Q. What is recommended when I am adding a new deprecated configuration or modifying existing deprecated configs on the builds where Classic policy expressions are deprecated (e.g. 12.0.56)?

Answer: Citrix recommends not to use deprecated policies and expressions. Please use the above Table 1 for finding the replacement features.

Q. Do I have to re-boot the Citrix ADC instance after converting configuration file?

Answer: Yes, you have to reboot the NetScaler instance after successful conversion of ns.config file.


  • No Related Posts

Unable to sign in to Citrix Files when using Azure iDP for Single Sign On (SSO)

Attempts to use Single Sign On (‘Sign in with Company Credentials”) to access Citrix Files may fail when Microsoft Azure is used as the iDP (identity provider).

Upon closer inspection, you may find errors similar to the following:

AADSTS50105: The signed in user ‘’ is not assigned to a role for the application ‘ab12cd34-abcd-1234-0987-abcd43vf56567′(Citrix ShareFile).

This error can be seen despite the user being a member of the relevant Active Directory groups so as to be entitled to the role assignment. This membership can be seen when viewed via on-premises Active Directory. You may not be able to identify the same group membership when inspected via the Azure portal. When on the Azure portal, you may instead receive an error stating ‘Microsoft_AAD_IAM’.

Attempts to manually sign in (without using SSO) succeed.


  • No Related Posts

Director Version Matrix – Install or Upgrade compatibility of Director with Delivery Controller, VDA

Important: All new features of Director will be available and work as expected only in combination with the required minimum versions of the Delivery Controller (DC) and the VDA listed below.

Note: This article is applicable to XenApp 6.5 and later, XenDesktop 7 and later.

Director Version Features Dependency

(Min Version required)

1906 Session Auto Reconnect DC 7 1906 and VDA 1906 All
Session startup duration DC 7 1906 and VDA 1903 All
Desktop probing DC 7 1906 and Citrix Probe Agent 1903 Premium
7.9 and later Citrix Profile Management Duration in Profile Load VDA 1903 All
1811 Profile load DC 7 1811 and VDA 1811 All
Hypervisor Alerts Monitoring DC 7 1811 Premium
Application probing DC 7 1811 and Probe Agent 1811 Premium
Microsoft RDS license health DC 7 1811 and VDA 7.16 All
Key RTOP Data display DC 7 1811 and VDA 1808 Premium
1808 Export of Filters data DC 7 1808 and VDA 1808 All
Interactive Session drill down DC 7 1808 and VDA 1808
GPO drill down DC 7 1808 and VDA 1808
Machine historical data available using OData API DC 7 1808
7.18 Application probing DC 7.18 Platinum
Built-in alert policies
Health Assistant link None All
Interactive Session drill-down
7.17 PIV smart card authentication None All
7.16 Application Analytics DC 7.16 || VDA 7.15 All
OData API V.4 DC 7.16 All
Shadow Linux VDA users VDA 7.16 All
Domain local group support None All
Machine console access DC 7.16 All
7.15 Application Failure Monitoring DC 7.15 || VDA 7.15 All
7.14 Application-centric troubleshooting DC 7.13 || VDA 7.13 All
Disk Monitoring DC 7.14 || VDA 7.14 All
GPU Monitoring DC 7.14 || VDA 7.14 All
7.13 Application-centric troubleshooting DC 7.13 || VDA 7.13 Platinum
Transport protocol on Session Details panel DC 7.x || VDA 7.13 All
7.12 User-friendly Connection and Machine failure descriptions DC 7.12 || VDA 7.x All
Increased historical data availability in Enterprise edition Enterprise
Custom Reporting Platinum
Automate Director notifications with SNMP traps Platinum
7.11 Resource utilization reporting DC 7.11 || VDA 7.11 All
Alerting extended for CPU, Memory and ICA RTT conditions DC 7.11 || VDA 7.11 Platinum
Export report improvements DC 7.11 || VDA 7.x All
Automate Director notifications with Citrix Octoblu DC 7.11 || VDA 7.x Platinum
Integration with NetScaler MAS DC 7.11 || VDA 7.x

MAS version 11.1 Build 49.16
7.9 Logon Duration Breakdown DC 7.9 || VDA 7.x All
7.7 Proactive monitoring and alerting DC 7.7 || VDA 7.x Platinum
SCOM integration DC 7.7 || VDA 7.x || SCOM 2012 R2 || PowerShell 3.0 or later* Platinum
Windows Authentication Integration DC 7.x || VDA 7.x All
Desktop and Server OS Usage DC 7.7 || VDA 7.x Platinum

* Director and SCOM server must have the same PowerShell version

Upgrade sequence – XenApp and XenDesktop Components

Illustration of the upgrade sequence is as below. To upgrade all the installed components, run the installer on all the machines containing respective components.

