citrix – JGSpiers.com

I’ve been meaning to write up about this for a while now ever since creating the original Citrix FAS and SAML related blog posts upon the release of StoreFront 3.9.

One of the Microsoft Active Directory features that can be used to extend the functionality of Citrix Federated Authentication Service is a feature called Authentication Mechanism Assurance.

Using this feature, we can control access to the likes of files, folders and other security controlled objects based on if our logging on users have authenticated with a certificate or not. Since FAS issues certificates to our users and presents those to the VDA, there is very little extra work needed to make use of this.

Think of the scenario which we will follow in this post. We have file shares that should only be accessed by users who have authenticated with a Smart Card. If a user does not have a Smart Card, they use username and password as normal, but they shouldn’t be granted access to the confidential file shares.

Before you begin, you need to deploy Citrix FAS and ADFS. To do that, see http://www.jgspiers.com/adfs-authentication-direct-to-storefront-3-9-using-saml-and-citrix-federated-authentication-service/

Note: This solution uses ADFS. As users browse to StoreFront they are redirected to ADFS for authentication. Once they provide credentials SAML is used to send an assertion to StoreFront which will in turn generate a certificate to our authenticating user which is used to authenticate with the VDA when an application and/or desktop is launched.

Note: In this example I am demonstrating access to a file share. You could use this feature to control access to files, file shares, applications, printers and so on.

Once you have FAS fully working in your environment, you can carry on with the below.

Requirements:

FAS fully functional including ADFS and Microsoft Active Directory Certificate Services.
Windows Server 2008 R2 Domain Controllers at a minimum.
Domain Functional Level set to Windows Server 2008 R2 at a minimum.

Open the Active Directory Certificate Services console and right-click Certificate Templates -> Manage.

Locate template Citrix_SmartcardLogon and right-click Properties. Click the Extensions tab, highlight Issuance Policies and click Edit.

Click Add to add a new Issuance Policy.

A couple are created by default, and you can create your own. For now we can simply use the Medium Assurance policy. Highlight this policy and click OK.

Click OK.

The next step involves the creation of two scripts. The scripts are called Get-IssuancePolicyToGroupLink.ps1 and Set-IssuancePolicyToGroupLink.ps1. Both scripts are available from TechNet Step 3. Create both scripts on your Domain Controller under C:\.

Now on your Domain Controller launch Active Directory Module for Windows Powershell.

Type command Get-IssuancePolicyToGroupLink.ps1.

This script will list the Issuance Policies available in your domain and display any that are linked to groups. Just to confirm, there are no Issuance Policies linked to groups at this stage.

To link an Issuance Policy (in our case the Medium Assurance policy) to groups we need to first create a group in Active Directory. The group must be a Universal Security group. This group will then become a part of a user’s kerberos ticket when they log on to the VDA with a certificate. The group will also be granted access to the confidential file share.

Once the group is created return back to PowerShell and this time we will be running the Set-IssuancePolicyToGroupLink.ps1 script. For parameter IssuancePolicyName specify Medium Assurance. For parameter groupOU specify the Organizational Unit name that is home to the security group you just created. For parameter groupName specify the Universal Security group name you just created.

Next create a file share which is locked to only members of the Universal Security group as below.

Click Done. Only members of CitrixFASAuth will be able to access the \\dc\confidential share. Only users who authenticate via Citrix FAS are added to the CitrixFASAuth group using Authentication Mechanism Assurance.

I proceeded to log on to the VDA using FAS. I also was able to access the Confidential file share. If accessing the VDA without authenticating using FAS, I was denied access.

Using whoami /groups when logged on to the VDA I can confirm that my account is added to the CitrixFASAuth group. As soon as a log off, I will not be a member of that group until I authenticate using a certificate again.

Note: If you have issued certificates to users via FAS before configuring Authentication Mechanism Assurance, you will have to remove those cached certificates from FAS to allow new ones to be generates with the Issuance Policy extension included in the new certificate. You can use cmdlet Remove-FASUserCertificate on all FAS servers.

Windows Server 2012 R2 Optimisation Script.

Tested on: Windows Server 2012 R2 build 9600.

Description: This script disables services, disables scheduled tasks and modifies the registry to optimise system performance on Windows Server 2012 R2 running in a Citrix SBC environment.

Note: This script makes changes to the system registry and performs other configuration changes. As such a full backup of the machine or snapshot if running in a virtual environment is strongly recommended. Carry out full testing before introducing the optimised image to production. You should review ALL optimisations this script makes and determine if they fit in to your environment. Not all optimisations will suit all environemnts. To avoid failure, run PowerShell as an administrator before running this script.

Download (click below):

Windows Server 2012 R2 Optimisation Script (135 downloads)

Any problems with the script or if you want to make your own improvement suggestions then comment below.

Open the script using a text editor or PowerShell ISE to see what exactly the script does.

Have you ever wanted to display the client IP on the front page of StoreFront? This can be useful for support purposes when Thin Clients are used to access Receiver for Web, as an example.

We can do this via some JavaScript and ASP.NET. To make something clear, I am not a developer of any sorts! However I did receive this request and dug in for a solution, and would like to share the solution with others if they get the same request.

When load balancing StoreFront via NetScaler as many do, the client IP is infact the NetScaler SNIP. For this reason we have to insert the client IP in a new HTTP header, named X-FORWARDED-FOR. This is the first step we will take.

On NetScaler, locate and edit your StoreFront Service Group.

Under settings check Client IP and under Header insert X-FORWARDED-FOR. Click OK.

Click Done and then save the running configuration.

Log on to your primary StoreFront server, and navigate to C:\inetpub\wwwroot\Citrix\CitrixWeb\Custom where Citrix\CitrixWeb may be different depending on your store name. Create a file called GetClientIP.aspx.

Insert the following text:

<%@ Page Language="C#" %>
<%=Request.ServerVariables["HTTP_X_FORWARDED_FOR"]%>

Example:

Next edit the existing script.js file.

Towards the end of the file under End of example customization enter the following text:

$(document).ready(function() {
    $.ajax({
        url: 'custom/GetClientIP.aspx',
        success: function(data) {
            $(".customAuthFooter").html(data);
        }
    });
});

Example:

Next edit the existing style.css file.

Towards the end of the file under You may add custom styles below this line enter the following text:

.customAuthFooter
{
font-size:15px;
text-align: right;
color: white;
}

Example:

After all three files have been edited and saved, propagate the changes to any remaining StoreFront servers in your Server Group by clicking on Server Group -> Propagate Changes.

Click Yes.

Receiver for Web will appear as below, with the client IP located in the right hand corner.

Setting font-size:30px in style.css increases the font size as below.

