How to re-enroll DEP devices on Citrix Endpoint Management

The DEP enrollment is meant to be done during out of the box (zero touch) state of the device. So it is expected that the device must be on the same state – either out of the box or reset to factory condition.

DEP enrollment utilizes the Automated Device Enrollment to setup devices with Citrix Endpoint Management. Automated Device Enrollment lets organizations configure and manage devices from the moment the devices are removed from the box (in a process known as Auto Advance deployment). You can supervise devices during activation without touching them, and lock MDM enrollment for ongoing management.

For enrolling into Apple Business Manager or Apple School Manager, follow the steps mentioned in the Apple article here – https://support.apple.com/en-us/HT204142

You will find all the steps for DEP enrollment along with screenshots on the Citrix documentation .

Re-enrolling DEP devices

As DEP devices are setup from a factory reset or out of the box condition, we need to follow the same in case of re-enrollment. This means that selective wipe is not the correct way to un-enroll DEP devices. DEP enrollment starts right from when the device is in factory condition which helps to get the devices to supervised status.

For a re-enrollment, we need to perform a full wipe on DEP devices to get it to factory reset condition. Devices under Apple DEP will sync with the Citrix Endpoint Management automatically. After this, a fresh enrollment can be started for the devices.

Related:

  • No Related Posts

Error: “Unable to launch your application.” When Launching Published Applications or Desktops Through NetScaler Gateway

There could be multiple reasons due to which a user might not be able to launch the published application or desktop through NetScaler Gateway. You can learn the traffic flow and how to analyze logs in a Citrix Gateway and Storefront integrated environment by watching below video. You can find the details on some of the reasons in this article also.



Details on some of the reasons:

  1. Install Latest Version of Receiver
  2. User License Exhausted
  3. NetScaler Gateway License Type Mismatch
  4. Certificate Not Linked on the NetScaler
  5. Secure Ticket Authority Not Specified
  6. FQDN of Secure Ticket Authority is Not Resolvable
  7. Verify if the Secure Ticket Authority Configured on NetScaler Returns STA ID
  8. Verify if there is Same STA Servers on NetScaler Gateway Virtual Server as well as on the StoreFront Servers
  9. Make Sure that Usage or Role on the StoreFront Server is Set to Authentication and HDX Routing
  10. Verify Communication on port 1494/2598 from the Subnet IP/Mapped IP to the XenApp/XenDesktop Servers

User-added image


Install Latest Version of Receiver

Download and install the latest version of Citrix Receiver to resolve this issue.

User License Exhausted

User-added image

Verify if the license is exhausted on NetScaler Gateway. Navigate to NetScaler configuration utility > NetScaler Gateway > Virtual Server and examine the Maximum Users and Current Users. If you notice that both values are the same then the NetScaler Gateway license is exhausted.

You can also navigate to NetScaler configuration utility > System > Licenses to confirm the number of NetScaler Gateway and ICA licenses.

Complete one of the following steps to resolve this issue:

Install an additional Universal License to accommodate more users. Adjust the maximum number of users to match the new number of total users by navigating to NetScaler Gateway > Global Settings > Change Authentication AAA Settings > Maximum Number of Users.

Note: Retain NetScaler Gateway virtual server in SmartAccess mode.

NetScaler Gateway License Type Mismatch

User-added image

NetScaler Gateway setting should match with the type of license that NetScaler Gateway has. Change the NetScaler Gateway virtual server mode from SmartAccess to Basic. If Basic mode is used under NetScaler Gateway virtual server (ICA Only checkbox checked in latest versions of NetScaler) then unlimited ICA users are allowed.

Refer to CTX125567 – How to Configure NetScaler Gateway Appliance with Unlimited ICA Connections for more information.

Certificate Not Linked on the NetScaler

User-added image

When users launch the published application or desktop, the Receiver would perform an SSL handshake with the NetScaler Gateway virtual server. If the certificate has been issued by a Trusted CA, make sure that the certificate is also on the NetScaler. For more information refer to CTX114146 – How to Install and Link Intermediate Certificate with Primary CA on NetScaler Gateway.

Secure Ticket Authority Not Specified

User-added image

Verify if NetScaler Gateway has Secure Ticket Authority (STA) specified under NetScaler Gateway > Virtual Server > Published Application. If not, add the STA under Published Applications on NetScaler Gateway to resolve this issue. For more information refer to Citrix Documentation – Configuring the Secure Ticket Authority on NetScaler Gateway.


