Home » KBArticles » Page 2

Category: KBArticles

Citrix Cloud MCS Connection to Azure Unable to See Image or Template vhd files

Situation

The Citrix cloud MCS connection to Microsoft Azure is unable to provision any Machien Catalog as its unable to find any images, disks, vhds or servers to base its Machine Catalog on.

  1. Citrix Cloud setup with Hosting connected direct to Microsoft Azure RM (and working as it can connect and see resources etc)
  2. 1 x DC, 2 x Citrix Cloud Connectors and 1 Windows server template with VDA installed as ‘master image’
  3. All Windows 2016
  4. All servers built with Azure managed disks (where the servers are not placed into any storage account)

Hosting Connection

Machine Catalog Creation

CC sees the Resource Group and storage, but its basically looking in the wrong areas and not finding the image or VHD files.

A)

B)

C)

Solution

The VDA template must be created within a storage account and not built with azure managed disks.

 change to 

 

Azure Managed disks is now available in preview (apparently) but only if you are deploying machines via your Machine Catalog. It seems you still need to have a vhd and storage account for your base image / template when you are creating your Machine Catalog, but can then enable azure managed disks for your new MCS managed VMs (see below screenshot during Machine Catalog creation)

 

Citrix Storefront 3.9 passthrough authentication issues

Situation:

After a customer recently upgraded to Storefront 3.9 some users complained of having to authenticate twice when using various browsers. Once in Storefront and once again in a Windows Login prompt when they launch their selected application.

This seems to be related to the way Storefront runs the receiver detection, if a compatible receiver is detected the users are prompted and asked if they want to ‘Log On’ with their local computer credentials. (see screenshot from Workaround 1 below).

Previously we have only ever used ‘username and password’ authentication, but this process seems to negate / bypass the authentication configured in Storefront.

Workaround #1:

The users should be prompted each time to ‘passthrough’ their windows local windows credentials by clicking ‘Log On’.

The users can skip the passthrough and simply click ‘switch to user name and password’

To use the account you used to sign on the computer, click Log On.

Workaround #2

If you have more than one Store in Storefront separate the authentication methods in Storefront so they are not shared between the stores (as pass through detection continued to happen regardless of the authentication method selected when shared between stores)

(note the storename has been obscured for customer anonymity)

Resolution:

In relation to the references section for setting up a good receiver configuration this customer had broken the majority of the rules for good reason. So there was no adhering to the Citrix best practises, so workaround 2 became their resolution based on other requirements (like not all users are domain joined, not all devices that connect are manager by the customer, rather 3rd parties to which they have no control, the users have no / little access locally to upgrade or install or modify receiver configurations – the list goes on)

Post the upgrade the Authentication method between two different stores were merged, and shared authentication was enabled. Regardless of the settings we were selecting / applying in the Browser, the pass through continued to haunt users and attempt to log them in with their local credentials.

Once we split the authentication, so it could be controlled separately between the two stores, the issues went away and we had more granular control.

There were are number of things the customer was not doing like configuring the receiver clients locally, and configuring the local receivers to support http:// as they have a large number of non domain joined users and this prevented a ‘one size fits all’ approach to deploying receiver and Storefront internally. Our final suggestion was to look to replace this entirely with NetScaler and HTML5 instead.

References

https://docs.citrix.com/en-us/receiver/windows/4-7/secure-connections/receiver-windows-configure-passthrough.html

Citrix Storefront Upgrade Failure 2.x to 3.9

Situation:

When trying to Upgrade our Citrix storefront servers from a 2.x version to 3.9 of storefront we encountered the following error: This meant the installation failed with the previous storefront version removed completely, and all configuration lost, and we were then unable to install any further version of Citrix Storefront.

Application Log Error, Source: Citrix Extensible Meta-Installer EVENTID: 0
Timestamp: 05/07/2017 19:04:43
Category:Error, WinError
Message:Unexpected exception. Message: Exception has been thrown by the target of an invocation.. Stack Trace =    at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
  at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at Citrix.Cxmi.CustomSandbox.ManagedDllLoader.CallStaticMethod(String typeName, String methodName, Dictionary`2 methodParams)
   at Citrix.Cxmi.Workflow.ExecuteTask.Execute()
   at Citrix.Cxmi.Workflow.WorkflowSequence.Execute()
   at Citrix.Cxmi.Workflow.WorkflowSequence.Execute()
   at Citrix.Cxmi.Workflow.WorkflowExtension.Run()
   at Citrix.Cxmi.Core.Engine.Run()
   at Citrix.Cxmi.Core.Program.Main(String[] args).

Things Tried:

Deletion of all local temp files – Failed

Complete uninstall and reinstall of Storefront versions – Failed

Reinstall of old version 2.x – Failed

Install of new 3.x  version as different user – failed

We had no choice but to revert the VM snapshot to recover the production Web server.

Solution:

Upgrade to Storefront 3.0 First, then attempt to upgrade to a higher version.

Azure Active Directory synchronisation attempts failing

Unhealth identity synchronization notification.

Azure Active Directory did not register a synchronization attempt from the identity synchronization tool in the last 24 hours for <Company>

Solution

There are a large number of reasons why this might be affecting you, however in this specific instance we needed to ensure the Microsoft Azure Active Directory Connect was not stuck at ‘required to upgrade’ screen.