User-added image

Note: Once DC is updated successfully, the Studio will prompt you to upgrade the Site. Complete this step for the new features to be available in Director.

How Do I Articles


  • No Related Posts

Configure Citrix Profile Management through WEM

Central Profile Management Store

1. Shared permissions

User-added image

2. Shared caching options

User-added image

3. NTFS permissions

User-added image

4. File and Storage services

User-added image

User-added image

Group Policy

Make sure the WEM clients (computers/servers or VDAs) are configured to receive the following GPO. ADMX and ADML files are downloaded with the same download package from Citrix Downloads WEM, they need to be copied to C:WindowsPolicyDefinitions or \<>sysvol<>PoliciesPolicyDefinitions

User-added image

WEM Client

Install latest WEM Agent from Citrix downloads website with the file named “Workspace-Environment-Management-v-4-XX-00Citrix Workspace Environment Management Agent v4.XX.00.00 Setup”

This agent will also install the following components

• Microsoft SQL CE 3.5 SP2 (x86 and x64)

• SyncFx 2.1 Synchronization

• SyncFx 2.1 ProviderServices

• SyncFx 2.1 DatabaseProviders

WEM Infrastructure Server

1. Make sure WEM clients are added into WEM console

User-added image

2. Apply UPM Settings

User-added image

User-added image

User-added image

3. Refresh client cache (a click to Refresh may be required)

User-added image

User-added image

User-added image

4. Test


  • No Related Posts

Bakers Half Dozen – Episode 7

Episode 7 Show Notes: Introduction with Matt Baker Item 1 – Data network effects are (mostly) BS. Data is rarely a good strategy for defensibility. Andreessen Horowitz Item 2 – Goldman Sachs and Data Moats Goldman Sachs Item 3 – Just because data is frozen, doesn’t mean it’s hard to retrieve. Item 4 – 7 Rs of the application landscape Citrix Item 5 – Public cloud fight and disruption  ZDNet Item 6 – What should we focus on for AI systems? Item 6.5 – Don’t build cathedrals when stick frame homes will do! Close Disagree, agree, … READ MORE


  • No Related Posts

Citrix UPS Printers are not visible via Control Panel, Devices And Printers

This is an known issue with printers provided by Citrix Universal Printer server on windows operating systems Windows Server 2019, Windows Server 2016, Windows 10, Windows Server 2012r2, Windows Server 2012.

Citrix is working with Microsoft to correct this interaction between Microsoft operating systems and Citrix universal print server print provider.

Citrix Documentation:

This issue has been documented in our XenApp/XenDesktop documentation since 7.5

  • Universal Print Server printers selected in the virtual desktop do not appear in the Devices and Printers window in Windows Control Panel. However, when users are working in applications, they can print using those printers. This issue occurs only on Windows Server 2012, Windows 2012 R2 , Windows 10 and Windows 8 platforms. [#335153]

Microsoft Documentation:

The Device Setup Manager service is discussed in the following article from Microsoft it applies to both Windows 8 and Windows 2012.

Device setup user experience in Windows 8

Microsoft released a hotfix for server 2012r2 which partially addressed some issues with 3rd party print provider visibility in newer windows releases.

However this was not a complete solution, and printers provided by Citrix Universal Print Server remained not visible.​


  • No Related Posts

HDX Flash Redirection Compatibility

HDX Flash Redirection is a technology that allows Flash-based videos to be rendered on the end user device (Windows or Linux) while appearing seamlessly integrated with the server-side web browser. HDX Flash provides a better user experience by offloading Adobe Flash rendering from the Citrix XenApp or XenDesktop server to the user device. The objective is to offload 80% or more of websites that leverage Flash. When Adobe Flash content cannot be redirected to the user device, the technology attempts to gracefully fall back to server-side rendering. Websites that cannot use Flash Redirection are blacklisted, either automatically by the software or manually by a system administrator.

If client-side Flash rendering is not desired, the HDX Flash Redirection technology can be disabled by using policies but the scalability benefits of HDX Flash Redirection are lost.

Compatibility Matrix

HDX Flash Redirection behavior might be affected by the Adobe Flash version, the XenApp or XenDesktop VDA version, as well as the Receiver version used to access applications and desktops. The browser version seems to have the largest impact on the specific Flash Redirection behavior that could be experienced in your environment.