FQDN of Secure Ticket Authority is Not Resolvable

User-added image

Verify if FQDN of STA server is resolvable. If not, change the STA server FQDN to IP address on StoreFront and NetScaler. For more information refer to Citrix Documentation – Configuring the Secure Ticket Authority on NetScaler Gateway.

Verify if the Secure Ticket Authority Configured on NetScaler Returns STA ID

User-added image

If the Secure Ticket Authority Server is reachable through the NetScaler, then it would send a POST request to the STA Server requesting for an AuthID. The Secure Ticket Server (STA) should return a valid as well as a unique AuthID.

Verify if there is Same STA Servers on NetScaler Gateway Virtual Server as well as on the StoreFront ServersUser-added image

The StoreFront Server needs to contact the Secure Ticket Authority Server to obtain a ticket that will have the IP address/ FQDN of the XenApp/ XenDesktop server that will be able to serve the request for that published application/desktop.

When the ticket is forwarded from the Client to the NetScaler Gateway, it would match the AuthID in the ticket with the AuthID for the STA server specified on the virtual server. If the AuthID does not match, then the launch request would fail.

Make Sure that Usage or Role on the StoreFront Server is Set to Authentication and HDX Routing

User-added image

Starting StoreFront version 3.5, you would be able to define the Secure Ticket Authority Servers only when you select the Usage or Role as Authentication and HDX Routing under Manage NetScaler Gateway Settings. Also, if this option is not selected, then the StoreFront Server would not add the SSL Proxy Host in the Ticket created by the Secure Ticket Authority Server.

Verify Communication on port 1494/2598 from the Subnet IP/Mapped IP to the XenApp/XenDesktop Servers

User-added image

The NetScaler will communicate with the XenApp/XenDesktop server on port 1494 (Session reliability OFF) or port 2598 (Session reliability ON). If the SNIP/MIP is not able to establish a TCP connection on the preceding mentioned ports, then the launch would fail.

User-added image

Related:

  • No Related Posts

F5 with StoreFront session timeout closing active sessions

When the StoreFront session times out, it’s closing active ICA sessions.

We found the issue is only happening when authenticating via F5 frontend.

When Authenticating via F5. After 20 minutes the Citrix Desktop and storefront session shuts down.

After 17 minutes, a 3 mins countdown starts in the storefront browser. After 3 minutes the desktop session disappears and the browser windows displays a message “you have been logged out due to inactivity”.

Repro Steps:

– Set a session timeout duration from Storefront>Manage Receiver for Websites>Configure>Session settings

– Browse to StoreWeb URL and launch a desktop/application.

– Keep using the session and don’t leave it idle.

Actual Result:

– It will disconnect the session in 20 mins.

Expected Result:

– It should keep the session active.

Related:

  • No Related Posts

Citrix Director Displays “In Supplemental Grace Period Time until grace expires”

The site went over the number of licenses about 9 days ago which triggered the Supplemental Grace Period.

According to the Citrix Documentation: https://docs.citrix.com/en-us/licensing/current-release/license-types.html#supplemental-grace-period

“If all licenses are in use, the supplemental grace period enables users to connect to a product for a limited period of time allowing you to address the issue. The default supplemental grace period is 15 days. During this period there is no limit on connections. After it expires, normal (to the extent of license availability) connection limits are enforced. Users are not disconnected, but as they disconnect, no new connections occur until license levels return to normal. Supplemental grace periods are granted per product and edition and per Subscription Advantage Eligibility date (per product) and only for Retail licenses. For example, if you have two clients requesting XenDesktop Enterprise Concurrent, with different Subscription Advantage Eligibility dates, two supplemental grace periods are granted. Rearming the supplemental grace period – When you take corrective action (for example, installing an additional Retail license), the supplemental grace period is rearmed, and normal license limits are enforced again. If you take action while the supplemental grace period is in force, the License Server exits the supplemental grace period before rearming. When the supplemental grace period is rearmed, you can trigger a new 15 day supplemental grace period the next time you go over the license limit.”

So this behavior is normal and the only way to turn this off would be to follow –

1) Go To:C:Program Files (x86)CitrixLicensingMyFiles

2) Open the file: “CITRIX.opt” with Notepad.

