My little Farm

Configure Autodesk Desktop Connector to maintain login session on Citrix non-persistent VMs

Recently, we implemented CAD workstations through Citrix DaaS Standard for Azure. The customer uses AutoDesk 2023 products. To maintain the AutoDesk session on the non-persistent Azure MCS machines, we had to implement a Microsoft Loopback network adapter.

Introduction

During our latest Citrix project, we implemented Citrix DaaS Standard for Azure, to provide GPU powered Azure CAD workstations with AutoDesk 2023. One of the challenges to solve, was AutoDesk sessions persistence, so an engineer wouldn’t have to authenticate to AutoDesk over and over again.

AutoDesk provides a knowledge base article, about how this can be solved manually in a Citrix Golden Master Image. The solution is to create a Microsoft KM-TEST Loopback Adapter in the Golden Master Image.

How to configure Autodesk Desktop Connector to maintain login session on Citrix non-persistent VMs (autodesk.com)

For this project, we decided to create the Golden Master Image through a combined Azure DevOps + Packer approach. So we needed to translate this support article into PowerShell.
Continue reading “Configure Autodesk Desktop Connector to maintain login session on Citrix non-persistent VMs”

Install-Language breaks Citrix HDX Teams optimization on Azure Windows 10 Multi-User

While building a Citrix DaaS Standard for Azure environment, we made use of the new Install-Language PowerShell command. Sadly, this broke the Citrix HDX Teams optimization. In this article, I show you how to work around this issue.

Install-Language…

During this project, we decided to build our Citrix Master images through Packer of Microsoft marketplace images. These images are en-US only, and the administrator has to provide a language pack as needed. For this use-case, Microsoft has introduced a new PowerShell command in the latest builds of Windows 10 and Windows 11 multi-user: Install-Language

This command replaces everything from the past and can be used as a simple one-liner during your master image build process:

Install-Language -Language de-DE -CopyToSettings

1	Install-Language -Language de-DE -CopyToSettings

…breaks the OS

But as far as we know, this is currently bugged. Continue reading “Install-Language breaks Citrix HDX Teams optimization on Azure Windows 10 Multi-User”

Scoring an A+ at SSLLabs.com with Citrix NetScaler – Q2 2023 update

In 2016 Ryan Butler created a PowerShell script to update a NetScaler configuration to score an A+ at the SSL Labs SSL test. I updated this script to score an A+ in 2023.

Credits

This blog post would not be possible without the groundwork from Ryan Butler and Carl Stalhood. Ryan created the initial script and Carl provided me with a current SSL cipher list for Q2 2023.

Updates and tests

Last year, I had a few new Citrix NetScaler Gateway VPX setups, and needed a fast way to get the SSL settings right. Most of the time I used the script by Ryan, but in the meantime it was outdated. I grabbed the script and the provided SSL cipher list by Carl and got a working copy that immediately scored an A+ at SSL Labs. Sadly, I did not take my time to create a pull request over at Ryan’s GitHub to give back. Today I took my time, to tidy up the code, thanks to the Visual Studio Code PowerShell formatter and write up the changelog. Continue reading “Scoring an A+ at SSLLabs.com with Citrix NetScaler – Q2 2023 update”

Citrix NetScaler Gateway: NPS Extension for Azure MFA fails after introducing the Microsoft Domain Controller security baseline

Microsoft offers a nice set of security baseline GPOs, for direct use in your Active Directory environment. If you make use of the “MSFT Windows Server 2022 – Domain Controller” policy, your NPS installation might start to fail.

Introduction

Many of you probably have a Citrix NetScaler Gateway installation based on the following concept:

Manuel Winkel (deyda):

Microsoft Azure MFA Cloud Service in Citrix ADC

Thomas Preischl:

Citrix ADC / Netscaler Azure MFA Authentication

Those articles describe, how someone can implement Azure MFA with Microsoft Authenticator App pushOTP and an on-premises Microsoft NPS server, without making use of SAML, which is necessary, if you use the ICAProxy Gateway only license for Citrix NetScaler Gateway.
Continue reading “Citrix NetScaler Gateway: NPS Extension for Azure MFA fails after introducing the Microsoft Domain Controller security baseline”

Adding Client Printer Redirection for Citrix Workspace App for Mac and Linux to your Citrix Master Image

Today I learned: Citrix Printer Redirection for Mac and Linux is not available Out-Of-The-Box on the Citrix Master Images I install. In this blog post, I will detail the steps I’ve taken to add this missing piece to all of my Master Images.

Introduction

Although quite rare in Germany, a few of our customers use MacBooks at home for the home office. Last week a customer created a ticket, that he couldn’t print on his home printer, although printer redirection was allowed for him in Citrix Studio. At first, I suggested the usual troubleshooting steps, like updating the Citrix Workspace app for Mac and checking the local preferences of the app. Obviously, both didn’t help. I then checked the problem myself and didn’t find an obvious problem. A quick search then led me to two Citrix KB articles, which revealed a knowledge gap on my side:

Client Printing from Linux/MAC is not available on Windows Server 2016 and 2019 (out of the box)

The following Citrix knowledge base articles explain what’s necessary to activate that feature:

Summary of the knowledge base articles:

Download the HP driver update for HP Color LaserJet 2800 Series PS driver from Microsoft Update Catalog.
Inject the driver into the operating system.
Add the printer driver to the printer driver store.
The next time the user logs on, it will just work.

Continue reading “Adding Client Printer Redirection for Citrix Workspace App for Mac and Linux to your Citrix Master Image”