Citrix has tested a variety of Adobe Flash and Internet Explorer versions against different XenApp and XenDesktop versions to determine the stability of Flash Redirection with these different combinations and to ensure that Flash Redirection works as expected. The following matrix comprises the scope of our testing:


  • On July 25, 2017, Adobe announced End of Life (EOL) for Flash. Adobe plans to stop updating and distributing the Flash Player at the end of 2020. Microsoft announced that they are phasing out Flash support in Internet Explorer before the Adobe date. They are removing Flash from Windows by the end of 2020. When that happens, users can no longer enable or run Flash in Internet Explorer. Citrix aligns with Microsoft policy and continues to maintain and support HDX Flash Redirection until the end of 2020. More information available on
  • Adobe no longer has Extended Support Release (ESR) versions of Flash. Customers are recommended to use the supported versions of Flash as outlined in the matrix below.
  • Some websites stream content using HTML5 by default, such as and may prompt to install Flash even after adding to Compatibility View. To use Flash Redirection on such websites, Emulation Mode should be used.(for example IE9 mode) The later section of the article outlines steps to enable Emulation Mode.
  • Beginning January 12, 2016, Microsoft supports only the most current version of Internet Explorer available for an operating system. Flash Redirection will be supported on the latest version of Internet Explorer supported on the operating system. For details, refer to Microsoft Lifecycle Support policy for Internet Explorer.
Versions Tested Up To
Adobe Flash 32.0
Internet Explorer
Receiver for Windows 4.9 4.9.6000
Workspace App 1905

Citrix recommends the XenApp or XenDesktop component updates below used in our testing to achieve the best Flash Redirection experience.

These hotfixes contain several Flash Redirection related fixes that provide more stability to environments using Flash Redirection, particularly those which resulted in blacklisting websites and Flash videos not playing.

Website Content: Adobe Flash technology and content is frequently updated on many websites that might impact Flash Redirection particularly with Internet Explorer 11. Some of these website specific issues can be resolved by one of the following workarounds:

  • Enable Internet Explorer Compatibility View and add the website(s) to the list.
  • Enable Emulation Mode on the user device. In Internet Explorer, on the Tools menu, click F12 Developer Tools. In the far left of the DOM Explorer screen, scroll down the list and select the Emulation icon. In Document Mode, select 9 or 10. Microsoft Enterprise Mode Site List Manager can be utilized to automate the Document Mode.







XenApp / XenDesktop

7.6, 7.15, 1903, 1906

The following articles provide a list of fixes included in XenDesktop/XenApp 7.6 version along with related fix information:

CTX138196 (Desktop OS), CTX142117 (Server OS)

List of Flash Related Articles

For more information, see the following articles: List of Flash Related Articles.

Installation and Configuration

CTX126529 – How to Enable Server-Side Content Fetching in HDX MediaStream for Flash

CTX124190 – How to Deploy and Configure HDX MediaStream for Flash

CTX125413 – How to Change the Background Color of Client-Rendered Flash Content for HDX MediaStream Flash Redirection

Known Issues and Limitations

CTX214127 – Citrix Known Issues With Adobe Flash Update

CTX214103 – Citrix Known Issues With Adobe Flash 22

CTX201150 – Adobe Flash 18 – Citrix Known Issues

CTX126702 – HDX MediaStream for Flash – Client-Side Content Fetching Limitations

CTX125324 – HDX MediaStream Flash Redirection – Network Latency Performance Issues

CTX124756 – HDX MediaStream for Flash Creates an Unknown Security Identifier in the ICA-tcp Port Permissions on Windows 2003 Feature Pack 2 Servers

CTX132751 – Windows Volume Control not working in VDA with HDX MediaStream for Flash v2

CTX128586 – HDX Monitor Tool Fails to Launch

CTX130847 – IMA Modules to Select when Recording a CDF Trace for a HDX MediaStream Flash Redirection Issues

CTX137799 – Internet Explorer 10 – Citrix Known Issues

CTX139939 – Microsoft Internet Explorer 11 – Citrix Known Issues


CTX134786 – Troubleshooting Flash V2 on Linux

CTX127188 – Troubleshooting Guide For Citrix HDX Components

CTX126491 – HDX Experience Monitor for XenApp

CTX135817 – HDX Monitor 3.x

CTX141595 – How to Enable HDX Flash Logging for Server-Side Rendering Failure


Secure Mail iOS 19.3.5 and Secure Mail Android 19.6.5 Not Able to Create Account or Connection Error

Before users can create an account in Secure Mail for iOS version 19.3.5 or Secure Mail Android 19.6.5, you must do the following:

1. On Citrix ADC, the following cipher suite value must be added in the SSL Ciphers option: – ECDHE-RSA-AES256-GCM-SHA384.

Note: If the ciphers are already bound, go to step 2.

For details, see

2. Bind Enable Elliptical Curve Cryptography (ECC).

For details, see ECDSA cipher suites support in the Citrix ADC 12.1 documentation

For FIPS enabled environments, verify that the RSA key size for identity certificate (i.e. server certificate), intermediate certificates, and your root certificate are 2048 or 3072 bits. We do not currently support an RSA key size of 4096 bits in a FIPS-enabled environment . The new crypto library checks for key size and will reject the connection.

For configuration information see the following Citrix support article:


  • No Related Posts