You can also center the IP address, and move it to the top of the web page. To do this change text-align: right to text-align: center in style.css and change .customAuthFooter referenced in both style.css and script.js to .customAuthHeader.

A list containing the majority of Citrix App Layering support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

The page is updated daily with new support articles and information. Articles will change from time and if information here is outdated or incorrect please let me know using the comments. Links may also expire or change so if you find broken links, please again let me know. For each issue, known product versions affected are recorded however that does not mean products versions that aren’t listed are not affected.

There is a search box that you can use if looking for a specific fault. For example if you have an error code or error message, use that to perform a search. You can also use your browsers search feature which will perform a search against the whole page based on the words you enter.

App Layering:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Applicable Product Versions Affected (if known)	Link to supplemental Support Article(s)
18	Published image (Unidesk Desktop) or Packaging Machine blue-screens with STOP code 0x75640007.	This STOP error comes from the App Layering Filter driver. It specifically means not all of the required layers were mounted within 10 minutes. As the layers should appear instantly when Windows boots up, Citrix assumes there is a problem and blue-screens the machine so that the process can be retried. The most common cause for layer mounting failures are policies/software blocking access to removable drives.		https://support.citrix.com/article/CTX226759
19	When installing the App Layering Agent on a PVS server that has a French Windows OS installed, you receive the following failure message: "An error occured when executing netsh".	The agent still installs, however you must manually perform the steps that have failed. Assign and SSL Certificate to port 8016 and manually run NETSH as an administrator.		https://support.citrix.com/article/CTX225948
20	Whilst logged on to the App Layering Management Console, you get unexpected errors and disconnects. From the console you may also see "Connectivity Failure" or "No connection to Layering Service".	Reboot the Enterprise Layer Manager appliance. This allows the internal services to reconnect to each other and is the most likely solution.	Citrix App Layering 4.x.	https://support.citrix.com/article/CTX226405
21	Windows 10 major upgrade may result in new Recovery Volume partition.	Make sure to remove the volume using diskpart before finalising the OS Layer. Failure to do so could result in desktops failing to boot correctly. This also applies to booting Virtual Machines via PVS.		https://support.citrix.com/article/CTX226407
22	"SYSTEM_THREAD_EXCEPTION_NOT_HANDLED CVhdMP.sys" message when booting images created by App Layering via Citrix Provisioning Services.	Check that there are no ghost network adapters in the image. Check the NIC slot number if using VMware ESX. Make sure the Target Devices hardware is not too different from the Packaging Machine. Check the publishing Platform Layer Hypervisor version is set correctly for the Hypervisor you are using. Make sure E1000 NICs are not being used.		http://www.jgspiers.com/0x0000007e-bnistack-failed-vmware/ http://www.jgspiers.com/remove-unused-device-drivers-from-citrix-gold-image/ https://support.citrix.com/article/CTX222191
24	When publishing an image to PVS, you receive the following error: "A failure occurred while publishing the image to PVS server servername (servername.fqdn). Error: The operation being requested was not performed because the user has not logged on to the network. The specified service does not exist. (Exception from HRESULT: 0x800704DD)".	Uninstall then install the App Layering agent again. Try running the install media locally instead of over the network.		https://discussions.citrix.com/topic/388589-after-upgrade-to-app-layering-43-publish-to-pvs-79-failing/
25	You receive various App-V related issues including publishing issues.	Upgrade to App Layering 4.4+	Citrix App Layering 4.2 and 4.3.
26	Unable to import Windows 10 gold image into App Layering. During the import job, you receive the following error: "The CachePoint Appliance could not import the gold image VM to create the Operating System Layer. Error is: Failed to copy folders recursively".	The import fails if the gold image has Windows Updates from Feburary 2017 and newer installed. From the gold image, delete file "Microsoft.MicrosoftOfficeHub".		https://support.citrix.com/article/CTX222733
27	When trying to create or edit a connector, you receive a "Authentication Failed (401)" error. This is a problem caused by long-running Active Directory queries inside the ELM appliance create a database lock that causes the rest of the connector transaction to timeout.	Upgrade to App Layering 4.3+. This version introduces some improvements however some issues still remain.		https://support.citrix.com/article/CTX224176
28	When clicking the search box within Outlook 2016/2013 in an Elastic Layered image, a prompt for credentials is displayed and an installer launches and hangs.	Install the Windows Search Service in a new OS Layer version.		https://support.citrix.com/article/CTX224077

A list containing the majority of Citrix AppDNA support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

AppDNA:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Link to supplemental Support Article(s)
1	After upgrading to AppDNA 7.13 the console fails to start with error "AppDNA has stopped working".	Turn off CEIP.	https://support.citrix.com/article/CTX224986
2	When importing an App-V application in to AppDNA you receive error "Starting task. Failed task Appv to msi task. File name is too long".	Reduce the length of the file path to less than 255 characters.	https://support.citrix.com/article/CTX225670
3	When installing AppDNA you receive error "Error 1920.Service AppDNA LicenseServer failed to start".	Disable FIPS on the server before installing AppDNA.	https://support.citrix.com/article/CTX230472

A list containing the majority of Citrix XenApp/XenDesktop and Azure support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

Azure, Citrix XenApp Essentials and XenDesktop Essentials:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Link to supplemental Support Article(s)
1	In a multi-zone XenDesktop site, the DDC in Azure fails to connect to an on-premise DDC. VDAs in Azure are also listed as unregistered.	Set the primary domain controller (PDC) as the primary time source for the domain and enable the PDC to sync its time with an external reliable time source.	https://support.citrix.com/article/CTX206522
2	VDAs in Azure are powering up, registering and then powering off again. This process continues as a reboot cycle. Users can not launch applications as a result.	The Cloud Connectors were running Windows Server 2016. Installation of MS Hotfix KB4025339 resolves the issue.	https://support.citrix.com/article/CTX226240
3	The creation, updating and deletion of MCS Machine Catalogs from Azure Resource Location fails. Running a Host Connection test and Resources test results in error message "Contact Citrix Support". A CDF trace on the Delivery Controller shows an exception when trying to enumerate the Azure Storage Account details.	This was caused by an earlier Azure outage resulting in missing tags. Add the missing tags manually to the Azure Storage Account. MCS Storage Account on Azure was missing the tags required for MCS to work correctly.	https://support.citrix.com/article/CTX222848
4	You have configured Azure AD for XenApp Essentials however when users log on to StoreFront they receive error "There was a failure with the mapped account".	This means that the user account has not yet synchronised from your on-premises Active Directory to Azure AD. The synchronisation process can take up to 2 hours.	https://support.citrix.com/article/CTX227065
5	When trying to link Azure subscription to a catalog, you get a message that the subscription has already been linked, however the subscription does not show in Azure subscription tab.	This is due to lack of premissions on Azure for the XenApp Essentials service and the account adding the subscription.	https://support.citrix.com/article/CTX226977
6	Machines in Azure are not being started fast enough to cover increased user load.	Support for Azure ARM is continually improving. One of the new features is on demand provisioning of virtual machines. To take advantage of this benefit, recreate your machine catalogs.	https://support.citrix.com/article/CTX227833

