https://support.citrix.com/article/CTX270373
CTX270373
This is important for customers to review. This will impact several businesses that have switched over to using the CR version instead of LTSR. Make sure and check the article, reach out to your reps to get your voice heard, and prepare for the change that this will spawn. And remember, be excellent to each other!
Good evening and salutations! So ran into a bit of an issue. I was trying to published video content via Citrix. Typically powershell for the win on that one. For some reason, the 1909, 1907, and 1903 WorkspaceApp was trying to launch the content as HTTP when it was file type associated to launch via media player. This was running on a 2012R2 Server with 1906.2 VDA for CVAD. Not exactly sure what was going on with that. We have a case opened and once we get the results, hopefully we will have a better answer as to what was happening. So, for the old skool method of publishing, went with publishing media player with a path to the video file. Worked flawlessly. Pictures below in case you run into the same issue! You will also want a GPO to make sure the first run pop-up from Media Player doesn’t show. That setting is below as well! You will want to scope the policy to the server hosting media player. Now publish that video!
Everything is running wild regarding Covid. Lots of remote work coming from this. Big thing to remember is that there are excellent options for remote access. Citrix offers wonderful solutions of Workspace, CVAD, SSL VPN via Citrix Gateway, VDI, and RemotePC. VMware is offering a good solution with View and Workspace ONE. Azure is offering Windows Virtual Desktop. Utilize these resources and stay safe!
Got some news of something I had been pursuing recently, the CTP. It worked out that this was not the year of attainment for this particular endeavor. Sure there was some disappointment in it. A little bit of sadness. It has actually helped. I’m printing out a copy of that outcome to hang on my wall. I want it to remind me that I need to work harder, give more, and continue to strive for excellence. There are so many talented individuals out there that are a gift to the community and experts in their areas. I want to follow their example. Just have to work harder and try again when the application opens again.
Looks like the new firmwares have come out for the varying versions of Netscaler firmware. Make sure and download from Citrix now and get your patch on! Seriously, this is important to patch. I mean it!
https://www.citrix.com/downloads/citrix-adc/firmware.html
The link is above!
Citrix NetScaler CVE-2019-19781: What You Need to Know
https://support.citrix.com/article/CTX267679
For those that do not wish to follow the link, I have the info below!
Standalone:
enable ns feature responder add responder action respondwith403 respondwith "\"HTTP/1.1 403 Forbidden\r\n\r\n\"" add responder policy ctx267027 "HTTP.REQ.URL.DECODE_USING_TEXT_MODE.CONTAINS(\"/vpns/\") && (!CLIENT.SSLVPN.IS_SSLVPN || HTTP.REQ.URL.DECODE_USING_TEXT_MODE.CONTAINS(\"/../\"))" respondwith403 bind responder global ctx267027 1 END -type REQ_OVERRIDE save config shell nsapimgr_wr.sh -ys skip_systemaccess_policyeval=0 shell "echo 'nsapimgr_wr.sh -ys skip_systemaccess_policyeval=0' >> /nsconfig/rc.netscaler" reboot For your HA users out there: On primary: enable ns feature responder add responder action respondwith403 respondwith "\"HTTP/1.1 403 Forbidden\r\n\r\n\"" add responder policy ctx267027 "HTTP.REQ.URL.DECODE_USING_TEXT_MODE.CONTAINS(\"/vpns/\") && (!CLIENT.SSLVPN.IS_SSLVPN || HTTP.REQ.URL.DECODE_USING_TEXT_MODE.CONTAINS(\"/../\"))" respondwith403 bind responder global ctx267027 1 END -type REQ_OVERRIDE save config shell nsapimgr_wr.sh -ys skip_systemaccess_policyeval=0 shell "echo 'nsapimgr_wr.sh -ys skip_systemaccess_policyeval=0' >> /nsconfig/rc.netscaler" reboot On secondary after primary comes up: shell nsapimgr_wr.sh -ys skip_systemaccess_policyeval=0 shell "echo 'nsapimgr_wr.sh -ys skip_systemaccess_policyeval=0' >> /nsconfig/rc.netscaler" reboot
Good news, is that they have released dates for the firmware!
