Microsoft DirectAccess breaks Citrix/XenApp application launches – Fix


If you have implemented DirectAccess for your users so that they could connect to corporate network whilst they work from home, you might have come across this issue while using Citrix. Users would be able to connect to Storefront portal and authenticate themselves but when they try to launch applications it fail. Users will also notice the below Citrix Receiver dialog with no apparent error messages.

The users who connect directly to Storefront without DirectAccess have no issues to launch applications.

The Cause

When you have DirectAccess enabled on user PCs, it expects hostname/FQDN values for initiating traffic between the client and the DA gateway. By default, Citrix XenApp tries to connect on IP addresses to bypass the infrastructure reliance on DNS. So, we will need to find a way to switch that behaviour to an FQDN based connection initiation.

Let’s look at the .ICA files to see what’s in there. The below screenshot is of an ICA file that shows IP addresses. This setup will NOT work for DirectAccess connections.

The Fix

To fix this, you will need to change a DNS parameter in XenApp/XenDesktop 7.x farms.

asnp citrix*
Get-BrokerSite

You will need to change the value from False to True

Set-BrokerSite -DnsResolutionEnabled $True

Running a Get-BrokerSite after that will show that the value has been changed from False to True

Now, let’s inspect the ICA file again. You can find the ICA files from your User profile folder. I had mine under

C:\Users\<username>\AppData\Local\Citrix\Web Helper v2\Temp

If you open the file in Notepad, you can see that the IP addresses have been replaced with FQDNs

That should resolve the issue.

Stay safe and Stay at home. Cheers people!!

What happens when you reset Citrix Receiver?


Hello Folks,

Have you ever wondered what happens when Citrix Receiver is reset?  There are times when Receiver needs a bit of love and care from the Citrix admins. I came across an issue recently where I had to reset Receiver client and thought I should put this down on what gets removed and what gets retained for future reference.

Resetting Receiver to factory defaults removes the following items:

  • All accounts and stores.
  • All apps delivered by the Self-Service Plug-in, along with their icons and registry keys.
  • All file type associations created by the Self-Service Plug-in.
  • Cached files and saved passwords.
  • Per-user registry settings that are user preferences and, for per-machine installations, all user-specific registry settings.
  • NetScaler Gateway registry settings for Receiver.

 

Resetting Receiver does not impact the following items:

  • Receiver or Plug-in installation.
  • Per-machine ICA lockdown settings.
  • GPOs.

How do you reset Receiver?

CLI Method

You can also use the  command line interface to reset Receiver or try and create a script for the same:

"C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\CleanUp.exe" -cleanUser"

GUI Method

Right click the Receiver icon in the notification area and select Advanced Preferences

In the dialog, select Reset Receiver and click OK

receiver

Quick shout out to Trishanka Saikia from Citrix Technical Support for this info.

The curious case of NetScaler access with error message ” The Connection to “Desktop” failed with status (Unknown client error 1110)”


I was pulled into to look at a problem for one of our customers with their Netscalers which stopped the user connections intermittently throwing a very “helpful” error message ” the connection to the desktop failed with status (unknown client error 1110).

The customer description was “it only started to happen a few weeks ago and these days it’s quite impossible to land a successful connection from the outside of our corporate network.”

I managed to get a couple of screenshots of error messages from the users and they appeared like below. When queried, the internal access via Storefront is working fine.

image001

Looking at the error message, there are a multitude of reasons why you would get that, and I am outlining the common areas to check in such cases.

  • Check if the Root certificates and intermediate certificates are available on the client devices. If frequently patched, the client will most probably have the latest and update Root CA’s from various public CAs. Check the IE’s / Other browsers’ certificate store to verify the Root and Intermediate CA SSL certs
  • If using non-IE browsers for connectivity, switch over to IE to see if it connects. IE is the safest bet when it comes to connectivity to Citrix environments.
  • Check for SSL ciphers attached to the NetScaler Gateway vServer. If high security ciphers are used, this issue may occur. Relax the cipher suites to see if that makes a difference. Again, if cipher suites are an issue, the problem will occur every single time when you connect and not sporadically.
  • Check the STAs on the NetScaler and ensure that it matches with the STAs configured on the  WI/Storefront. This is one of the most critical setting to check and probably the first one to check if the issue occurs only sporadically. There is a high possibility of an STA mismatch as it turned out to be in my case.
  • Check the FW from the NetScaler to the VDA – As the title says ensure that the Citrix ports to the VDA are open from the Netscaler

Enable Desktop Viewer in Citrix Receiver


Disclaimer

Please note that the following is not a supported configuration. At this time, Desktop Viewer is only officially supported and tested with XenDesktop. However, if you would like to use Desktop Viewer in your XenApp environments, please continue reading.
The information below is based upon the use of the Citrix Receiver 3.3 with legacy PNa  and XenApp 6.5

Navigate to C:\inetpub\wwwroot\Citrix\\conf folder and open the WebInterface.conf in a Notepad file. there should be a line which will be commented like below

#ShowDesktopViewer=ON

Uncomment the line by removing the hash symbol towards the beginning of the line and you are done.

Capture5

In some cases, there will not be a line for DesktopViewer at all in the WebInterface.conf file , if that’s the case, please continue to add the line above ( marked in yellow) and save the file.

If the above setting doesn’t work for Web Interface 5.4, try the Citrix KB here http://support.citrix.com/article/CTX122544