A list containing the majority of Citrix Cloud support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

Citrix Cloud:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Applicable Product Versions Affected (if known)	Link to supplemental Support Article(s)
1	VDA failed to register with Delivery Controller with Event Log ID 1022.	Restarting the Cloud Connector server helps to reset the faulted channel. The Microsoft.ServiceBus.Channel which is used by the Cloud Connector to communicate with Citrix managed Delivery Controllers may be in a faulted state.	Citrix XenApp and XenDesktop Service	https://support.citrix.com/article/CTX225605
2	Citrix Cloud Connector fails to update and is unable to exit maintenance mode. This results in an outdated connector that is unable to handle service requests. This can be caused by conflicting software installed on the Cloud Connector server that blocks updates or an unexpected error occuring during maintenance.	Delete Cloud Connector from Citrix Cloud and uninstall the Cloud Connector followed by installing the newest version.		https://support.citrix.com/article/CTX224073
3	From an on-premises location, user is unable to access cloud hosted StoreFront website. The same website can be accessed from external locations.	Configure proxy server to allow traffic to XenApp and XenDesktop URLs such as https://*.xendesktop.net.	Citrix XenApp and XenDesktop Service	https://support.citrix.com/article/CTX223020
4	Cloud Connector does not complete its initial installation due to inability to validate the code signing certificate.	The Citrix Cloud Connector being installed does not trust the primary or intermediate certificate which is used to sign the .exe bundle that installs the Citrix Cloud provider services. This is usually not an issue if Windows Updates are allowed and the Cloud Connector server is patched.		https://support.citrix.com/article/CTX223828
5	User unable to log on to mdx.xm.cloud.com.	Make sure to invite the user as an administrator within Citrix Cloud under "Identity and Access Management". Once the invite is sent and accepted, the user should gain access.		https://support.citrix.com/article/CTX227458
6	Citrix Studio does not start and you receive a "Snap-in Unavailable" error.	Clear idle and disconnected sessions for the administrator attempting to launch Studio.	Citrix XenApp and XenDesktop Service	https://support.citrix.com/article/CTX227672
7	When using Citrix Cloud and an on-premises StoreFront server configured for SAML authentication, when the Receiver for Web session times out you receive error "Please close your browser to protect your account".	Add "CTXS.allowReloginWithoutBrowserClose = true" to "C:\inetpub\wwwroot\Citrix\Web\custom\script.js".	Citrix XenApp and XenDesktop Service.	https://support.citrix.com/article/CTX227673
8	When you look at the brokering time from Citrix Studio in a Citrix Cloud environment, you will notice the time is displayed in UTC timezone.	There is no current way to change this, but there is currently an enhancement request with Citrix.		https://support.citrix.com/article/CTX228699
9	The XenApp and XenDesktop Service status shows as pending.	The customer trial had expired.		https://support.citrix.com/article/CTX229425
10	XenMobile Service on Citrix Cloud fails to connect to on-premises PKI/StoreFront servers with error "Connection Failed".	This happens when the proxy does not honour wildcard certificates when they are specified in the bypass list. Follow the CTX article for workaround steps.	Citrix XenMobile Service.	https://support.citrix.com/article/CTX229792

A list containing the majority of Desktop Lock support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

Desktop Lock:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Applicable Product Versions Affected (if known)	Link to supplemental Support Article(s)
1	After locking and then later unlocking a Desktop Lock enabled client, the application windows within the Citrix session appear behind the taskbar.	The only way to resolve this issue is to logout from the session and then log back in again. You could also edit the registry to turn off ICA session disconnects when a machine is locked.	XenApp 7.6, XenDesktop 7.6.	https://support.citrix.com/article/CTX223258
2	When client is locked via Start Menu -> Lock, the user is required to log in to the client device and then VDA. The same issue does not occur when locking via CTRL+ALT+DEL.	This is by design. Citrix can only pass the first credentials to a disconnected session. If the session is active, there is no way to pass the credential without prompting twice.	Citrix Receiver Desktop Lock 4.3 and 4.4.	https://support.citrix.com/article/CTX207832
3	After upgrading Desktop Lock from 4.4 to 4.5, desktops launch but get stuck at logon.	Install Microsoft Visual C++ 2005 SP1 Redistributable Package MFC Security Update on the client machine running Desktop Lock.	Citrix Desktop Lock 4.5 and Windows 7.	https://support.citrix.com/article/CTX218583
4	After installing Desktop Lock a black background is displayed with Windows Explorer showing when you log on as a local administrator.	Make sure your antivirus product is not preventing "CtxExplorerLauncher.exe" from launching. This file is configured to automatically launch at logon to detect when an administrator logs on.		https://support.citrix.com/article/CTX215494

A list containing the majority of Citrix Director support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

Citrix Director:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Applicable Product Versions Affected (if known)	Link to supplemental Support Article(s)
1	The Custom Reports Tab is missing from Trends in Director.	You require Delivery Controllers running 7.12 or later and Platinum licenses.		https://support.citrix.com/article/CTX225891
2	Within Trends -> Sessions -> Session Details, sometimes information will not load when you explicitly select any Delivery Group. For example, if 500 sessions are connected, you may only see 3 and a "No data available for specified time period" message.	This issue is fixed in XenApp and XenDesktop 7.14.1.	XenApp and XenDesktop 7.13.	https://support.citrix.com/article/CTX225853
3	Within the monitoring SQL database, the MonitorData.Session table shows a "NULL" value for all sessions and Director does not report Average Logon Duration for all sessions.	The Security Descriptor was customised on each VDA denying permission to the Network Service Account which runs UPMPlugin. This permission issue prevented the Desktop Ready event from being logged to Event Viewer.		https://support.citrix.com/article/CTX225857
4	You receive message "Unexpected error. Check your network connection or view Director server event logs for further information".	A private fix is available for Director versions 7.13 and 7.14 with a public fix expected to be integrated in the next release.	XenApp and XenDesktop 7.13, 7.14.	https://support.citrix.com/article/CTX225784
5	When you point Director to a specific Delivery Controller you receive message "Cannot retrieve data".	A duplicate SPN is causing Kerberos authentication failures. Remove the duplicate SPN registered against affected Delivery Controller.	XenApp 7.6 LTSR CU4 to XenApp 7.14.	https://support.citrix.com/article/CTX225294
6	The failed Desktop/Server OS counter on Director Dashboard does not change even after all of the desktops are registered.	You can perform a workaround by deleting the stale records from SQL however it is advised that you upgrade to XenDesktop 7.12 for a permanent fix.	XenDesktop 7.11 and lower.	https://support.citrix.com/article/CTX225139
7	You are presented with a "HTTP 500 Internal Server Error" when browsing to the Director site.	Install ASP.NET 4.5 and validate all other Director system requirements.		https://support.citrix.com/article/CTX207694
8	Under Trends and when browsing to the Logon Performance or Single Application tabs, you get error "Cannot retrieve the data. Data source is unresponsive or reported an error".	It is advised that you contact Citrix Support to figure out which records in which Monitor Database table contain two dates with a gap larger than 596.5 hours. These records need removed manually to revoer the Director page.		https://support.citrix.com/article/CTX222824
9	When viewing Session Details, latency shows as "...".	You need to re-register the ICA and Windows performance counters.		https://support.citrix.com/article/CTX207897
10	Director may show incorrect data when compared to Studio for statistics such as the number of active sessions.	A hotfix is available.	XenApp and XenDesktop 7.11.	https://support.citrix.com/article/CTX223910