3) At the bottom of that file, add

“#CITRIX SGPOFF”

4) Save

5) Restart all Citrix Services (or Reboot)

to remove supplemental all together or to add new license files.

It is worth noting that the Supplemental Grace Period is normal when a user goes over the allotted number of Citrix license. It is also normal for the error to show up in Director even after no SGP licenses are being used. The SGP is a one time grace period that last 15 days. After this there can be no more SGP licenses applied to uses but normal ICA licensing will occur. The idea is that you have 15 days to correct the issue before the SGP and only the SGP licenses expire. The only way to rearm is to buy more.

Related:

  • No Related Posts

Citrix Director Displays “In Supplemental Grace Period Time until grace expires”

The site went over the number of licenses about 9 days ago which triggered the Supplemental Grace Period.

According to the Citrix Documentation: https://docs.citrix.com/en-us/licensing/current-release/license-types.html#supplemental-grace-period

“If all licenses are in use, the supplemental grace period enables users to connect to a product for a limited period of time allowing you to address the issue. The default supplemental grace period is 15 days. During this period there is no limit on connections. After it expires, normal (to the extent of license availability) connection limits are enforced. Users are not disconnected, but as they disconnect, no new connections occur until license levels return to normal. Supplemental grace periods are granted per product and edition and per Subscription Advantage Eligibility date (per product) and only for Retail licenses. For example, if you have two clients requesting XenDesktop Enterprise Concurrent, with different Subscription Advantage Eligibility dates, two supplemental grace periods are granted. Rearming the supplemental grace period – When you take corrective action (for example, installing an additional Retail license), the supplemental grace period is rearmed, and normal license limits are enforced again. If you take action while the supplemental grace period is in force, the License Server exits the supplemental grace period before rearming. When the supplemental grace period is rearmed, you can trigger a new 15 day supplemental grace period the next time you go over the license limit.”

So this behavior is normal and the only way to turn this off would be to follow –

1) Go To:C:Program Files (x86)CitrixLicensingMyFiles

2) Open the file: “CITRIX.opt” with Notepad.

3) At the bottom of that file, add

“#CITRIX SGPOFF”

4) Save

5) Restart all Citrix Services (or Reboot)

to remove supplemental all together or to add new license files.

It is worth noting that the Supplemental Grace Period is normal when a user goes over the allotted number of Citrix license. It is also normal for the error to show up in Director even after no SGP licenses are being used. The SGP is a one time grace period that last 15 days. After this there can be no more SGP licenses applied to uses but normal ICA licensing will occur. The idea is that you have 15 days to correct the issue before the SGP and only the SGP licenses expire. The only way to rearm is to buy more.

Related:

  • No Related Posts

Citrix Director Displays “In Supplemental Grace Period Time until grace expires”

The site went over the number of licenses about 9 days ago which triggered the Supplemental Grace Period.

According to the Citrix Documentation: https://docs.citrix.com/en-us/licensing/current-release/license-types.html#supplemental-grace-period

“If all licenses are in use, the supplemental grace period enables users to connect to a product for a limited period of time allowing you to address the issue. The default supplemental grace period is 15 days. During this period there is no limit on connections. After it expires, normal (to the extent of license availability) connection limits are enforced. Users are not disconnected, but as they disconnect, no new connections occur until license levels return to normal. Supplemental grace periods are granted per product and edition and per Subscription Advantage Eligibility date (per product) and only for Retail licenses. For example, if you have two clients requesting XenDesktop Enterprise Concurrent, with different Subscription Advantage Eligibility dates, two supplemental grace periods are granted. Rearming the supplemental grace period – When you take corrective action (for example, installing an additional Retail license), the supplemental grace period is rearmed, and normal license limits are enforced again. If you take action while the supplemental grace period is in force, the License Server exits the supplemental grace period before rearming. When the supplemental grace period is rearmed, you can trigger a new 15 day supplemental grace period the next time you go over the license limit.”

So this behavior is normal and the only way to turn this off would be to follow –

1) Go To:C:Program Files (x86)CitrixLicensingMyFiles

2) Open the file: “CITRIX.opt” with Notepad.

3) At the bottom of that file, add

“#CITRIX SGPOFF”

4) Save

5) Restart all Citrix Services (or Reboot)

to remove supplemental all together or to add new license files.

