Virtualization, technology, and random rantings with a focus on Citrix and VMware.

Category: Receiver

Dazed And ConFAS’d : Cipher Suites For FAS And EndGame Exceptions For VDI

Ran into some fun with setting up FAS for MFA. I was testing a shorter list of ciphers on a test SSL profile on ADC on the test vServer. Come to find out, when accessing a machine that was using MFA from outside the network, I was getting an SSL error 4 on Windows machines and SSL error 47 on Stratodesk machines. I hadn’t seen that error since Receiver 4.x. It appears there are some additional ciphers needed in regards to the Citrix Workspace App. It appeared to work fine with the other cipher set using the HTML5 Workspace App. This article has the updated cipher set you need to have or it may cause you some issues (Changes To FAS Ciphers). These would be applied to your SSL profile assigned to the vServer on the ADC.

Ciphers needed in the SSL profile that are in link above

I also ran into an issue with EndGame.

When trying to connect from to VDI Windows 10 machines, you would encounter an incorrect user name or password error if EndGame was enabled, instead of it SSO logging you in.

Checking the event log on the machine, you encounter a Smart Card Logon Event 5.

There are 2 DLLs you have to add to a global exclusion, scardhook.dll and scardhook64.dll. These are located under C:\Program Files\Citrix\ICAService. Just excluding those DLLs got rid of the Event 5 Smart Card Logon error and allowed the Provider DLL to initialize.

After getting these exclusions applied, SSO works normally for accessing the VDI machines.

Not Working Fedora 29 to 5 – Updated!

Hello and good morning. These are the adventures of the starship…. wait. That’s right. Wrong channel. Wrong show.

So….. I decided to upgraded to Fedora 29 ( really really nice btw) at the end of October. Everything was hunky and even dory one would say. Except for something. Something very painful. I tried to use my Citrix Receiver to connect. And what happened pray tell? It wouldn’t connect. Some people have had success with loading additional libraries and finagling around to get it working. I have not as of yet. I’m waiting for a new release of the Linux Receiver instead of battling this one. I’ve seen on some forums that this is a common issue with Fedora and the receiver. So you may want to hold out on upgrading to Fedora 29 until this issue is resolved.

Update 03/27/19 – Instead of fighting the battle of waiting and fighting, I have skipped past fixing this for now and went the way of HTML5 client. Looks like a viable option for this! I’ll be posting about the HTML5 client soon!

First Thoughts on Workspace-ed Out!

Just started using the new Workspace / Receiver. I still am partial to using just the web portion of it. I connect to multiple sites and I like to have browser separation on them. I have played around with the Workspace “proper” as well. I’m noticing things are launching faster either way with this new client. I’m pleasantly surprised to see it. I’m looking forward to checking more of it out and comparing performance to my previous client. I’ll update after I have had more time with it!

Linux Receiver for Fedora

So you want to connect to Citrix on Fedora 28 to a Citrix site that uses Entrust certificates? Well, the receiver has a few issues with that idea. So to take care of that, there are some workarounds you need to do. I have a link on the bottom of the screen for what I had to do to get it working. You will need to download the tarball files. I used the 13.8 client. You can do it with the newer 13.9 as well, I had just backtracked to get it working. So below is what I had to do.

  1. Download the tarball to install https://www.citrix.com/downloads/citrix-receiver/linux/receiver-for-linux-latest.html. You will need to sign up for a Citrix account.
  2. Copy the file to /opt.
  3. Switch to the privileged user install.
  4. Follow the install through.
  5. When you are done, go to https://www.entrust.com and download the Entrust root 2048, Entrust root G2, and in my case, the Entrust L1K certificate. You may have a different intermediate certificate depending on what you are using. You will need to save these to /opt/Citrix/ICAClient/keystore/cacerts. I didn’t need the PEM, I only had to download the .cer files.
  6. You should be able to connect and launch now!

From I was finding, this is also what you will need to do if you are using newer versions of Ubuntu such as 18.04.

https://discussions.citrix.com/topic/393904-cannot-connect-to-0002-streetsmart-edge/

Powered by WordPress & Theme by Anders Norén