A list containing the majority of Citrix Federated Authentication Service support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

Federated Authentication Service:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Applicable Product Versions Affected (if known)	Link to supplemental Support Article(s)
1	The Citrix FAS manual authorisation request does not reach the Certificate Authority server. WireShark traces show the FAS server throwing an error "nca_s_fault_access_denied".	DCOM security settings for the Issuing Certificate Service had not been updated. You must manually run three commands to rectify.	XenDesktop 7.9 to 7.15.	https://support.citrix.com/article/CTX225236
2	An application launch results in a failure with error "Cannot Start App" after enabling FAS. On StoreFront Event ID 28 is logged and on the FAS server Event ID 123 is logged.	Deauthorise the FAS service using the FAS configuration console and then authorise the FAS service again. This is recommended after a change to the Certificate Auhtority server that FAS is pointed towards.	StoreFront 3.9 to 3.11.	https://support.citrix.com/article/CTX224802
3	Users from one domain cannot obtain a FAS user certificate from another domain. Event Viewer on StoreFront contains events with message "Error: Citrix.Authentication.FederatedAuthenticationService Error 102".	Add the StoreFront, FAS and VDA servers from one domain to the other domain's "Windows Authorization Access Group".		https://support.citrix.com/article/CTX220497
4	When launching the Citrix FAS Configuration console, upon selecting a FAS server and clicking OK you receive error "Error connecting to servername. One or more errors occurred".	Do not use CNAME or A records pointing to a name different than the FQDN of the FAS server.
5	Application launches fail with "Cannot start app". Event ID 28 is logged on the StoreFront servers which states "An unknown error occurred interacting with the Federated Authentication Service".	If you have created a new FAS User Rule, check the User Rule configured within FAS has been pushed out to StoreFront servers via Group Policy.		https://support.citrix.com/article/CTX229160

A list containing the majority of Internet Explorer, Firefox and Chrome related support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

Internet Explorer, Firefox, Chrome:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Applicable Product Versions Affected (if known)	Link to supplemental Support Article(s)
1	When launching a published desktop you may receive "Unknown Client Error 1110". This only seems to happen when launching the desktop from Firefox.	What happens is Receiver is re-using an .ica file from the previous session. As a workaround you could save the ICA file to disk every time prior to launching it or delete the previous ICA files from temporary folders. A fix for this issue will be released in Receiver for Windows 4.11.	Mozilla Firefox.	https://support.citrix.com/article/CTX227354
13	Workspace Control reconnects to only one application session instead of all the disconnected sessions.	This issue currently exists when using Chrome to access Receiver for Web. You must manually click on each disconnected application.	Citrix StoreFront 3.12 and Google Chrome.
2	If you log on to SharePoint 2013 through Clientless VPN, you cannot use Internet Explorer to open a Word ".doc" document.	This is a known issue. Use Firefox or Chrome.	NetScaler 11.1.53.11 and still exists in 12.0.53.6 (August 2017).
3	If you log on to SharePoint through Clientless Access, you cannot add a new item to the calendar if using Internet Explorer.	Use Firefox or Chrome.	NetScaler 12.0.41.16.
4	When using Firefox v51 and later, the NetScaler EPA and VPN plugins do not launch.	This is due to Firefox dropping NPAPI plugin support. This has now been resolved in NetScaler 12.0.51.24.
5	Citrix Receiver can not be detected when browsing to the NetScaler Gateway portal and using the latest versions of Firefox.	Firefox dropped support for NPAPI plugins which causes this issue. This is now resolved in NetScaler 11.1.55.10 and 12.0.51.24 builds.
6	EPA scans fail occasionally with Safari or Firefox web browsers and display error "3006".	Install the NetScaler Gateway plug-in on the client machines before EPA scans are performed.		https://support.citrix.com/article/CTX127026
7	Unable to launch applications from NetScaler Gateway using Google Chrome if "Client Selective Trust (CST)" is enabled.	This is a known issue. Follow the steps from the CTX article to configure Google Chrome so that you can access resources via NetScaler Gateway with CST enabled.	Google Chrome.	https://support.citrix.com/article/CTX221662
8	After switching off Client Choices, users are still asked to make a selection.	This was an issue with Internet Explorer Enterprise Mode.
9	Internet Explorer 8 does not display the NetScaler Gateway portal correctly when the portal theme is set to "Default", "Greenbubble" or "X1".	This is a known issue and a bug "ID 669942" is currently open.		https://support.citrix.com/article/CTX227539

A list containing the majority of Citrix Licensing support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

Licensing:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Applicable Product Versions Affected (if known)	Link to supplemental Support Article(s)
1	Communication fails when securing licensing communication between XenDesktop (DDC) 7.9 and the License Server using TLS v1.2 or TLS v1.1.	This is a known bug and you must upgrade to XenDesktop 7.11+ and License Server 11.14+.	XenDesktop 7.9.	https://support.citrix.com/article/CTX222821
2	When running "lmstat -a" from CMD you are returned an error "Error getting status: Cannot find license file".	Run command "lmstat -a -c PathToLicenseMyFilesDirectory"	Citrix Licensing 11.9 to 11.12.	https://support.citrix.com/article/CTX129745
3	When browsing to the Citrix Licensing Manager console a generic Firefox error appears.	Perform a hard refresh (CTRL+F5).	License Server 11.14 build 19005 and Firefox.
4	On the VDA you see Event ID 1050 "Connection validation failed on domain for user for reason 'Unlicenses'".	This is caused by the Delivery Controllers not trusting the Citrix License Server when configured for HTTPS communication. This can be due to the License Server certificate expiring.		https://support.citrix.com/article/CTX228131