It is worth noting that the Supplemental Grace Period is normal when a user goes over the allotted number of Citrix license. It is also normal for the error to show up in Director even after no SGP licenses are being used. The SGP is a one time grace period that last 15 days. After this there can be no more SGP licenses applied to uses but normal ICA licensing will occur. The idea is that you have 15 days to correct the issue before the SGP and only the SGP licenses expire. The only way to rearm is to buy more.

Related:

  • No Related Posts

Citrix Director Displays “In Supplemental Grace Period Time until grace expires”

The site went over the number of licenses about 9 days ago which triggered the Supplemental Grace Period.

According to the Citrix Documentation: https://docs.citrix.com/en-us/licensing/current-release/license-types.html#supplemental-grace-period

“If all licenses are in use, the supplemental grace period enables users to connect to a product for a limited period of time allowing you to address the issue. The default supplemental grace period is 15 days. During this period there is no limit on connections. After it expires, normal (to the extent of license availability) connection limits are enforced. Users are not disconnected, but as they disconnect, no new connections occur until license levels return to normal. Supplemental grace periods are granted per product and edition and per Subscription Advantage Eligibility date (per product) and only for Retail licenses. For example, if you have two clients requesting XenDesktop Enterprise Concurrent, with different Subscription Advantage Eligibility dates, two supplemental grace periods are granted. Rearming the supplemental grace period – When you take corrective action (for example, installing an additional Retail license), the supplemental grace period is rearmed, and normal license limits are enforced again. If you take action while the supplemental grace period is in force, the License Server exits the supplemental grace period before rearming. When the supplemental grace period is rearmed, you can trigger a new 15 day supplemental grace period the next time you go over the license limit.”

So this behavior is normal and the only way to turn this off would be to follow –

1) Go To:C:Program Files (x86)CitrixLicensingMyFiles

2) Open the file: “CITRIX.opt” with Notepad.

3) At the bottom of that file, add

“#CITRIX SGPOFF”

4) Save

5) Restart all Citrix Services (or Reboot)

to remove supplemental all together or to add new license files.

It is worth noting that the Supplemental Grace Period is normal when a user goes over the allotted number of Citrix license. It is also normal for the error to show up in Director even after no SGP licenses are being used. The SGP is a one time grace period that last 15 days. After this there can be no more SGP licenses applied to uses but normal ICA licensing will occur. The idea is that you have 15 days to correct the issue before the SGP and only the SGP licenses expire. The only way to rearm is to buy more.

Related:

  • No Related Posts

Citrix Director Displays “In Supplemental Grace Period Time until grace expires”

The site went over the number of licenses about 9 days ago which triggered the Supplemental Grace Period.

According to the Citrix Documentation: https://docs.citrix.com/en-us/licensing/current-release/license-types.html#supplemental-grace-period

“If all licenses are in use, the supplemental grace period enables users to connect to a product for a limited period of time allowing you to address the issue. The default supplemental grace period is 15 days. During this period there is no limit on connections. After it expires, normal (to the extent of license availability) connection limits are enforced. Users are not disconnected, but as they disconnect, no new connections occur until license levels return to normal. Supplemental grace periods are granted per product and edition and per Subscription Advantage Eligibility date (per product) and only for Retail licenses. For example, if you have two clients requesting XenDesktop Enterprise Concurrent, with different Subscription Advantage Eligibility dates, two supplemental grace periods are granted. Rearming the supplemental grace period – When you take corrective action (for example, installing an additional Retail license), the supplemental grace period is rearmed, and normal license limits are enforced again. If you take action while the supplemental grace period is in force, the License Server exits the supplemental grace period before rearming. When the supplemental grace period is rearmed, you can trigger a new 15 day supplemental grace period the next time you go over the license limit.”

So this behavior is normal and the only way to turn this off would be to follow –

1) Go To:C:Program Files (x86)CitrixLicensingMyFiles

2) Open the file: “CITRIX.opt” with Notepad.

3) At the bottom of that file, add

“#CITRIX SGPOFF”

4) Save

5) Restart all Citrix Services (or Reboot)

to remove supplemental all together or to add new license files.

It is worth noting that the Supplemental Grace Period is normal when a user goes over the allotted number of Citrix license. It is also normal for the error to show up in Director even after no SGP licenses are being used. The SGP is a one time grace period that last 15 days. After this there can be no more SGP licenses applied to uses but normal ICA licensing will occur. The idea is that you have 15 days to correct the issue before the SGP and only the SGP licenses expire. The only way to rearm is to buy more.