Connect to the AD where you have installed the Sync tool and confirm.

Perform the upgrade as necessary

I then had to spend nearly as hour trying to discover what username / password was configured on this damned account as it was not working with my Azure portal login (portal.azure.com).

As this was a partner subscription from the Microsoft Action pack the original configuration was setup under portal.office.com, also as password synchronisation was setup as part of the AD sync, the previously updated on prem passwords had not synced with Office – so no one could log in with their new passwords.

So

  1. I ran password recovery for the @xxx.onmicrosoft.com account
  2. Accessed the portal.office.com and confirmed all else was ok with the subscription

  3. Setup On Prem AD Sync again with the recently reset user and password.

  4. Finally we can complete the upgrade.
  5. Upgrade completed

 

Azure Source Anchor Upgrade from objectGUID

Post setup (or reconfiguration) of Azure AD Synchronization there is a prompt

Azure Active Directory is configured to use AD attribute objectGUID as the source anchor attribute. Its strongly recommended that you let Azure manage the source anchor for you. Please run the wizard again and select Configure Source Anchor.

Why should we do this?

Upgrading this from objectGUID to ms-DS-ConsistencyGUID is best practise and allows for easy recover of accidentally deleted on-premise user accounts.

Walk Through Steps

  1. Run the Azure AD Connector Wizard and select the Source Anchor option
  2. Select Configure Source Anchor

  3. Click ‘Configure’ to commit the settings appropriately

  4. Success

 

Microsoft Azure Virtual Network Gateway Deletion Failing

You may be frustrated at Microsoft Azure’s lack of ability to power off the Network gateways especially when they are chewing up resources and $. Unfortunately Azure provides no current way to power the gateways down so the only current solution is to delete them, however you need to delete them in the right order to remove the service pre-requisites.

Example:

Failed to delete virtual Network Gateway

Failed to delete virtual network gateway 'UKSouthGateway'.
Error: Gateway /subscriptions/xxxxx-xxxx-xxx-xxxx-xxxxxxx/resourceGroups/

Solution

The gateway devices must be deleted in a specific order

  1. Connections (both sides)
  2. Local Network Gateway (both sides)
  3. Virtual Network Gateways (both sides)
  4. IP Ranges (only if necessary)

Citrix Cloud Connector Installation Unsuccessful on Windows Server 2016

Scenario

After multiple attempts to install the Citrix Cloud Connector software we continued to receive even after mutiple reboots.

Installation was unsuccessful. See below for details.
A system restart is pending. The system must be restarted before any products can be installed.

Solution

Simple delete / clear the windows registry entry in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations

 

How to stop WhatsApp sharing your details with Facebook

If, like me, you have recently wondered how to stop WhatsApp sharing your details with Facebook well the team at WhatsApp seem to have already provided this (we hope). So lets us put aside our thoughts of deleting whatsapp entirely, for now, and whilst some of us have paid for a lifetime of “private, no-ads” service, it is still early days yet and this option maybe enough to give us some level of comfort..? Maybe??

Process to stop the data sharing

  1. Dont immediately agree to the ‘policy change’ when you see it in whatsapp
  2. Click the  “read more about the key updates to our Terms and Privacy Policy”
Whatsapp Agreement screen 1 select 'read more' to unshare data with facebook
Whatsapp Agreement Change Aug 2016 – Screen 1

3) Untick the “share my whatsapp account information with Facebook to improve my Facebook ads and product experiences.” (because, you know, our facebook experiences are already so awesome that we would willingly sign up for more targeted advertisements etc)

Whatsapp Agreement screen 2 to unselect the sharing of data to facebook
Whatsapp Agreement Change Aug 2016 – Screen 2

 

I just received the above messages today on my android phone EE network in the UK (26/08) however it only prompted me after a phone restart.

 

Unable to downgrade Google Apps for Work trial

Situation

A customer had upgraded their free Google Apps to Google apps for Work Trial and wanted to cancel the trial 5 days before the trial ended. In the process of attempting to cancel the trial they were unable to downgrade from ‘Google Apps for Work Trial’ to ‘Google Apps’. There was no option to downgrade back to Google Apps, rather a ‘Cancel and Delete everything’.

Google Apps for work downgrade option not available
Google Apps for work downgrade option not available

Solution

During the trial the customer had added some additional domains which were preventing the downgrade option being available, as soon as the additional domains were removed the downgrade option appeared.

This can also happen if the primary domain is changed during the trial as well.

Google Apps downgrade option available
Google Apps downgrade option available

Netscaler MAS Error when adding Netscaler Instance

Problem

We received the following Netscaler MAS Error when adding Netscaler Instance to be monitored by the NMAS.

1 Error: Licence cannot be retrieved. Either the Netscaler is unresponsive or the login credentials are incorrect.

Screen Shot 2016-08-17 at 22.20.13

Solution(s)

There are a number of reasons this may come up

  1. you are not running an enterprise or platinum licence on the Netscaler appliance.
  2. you have connected to the SNIP and not the NSIP of the netscaler device
  3. you are blocked from communicating with the netscaler NSIP by network firewall etc
  4. you do not have SNMP enabled on the NSIP – so get this enabled