A list containing the majority of Citrix Machine Creation Services support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

Machine Creation Services:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Applicable Product Versions Affected (if known)	Link to supplemental Support Article(s)
1	Machines provisioned by MCS are prompting for a restart on every boot.	The machines had been configured with a VMware Paravirtualization SCSI controller type. Changing the SCSI Controller on the Master MCS Image to LSI Logic SAS fixes the issue.	XenApp and XenDesktop 7.14.	https://support.citrix.com/article/CTX226475
2	VDA machines may show as "Stuck on Boot" within Citrix Studio and appear under the "Registration Missing" tab in the Delivery Group's details tab even though they are registered and serving users.	This issue affects VDAs hosted on Nutanix Acropolis and has been fixed in XenApp and XenDesktop 7.14.1.	XenApp and XenDesktop 7.9 to 7.13.	https://support.citrix.com/article/CTX225850
3	After updating an MCS Machine Catalog, new applications and/or updates are unavailable to the VDAs after they have been rebooted. The power state of each VDA also appears as "Unknown".	Run a "Get-BrokerHypervisorConnection" and look for the Delivery Controller which reports "State: Unavailable". For the affected Delivery Controller, restart the Citrix Broker Service.		https://support.citrix.com/article/CTX225293
4	When creating a Machine Catalog you receive error "XDDS:4A5116C7".	Free up resources on the vSphere datastore associated with your hosting connection. If that does not work, remove the resource from Studio and add it back.	Citrix XenDesktop 7.6.	https://support.citrix.com/article/CTX201776
5	Machines do not register and policies do not apply after DST changes are implemented.	This happens when the Kerberos handshake fails due to Group Policy client loading before the Windows Time service. Log on to the master MCS virtual machine, run "w32tm /resync /nowait" and then update the Machine Catalog.		https://support.citrix.com/article/CTX218718
6	Machine creation via MCS failed with error "Error ID: XDDS:0DAA3833: An error occured while preparing an image".	As a result of Microsoft Security Bulletin "MS16-065" changes have been made to .NET Framework which cause incompatibilities with some applications that are based on .NET. As a workaround, refer to the Microsoft documentation as linked in the CTX article.		https://support.citrix.com/article/CTX221448
7	Virtual Machines created on XenServer by MCS in XenDesktop 7.12 report missing XenTools, XenDrivers and the network adapter on the VMs shows as a "Realtek" adapter instead of the Xen adapter.	Upgrade to XenDesktop 7.14. If that is not possible, contact Citrix Support for a private fix.	Citrix XenApp and XenDesktop 7.12.	https://support.citrix.com/article/CTX220053
8	When using MCS I/O Optimisation for a catalog containing 32-bit VMs with a RAM cache greater than 256MB can cause the Operating System to stop.	To prevent this, configure less RAM cache. This is also resolved in XenApp and XenDesktop 7.14.
9	Machines created via MCS and configured with a RAM Cache and HDD overflow disk will not boot and the machines freeze at the Windows logo.	Change the "TargetCacheSize" DWORD value from "32" to "256" under "HKLM\System\CurrentControlSet\Services\CtxMcsWbc" on your master image and update the Machine Catalog.	Citrix XenDesktop 7.12.	https://support.citrix.com/article/CTX220740
10	When selecting a Master Image during Machine Catalog creation you receive error "You must select a disk image with at least one network card",	This can happen if you have a VM imported from a previous version of XenServer into a higher version. Create a diskless VM but do not start it. Detach the disk associated to the problematic VM and attach it to the newly created diskless VM. Create a Machine Catalog using this VM as the template.		https://support.citrix.com/article/CTX222490

A list containing the majority of Citrix NetScaler support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

NetScaler:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Applicable Product Versions Affected (if known)	Link to supplemental Support Article(s)
1	In the Persistency Table, you can only see one backend server connection mapped to the source client however when running command "show ns connection table" you can see connections from the source client to multiple backend servers.	Upgrade to 11.1.54.14.		https://support.citrix.com/article/CTX227016
2	When more than one interface is in the same vLAN, you observe MAC moves and MAC conflicts between the NICs.	Move the affected NICs in to different VLANs or else aggregate the interfaces in to a link aggregated channel.		https://support.citrix.com/article/CTX224626
3	When editing a document through the local machine you receive error "Cannot open a file, incorrect syntax or file path".	A WireShark trace shows that the client was sending a request to a server not configured on any of the Content Switching policies. Once the server was mapped to a Load Balanced Virtual Server the document was editable through the local machine.		https://support.citrix.com/article/CTX226892
4	Content Switching Virtual Server sends traffic to the wrong Load Balancing Virtual Server, resulting in users receiving 404 HTTP responses.	Enable "Drop Invalid HTTP Headers" on NetScaler. When the Content Switch receives HTTP invalid/corrupt header next packets from the same source IP the client may be redirected to an incorrect destination.		https://support.citrix.com/article/CTX226724
5	When trying to add a new node to a cluster, you receive rrror "Invalid interface name/number".	Make sure you are not using an incorrect backplane interface ID number.		https://support.citrix.com/article/CTX220432
6	When connecting to RDP via NetScaler Clientless VPN bookmarks, the RDP window terminates with error "An internal error has occured" and the NetScaler resets the backend connection with reset code 9952.	This is caused by a domain mismatch in the LDAP Profile. The SSO Name attribute should be set to "SamAccountName".		https://support.citrix.com/article/CTX226709
7	In a High Availability setup, an unusually large spike in the number of persistent connections may result in under performance of the Secure Socket Funneling channel between the primary and secondary node. This under performance can eventually lead to session build up on the primary node and cause persistence to fail. Users are then sent to backend servers based on the Load Balancing method.	This is a known issue and will be resolved from NetScaler versions 12.0.53.x, 11.1.56.x and 11.0.70.x. As a workaround you can enable Nagle's Algorithm and disable Window Scaling on the "nstcp_internal_apps" TCP profile.		https://support.citrix.com/article/CTX226583
8	You are unable to bind multiple services to a Load Balancing Virtual Servr at the same time using the GUI.	Upgrade to NetScaler version 11.1.53.x.	NetScaler 11.1.51.x and 11.1.52.x.	https://support.citrix.com/article/CTX226582
9	The NetScaler Gateway Plugin interrupts DHCP requests that should be sent through the physical interface. Instead these requests are sent through the VPN tunnel.	This is a known issue. For Windows devices, the issue is fixed in 11.1 and 11.0.67.x. For MAC, a fix should be coming as part of the "High Sierra" MAC plugin update.		https://support.citrix.com/article/CTX226379
10	Applications launched through NetScaler fail with no specific error. The loading dialog box appears and then dissapears. There is no issue with launches internally via StoreFront direct.	NetScaler tried to resolve the VDAs FQDN over UDP and the DNS response is received with a truncated bit. NetScaler should initiate a DNS query over TCP for the same FQDN but does not. This issue is being worked on by Citrix. As a workaround you can either add the VDA FQDN as a DNS A record directly on NetScaler or else reduce the size of the DNS response so that it can be accomodated in 512 bytes.		https://support.citrix.com/article/CTX226338