Related:

  • No Related Posts

Citrix Director Displays “In Supplemental Grace Period Time until grace expires”

The site went over the number of licenses about 9 days ago which triggered the Supplemental Grace Period.

According to the Citrix Documentation: https://docs.citrix.com/en-us/licensing/current-release/license-types.html#supplemental-grace-period

“If all licenses are in use, the supplemental grace period enables users to connect to a product for a limited period of time allowing you to address the issue. The default supplemental grace period is 15 days. During this period there is no limit on connections. After it expires, normal (to the extent of license availability) connection limits are enforced. Users are not disconnected, but as they disconnect, no new connections occur until license levels return to normal. Supplemental grace periods are granted per product and edition and per Subscription Advantage Eligibility date (per product) and only for Retail licenses. For example, if you have two clients requesting XenDesktop Enterprise Concurrent, with different Subscription Advantage Eligibility dates, two supplemental grace periods are granted. Rearming the supplemental grace period – When you take corrective action (for example, installing an additional Retail license), the supplemental grace period is rearmed, and normal license limits are enforced again. If you take action while the supplemental grace period is in force, the License Server exits the supplemental grace period before rearming. When the supplemental grace period is rearmed, you can trigger a new 15 day supplemental grace period the next time you go over the license limit.”

So this behavior is normal and the only way to turn this off would be to follow –

1) Go To:C:Program Files (x86)CitrixLicensingMyFiles

2) Open the file: “CITRIX.opt” with Notepad.

3) At the bottom of that file, add

“#CITRIX SGPOFF”

4) Save

5) Restart all Citrix Services (or Reboot)

to remove supplemental all together or to add new license files.

It is worth noting that the Supplemental Grace Period is normal when a user goes over the allotted number of Citrix license. It is also normal for the error to show up in Director even after no SGP licenses are being used. The SGP is a one time grace period that last 15 days. After this there can be no more SGP licenses applied to uses but normal ICA licensing will occur. The idea is that you have 15 days to correct the issue before the SGP and only the SGP licenses expire. The only way to rearm is to buy more.

Related:

  • No Related Posts

Citrix Director Displays “In Supplemental Grace Period Time until grace expires”

The site went over the number of licenses about 9 days ago which triggered the Supplemental Grace Period.

According to the Citrix Documentation: https://docs.citrix.com/en-us/licensing/current-release/license-types.html#supplemental-grace-period

“If all licenses are in use, the supplemental grace period enables users to connect to a product for a limited period of time allowing you to address the issue. The default supplemental grace period is 15 days. During this period there is no limit on connections. After it expires, normal (to the extent of license availability) connection limits are enforced. Users are not disconnected, but as they disconnect, no new connections occur until license levels return to normal. Supplemental grace periods are granted per product and edition and per Subscription Advantage Eligibility date (per product) and only for Retail licenses. For example, if you have two clients requesting XenDesktop Enterprise Concurrent, with different Subscription Advantage Eligibility dates, two supplemental grace periods are granted. Rearming the supplemental grace period – When you take corrective action (for example, installing an additional Retail license), the supplemental grace period is rearmed, and normal license limits are enforced again. If you take action while the supplemental grace period is in force, the License Server exits the supplemental grace period before rearming. When the supplemental grace period is rearmed, you can trigger a new 15 day supplemental grace period the next time you go over the license limit.”

So this behavior is normal and the only way to turn this off would be to follow –

1) Go To:C:Program Files (x86)CitrixLicensingMyFiles

2) Open the file: “CITRIX.opt” with Notepad.

3) At the bottom of that file, add

“#CITRIX SGPOFF”

4) Save

5) Restart all Citrix Services (or Reboot)

to remove supplemental all together or to add new license files.

It is worth noting that the Supplemental Grace Period is normal when a user goes over the allotted number of Citrix license. It is also normal for the error to show up in Director even after no SGP licenses are being used. The SGP is a one time grace period that last 15 days. After this there can be no more SGP licenses applied to uses but normal ICA licensing will occur. The idea is that you have 15 days to correct the issue before the SGP and only the SGP licenses expire. The only way to rearm is to buy more.

Related:

  • No Related Posts