| Citrix ADC and Citrix Gateway | ||
| Version | Refresh Build | Expected Release Date |
| 10.5 | 10.5.70.x | 31st January 2020 |
| 11.1 | 11.1.63.x | 20th January 2020 |
| 12.0 | 12.0.63.x | 20th January 2020 |
| 12.1 | 12.1.55.x | 27th January 2020 |
| 13.0 | 13.0.47.x | 27th January 2020 |
| Citrix SD-WAN WANOP | ||
| 10.2.6 | 11.1.63.x | TBD |
| 11.0.3 | 11.1.63.x | TBD |
Good evening folks! Looks like some more fun has cropped up in Citrix Gateway in regards to firmware. Looks like 13.0-41.20_nc has an issue in some instances that you lose the ability to create or edit session profiles. We get the same issue as listed below.
There also was a CVE (CVE-2019-18225) that has come out that will need to be applied. Not sure if that will fix the issue with the session profile or not. Looking to get that applied here shortly and will update this post to let you know if it resolves the issue. Hopefully, two birds with one stone.
UPDATE: So it looks like the upgrade to build-13.0-41.28_nc has resolved the issue with being able to edit session profiles! YAY!! Just wanted to give a heads up on that!
So much fun has been found in the world of next-gen tools. For those out there that are having some oddities with your profiles acting wonky if you happen to have EndGame, well, I have some information for you! Looks like the issue appears in either case of using profile streaming or active write-back. It causes parts of the profile to get file locked that won’t release on a VDI for about 1 min or so and on a server, sometimes until reboot. If a user tries to log back into a server after logging off, it will try and create a new user profile that doesn’t work well because the user profile already exists. When you reboot the server, all returns to normal for a short time until users start logging in again. So at this time, there are known issues with using EndGame with CVAD.
Versions in use are 1906.2 VDA on Server 2012R2 and 2016. The same issue is seen on the 1909 VDA. Just wanted to send out a heads up that this appears to be an issue without a current resolution. I’ll update as we find out more.
Wow! Two posts in one day!? What is that!?
So… I’m working on getting this completed. What you may ask? I’m working on powershelling myself into some quick reference materials. I haven’t seen many things that help tie a published application back to a machine. I’m working on one that will get the last missing pieces. Right now, this ties the machine to the application with the users assigned to it. This only shows who is assigned to the applications and what machine it is running on. The next iteration will hopefully tie in the assignments made at the Delivery Group level.
Enter-PSSession servername
asnp citrix*
get-brokermachine | select catalogname,hostedmachinename, @{N="publishedapplications";e={$($_.publishedapplications -join ',')}}, @{N="AssociatedUserNames";e={$($_.AssociatedUserNames -join ',')}} | export-csv c:\software\allapps.csv -NoTypeInformation -append
exit-pssession
This will get you the machine catalog, the hosting machine, published applications, and the users assigned to it. Sometimes a quick glance to find where an application is running is helpful. You still have to parse the CSV for what you need, but it is all in one place. Let’s see if we can make it slightly better the next time around. Maybe make a winform with some buttons that show it in text areas. We shall see!
Assistance on getting this working goes to Stuart. Check out his blog!
Sooo….. Anyone out there using AppFlow on their Citrix Gateway? Well there was a bug identified in the 13.0 Build 36.27. This bug…. This bug made sure that the setting to disable AppFlow globally was not respected. If you disabled it there, nothing happened. Example, if you had an AppFlow policy dumping the data to MAS (Management Analytic Server), it would still see it as enabled unless you disabled the policy explicitly. The PPE (packet processing engine) would still crash and cause it to fail-over repeatedly between an HA configured pair of Gateways. This took about a week to find and a bit longer to fix as we had to wait until the release of 13.0 Build 41.20 to completely resolve the issue. Below are the pictures of the settings and the versions. So if you are running 13.0 Build 36.27, upgrade IMMEDIATELY! Here is the link to the firmware version to save you! AppFlow Fix!
Powered by WordPress & Theme by Anders Norén