A list containing the majority of Citrix NetScaler Management and Analytics System support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

NetScaler Management and Analytics System:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Applicable Product Versions Affected (if known)	Link to supplemental Support Article(s)
1	MAS is taking a system backup twice daily rather than once. Both backups are happening almost at the same time.	This is a known issue. Upgrade to MAS 11.1.52.13.	Citrix NetScaler MAS 11.1.51.21.	https://support.citrix.com/article/CTX222435
2	HDX Insight no longer showing any data after upgrade of MAS to build 11.1.51.21.	This is a known issue. Upgrade to MAS 11.1.53.11.	Citrix NetScaler MAS 11.1.51.21.	https://discussions.citrix.com/topic/383828-mas-111-5121-hdx-insight-not-working
3	Citrix Director does not show data from MAS under the Network tab,	Upgrade to MAS 11.1.52.15.	Citrix NetScaler MAS 11.1.	https://support.citrix.com/article/CTX220694
4	NetScaler MAS does not display Load Balanced VIPs.	This is due to user hitting "Enter" in the Load Balanced Virtual Server comments section. This creates "\n" characters which MAS does not like. These characters need to firstly be removed.		https://support.citrix.com/article/CTX220700
5	The restore of an HA node on standalone NetScaler MAS appliance fails and hangs at step "Restoring NetScaler Management and Analytics System database".	Fix is scheduled for MAS 11.1.52.15 build. There is a workaround which involves killing the "psql" process as documented in the CTX article.	Citrix NetScaler MAS 11.1 to 12.0.	https://support.citrix.com/article/CTX220968
6	Restore of NetScaler MAS to a previous backup may fail.	You can stop the restore process by logging on to the MAS shell, deleting the resume restore file and rebooting the MAS appliance.	Citrix NetScaler MAS 11.1 to 12.0.	https://support.citrix.com/article/CTX220966
7	Geo Location database is not showing any data on maps in NetScaler MAS 11.1.49.16.	Upgrade to MAS 11.1.50.16.	Citrix NetScaler MAS 11.1.49.16.	https://support.citrix.com/article/CTX219424
8	NetScaler MAS does not display any Insight data if the SNIP IP was used to add the NetScaler appliance.	When adding NetScaler appliances, use the NSIP and not the SNIP address.		https://support.citrix.com/article/CTX227228
9	When attempting to enable Insight on a Virtual Server, the Virtual Server does not appear in the list.	If MAS is configured to manually manage Virtual Servers you'll have to navigate to "Networks -> Licenses -> System Licenses" and choose the Virtual Server you want to manage before you can enable Insight against it.		https://support.citrix.com/article/CTX227349
10	After an upgrade to NetScaler 12 the state of an AppFlow Collector appears DOWN.	From NetScaler 12.0.51.24 onwards, you can view the status of connectivity between the NetScaler SNIP address and AppFlow Collectors by browsing to "System -> AppFlow -> Collectors" or via CLI command "show appflow collector". The state will be down if there is a communication problem between the SNIP and AppFlow Collector. This does not affect AppFlow data exports to AppFlow Collectors, which is done via the NSIP.	Citrix NetScaler 12.0.51.24.	https://support.citrix.com/article/CTX227438

A list containing the majority of Citrix Profile Management support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

Profile Management:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Applicable Product Versions Affected (if known)	Link to supplemental Support Article(s)
1	A bug in Profile Management 5.7 causes "userProfileManager.exe" to consume high memory.	Disable Active Writeback for Registry or else upgrade to Profile Management 5.8 which contains the fix.	Citrix Profile Management 5.7.	https://support.citrix.com/article/CTX224992
2	The Start Menu can become unresponsive after several logons and logoffs on Windows Server 2016 RTM/Windows 10 RS1 when used with Profile Management.	Upgrade to Windows 10 build 1703 (Creators Update/Redstone 2).	Windows 10 and Server 2016 build 1607.	https://support.citrix.com/article/CTX224495
3	Start Menu icons are not saving within the user profile.	You must add directories and files to the "Directories to Synchronize" and "Files to Synchronize" policy settings.
4	When a hyperlink is clicked within Outlook users are asked "How do you want to open this type of link (http)?".	You must configure on a reference machine Internet Explorer to be the default program for HTTP/HTTPS, export the default associations and apply them to all sessions via Group Policy.		https://support.citrix.com/article/CTX220134
5	Occasionally with "Delete locally cached profiles on logoff" configured NTUSER.DAT cannot be deleted. This can occur when using Windows 10 Redstone or Windows Server 2016.	Upgrade to Profile Management 5.7 which contains the fix. For workarounds, enable a delay before deleting the profile which may help to give whichever process is using NTUSER.DAT time to release any locks. Setting a value higher than 40 seconds is highly recommended. Alternatively you could disable the deletion of cached profiles on logoff if you did not need it.	Citrix Profile Management 5.2.	https://support.citrix.com/article/CTX216097
6	Users may experience profile corruption, slow logons or unexpected behaviour if using profiles from differing Windows versions as Roaming or UPM profiles.	The use of profiles across different versions of OS is not supported by Microsoft and may cause undesirable behaviour. It is therefore recommended that profiles covering different Operating Systems are maintained separately and not used across versions. For example, machines running an OS that expect a v4 profile should not receive a v2 profile from Citrix Profile Management and so on. On the other hand Windows 7 profiles are compatible with Windows Server 2008 R2 just as Windows 8 profiles are compatible with Windws Server 2012 for example.		https://support.citrix.com/article/CTX212877
7	File Type Associations fail to roam on Windows Server 2016 and Windows 10 using Citrix Profile Management.	Upgrade to Profile Management 5.8. If you cannot upgrade yet, a workaround is to delete "Speech_OneCore=" from the UPM exclusion list (you are including it for synchronisation) and add "TileDataLayer" to the "Folders to mirror" policy setting.	Citrix Profile Management 5.7.	https://support.citrix.com/article/CTX222433 https://support.citrix.com/article/CTX221380
8	The default browser fails to roam on Windows 10 and Windows Server 2016 using Citrix Profile Management 5.7.	Upgrade to Profile Management 5.8.	Citrix Profile Management 5.7.
9	Citrix Profile Management (UserProfileManager.exe) may crash every 7 days on 32-bit Windows machines.	Upgrade to UPM 7.15 or as a workaround disable CEIP or contact Citrix for a private fix.		https://support.citrix.com/article/CTX224931
10	Ntuser.dat is not copied to the profile store after logging off a Windows 10 VDA. CUPM logs show "The process cannot access the file because it is being used by another process".	Citrix have released a private fix for this issue which causes Profile Management to retry copying ntuser.dat back to the store if the file is in use the first time. A fix is also part of Profile Management 7.16.	Citrix Profile Management 5.8.	https://support.citrix.com/article/CTX226731

A list containing the majority of Citrix Provisioning Services support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

Provisioning Services:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Applicable Product Versions Affected (if known)	Link to supplemental Support Article(s)
1	Target Devices become stuck at "virtual disk found" or "Starting Windows".	This may be caused by software loading drivers into memory during NT-loading. As a workaround, a script has been included in the CTX article which checks for machines that have likely stuck and restarts them.		https://support.citrix.com/article/CTX224259
2	On VMware image conversion fails and the machine becomes stuck at the Windows splash screen.	This can be caused by the master Target Device having both a SATA and SCSI controller attached to it. The SATA controller is normally used for the CD/DVD drive in hardware versions 10 and 11. Change the SATA controller to an IDE controller or remove the CD/DVD component if not needed.	Provisioning Services 7.12.	https://support.citrix.com/article/CTX226954
3	PVS servers are showing as offline within the PVS console and the Event Log is showing Event ID 11 "Undefined Database Error".	This is due to the SQL server being configured for TLS 1.2 which SQL native client version 11.0.2100.60 does not support. Install the latest version of the SQL native client on all PVS servers and then restart each server.	Provisioning Services 7.11 to 7.12.	https://support.citrix.com/article/CTX226526
4	Linux VDA Target Devices fall out of domain after automatic password change duration.	Within the Linux vDisk properties, select "Enable Active Directory machne account password management".	Provisioning Services 7.13 to 7.14.	https://support.citrix.com/article/CTX226607
5	When using the XenDesktop Setup Wizard with System Center Virtual Machine Manager as your Hypervisor broker, you receive error "Error - Has no available templates defined that are fully accessible by all hosts".	From the machine that you are converting in to a VM Template (the master template machine), edit the properties and under "Hardware Configuration" make sure there is a blank formatted cache disk attached. Set the "Guest OS profile" to "None" and make sure your storage names have no special characters.	Citrix Provisioning Services 7.12.	https://support.citrix.com/article/CTX221203
6	After upgrading to Provisioning Services 7.8 your Target Devices no longer boot and stick on the Windows boot screen.	Try setting the Telemetry Service to Delayed Startup or Disabled. Otherwise make sure Group Policy is not set to delete profiles on the PVS Servers after a number of days.	Citrix Provisioning Services 7.8.	https://support.citrix.com/article/CTX215724
7	After running a batch of updates, the Write Cache is not filling up quickly.	This could be due to Microsoft Updates not having properly installed before the image was promoted to production. Revert the image back and make sure update installs are complete, also run a defragmentation against the vDisk.		https://support.citrix.com/article/CTX224523
8	Target Devices perform slowly when a copy and paste vDisk operation in on-going and the vDisk store resides on CIFS storage.	It is a better practice to use DFS-R for vDisk replication on SMB3 storage.		https://support.citrix.com/article/CTX226170
9	Target Device stuck at "Login to Provisioning Services disk services".	If the vDisk is load balanced then change the settings to make it only available from one of the PVS Servers. Next reboot the VDA and test to see if it moves past the sticking point. Keep doing this for each PVS server to see which one is causing the issue. Once you have found the culprit, restart that server.
10	The vDisk auto-update schedule does not take effect or even reconfigure after rebooting the environment.	Reconfigure auto-update from the PVS Server or else manually start the auto-update virtual machine.		https://support.citrix.com/article/CTX205019

A list containing the majority of Citrix Receiver for Android support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

Receiver for Android:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Applicable Product Versions Affected (if known)	Link to supplemental Support Article(s)
1	When launching any application you receive error "Cannot Connect: Error connecting to the session reliability server. Error tunneling through the proxy".	This could be caused by firewall port blockage either internally or externally via NetScaler. It could also be down to STA servers either not configured on NetScaler or down.		https://support.citrix.com/article/CTX225834
2	As you type into an application such as Word or Notepad, the virtual keyboard appears on screen. Eventually after several lines of text some of that text will begin to dissapear underneath the keyboard.	Citrix are aware of this issue and a solution is under investigation.		https://support.citrix.com/article/CTX223986
3	When adding an account to Receiver for Android that goes through NetScaler Gateway, a Receiver for Web logon page appears instead of showing a list of applications.	Disable "Set the unified Receiver experience as the default for this store" within StoreFront.	Citrix Receiver for Android 3.9.1.	https://support.citrix.com/article/CTX216410
4	The keyboard does not automatically display and users have to manually select it to open.	Check the "Automatic keyboard display" policy within Citrix Studio is set to "Allowed".		https://support.citrix.com/article/CTX220263
5	The keyboard does not automatically display when clicking into an editable area of an application such as Word or Notepad. iOS works fine however Android does not behave the same.	iOS operates differently due to underlying functionality and it is expected for Android Receiver versions to not automatically show the keyboard.		https://support.citrix.com/article/CTX223781
6	Receiver for Android may ask for your password twice when logging on to NetScaler Gateway.	This is a known issue. You should only be prompted for the password twice when setting up the account and not thereafter.	Citrix Receiver for Android 3.11.
7	You receive the error message "The server certificate is not trusted" when connecting to NetScaler Gateway.	Stricter certificate validation checks have been included in Receiver for Android 3.12 and above versions. You must make sure that NetScaler provides the complete certificate chain to clients and that none of the certificates in that chain have expired.	Citrix Receiver for Android 3.12.	https://support.citrix.com/article/CTX224709
8	When docking a Samsung S8+ with an existing ICA session to a DeX docking station, the session does not continue on the new display and instead returns error "Error connecting to the session reliability server" or "Error tunneling through the proxy".	Upgrade to Receiver for Android 3.12.2.		https://support.citrix.com/article/CTX227985
9	Receiver for Android might not work properly with NetScaler Gateway integrated with a XenApp Services website.	This is a known issue. Delete and then re-add the account again.	Citrix Receiver for Android 3.13.2.	https://support.citrix.com/article/CTX231776
10	When launching a desktop you receive error "HdxSdkErrorDomain_Session error 8".	This is resolved in a NetScaler update.	Citrix Receiver for Android.	https://support.citrix.com/article/CTX232099

A list containing the majority of Citrix Receiver for HTML5 support articles collated to make this page a one stop place for you to search for and find information regarding any issues you have with the product and its related dependencies.

Receiver for HTML5:

wdt_ID	Brief Description of Issue	Brief Description of Fix	Applicable Product Versions Affected (if known)	Link to supplemental Support Article(s)
1	When launching a desktop or application using Firefox v54 or later you receive a black screen on launch.	Disable "webgl" in Firefox or else disable "webgl" using the "configuration.js" file found on StoreFront.	Firefox 54.	https://support.citrix.com/article/CTX225989
2	Internet Explorer and Firefox can print to the Citrix PDF Printer fine however Chrome v57 prints a blank document.	Upgrade to Receiver for HTML5 2.4.	Receiver for HTML5 2.4 and Chrome 57.	https://support.citrix.com/article/CTX223510
3	Session connections are being dropped without any error.	This is a known issue and is caused by the "Maximum allowed color depth" policy setting. For Windows Server 2008 R2 VDAs set this setting to "16 Bits Per Pixel" and for Windows Server 2012 R2/2016 set this setting to "32 Bits Per Pixel".		https://support.citrix.com/article/CTX225643
4	Director shows IPs of 0.0.0.0 for Receiver for HTML5 connections.	This is a known issue.		https://discussions.citrix.com/topic/378033-director-cant-show-endpoint-ip/
5	Some keyboard combinations do not work through Receiver for HTML5.	This is a known issue, avoid using these combinations.		https://support.citrix.com/article/CTX224158
6	You can only start one instance of an application.	Use Chrome or Firefox. This is currently a limitation with IE and Safari browsers.	Internet Explorer and Safari.	https://support.citrix.com/article/CTX223569
7	After upgrading to NetScaler 12 and with AppFlow (HDX Insight) enabled, HTML5 sessions fail to launch with error "General error. To resolve this issue, please report this to your help desk: 250".	Upgrade to Receiver for HTML5 2.5.	Citrix Receiver for HTML5 2.3.
8	Special keys like Shift, Alt and Tab do not work when using RDP via Reciever for HTML5, resulting in issues typing symbols such as & which required SHIFT.	This isn't an issue with Citrix as such, and there are two workarounds currently available which are explained in the CTX article.		https://support.citrix.com/article/CTX229942

eG Innovations, in conjunction with DABCC, conducted a Citrix Migration Survey between November 2017 and February 2018. 795 Citrix professionals around the world completed the survey and a webinar was hosted in February 2018 to discuss the results.

I was honoured to co-present on this webinar with both Vinod Mohan, Sr. Product Marketing Manager and Srinivas Ramanathan, CEO of eG Innovations.

Watch Webinar: 2018 Citrix Migration Trends

Without any further delay, below I summarise the results of the webinar.

XenApp continues to lead the way:

40% of respondents use XenApp alone, and 93% run a mixture of XenApp and XenDesktop. These results fit well with my thoughts that pure VDI has a more specific organisational use case, such as when staff must receive a more customisable desktop that has a greater connection to them than a shared desktop would, or when greater peripheral support is required. However, the results prove that shared desktops and of course published applications fits the bill for most organisations.

2018 is the year of Citrix Migration to 7.x:

With XenApp 6.5 end of life coming in June of 2018, organisations around the world have made 2018 the year to leap across to the 7.x platform.

70% of organisations aim to be on 7.x by the end of the year, and likely motivating factors of course include XenApp 6.5 EoL however I feel that another factor has been how Citrix closed the feature gap with the latest 7.x releases, including new innovations.

Pre-migration is the customers biggest concern:

To me, it is no surprise when 46% of respondents reported that pre-migration was their biggest concern. As Srinivas mentioned during the webinar, “Migration from 6.x to 7.x requires a lot of pre-planning”. He could not be more correct. Reasons this is so:

You have to plan for the build of a brand new 7.x site, including the build of all the 7.x components.
You also have to make decisions and plan for potentially new operating system deployments, new SQL version deployments, new hypervisor deployments, and so on.
You have to factor in re-training for support staff, and potentially some budget for procurement of new licenses, software and hardware.

XenServer adoption has dropped:

This was a surprise to me given that the XenServer team made many great enhancements to the product over the last 12 months with new support for NVIDIA, AMD and Intel GPUs and the release of solutions such as PVS Accelerator. The results of the survey show however that XenServer adoption is down 40% since 2016. vSphere continues to be the leading hypervisor among the respondents, sitting at 74%.

Citrix Cloud is still in its infancy:

Citrix gave cloud a big push throughout 2017 and on to 2018, but the survey results show that just 5% of respondents currently use products from Citrix Cloud, and 50% have no plans for cloud services.

It is worth mentioning though that 45% are considering using it in the future, and I fully expect adoption rates to go up as there are many benefits to some of the Citrix Cloud offerings and further enhancements are on-going.

Application compatibility is top of mind for Citrix administrators during migration:

Applications come in all shapes, forms and sizes, and 80% of you are concerned with how applications and desktops will work going forward as we transition to 7.x. Srinivas highlighted that many respondents do not want a Citrix upgrade to cause more pain such as performance issues, or loss of functionality to applications.

Customers struggle to adopt a one-for-all monitoring solution:

67% of respondents use Citrix Director to monitor their environment, however 72% use at least 2 different monitoring tools, with some organisations using as many as 10. I personally see organisations with 2-10 tools. It is clear here from the results that organisations are crying out for a central solution that monitors not just the management and desktop layers but the network, storage, hypervisor layers and so on. Using the many different monitoring tools out there simply adds complexity to monitoring and makes monitoring a burden.

Logon performance tops the critical list:

Who would have thought? I guess there was a reason why I spent a lot of time with Citrix desktop logons during 2017. 59% of respondents noted that slow logons are their common complaint from end-users. I made the point that we are challenged with providing a slow logon because the majority of our machines may be non-persistent. Luckily enough I’ve had the opportunity to provide some tips, and optimisation scripts that can drive logon times down which you can find by using this blog’s search box.

That is all for now. I hope you found this interesting and I want to thank those of you who attended the webinar and responded to the survey. If you are interested in reading more, I encourage you to read the full survey report results.