Configure Autodesk Desktop Connector to maintain login session on Citrix non-persistent VMs

Recently, we implemented CAD workstations through Citrix DaaS Standard for Azure. The customer uses AutoDesk 2023 products. To maintain the AutoDesk session on the non-persistent Azure MCS machines, we had to implement a Microsoft Loopback network adapter.

Introduction

During our latest Citrix project, we implemented Citrix DaaS Standard for Azure, to provide GPU powered Azure CAD workstations with AutoDesk 2023. One of the challenges to solve, was AutoDesk sessions persistence, so an engineer wouldn’t have to authenticate to AutoDesk over and over again.

AutoDesk provides a knowledge base article, about how this can be solved manually in a Citrix Golden Master Image. The solution is to create a Microsoft KM-TEST Loopback Adapter in the Golden Master Image.

How to configure Autodesk Desktop Connector to maintain login session on Citrix non-persistent VMs (autodesk.com)

For this project, we decided to create the Golden Master Image through a combined Azure DevOps + Packer approach. So we needed to translate this support article into PowerShell.
Continue reading “Configure Autodesk Desktop Connector to maintain login session on Citrix non-persistent VMs”

Install-Language breaks Citrix HDX Teams optimization on Azure Windows 10 Multi-User

While building a Citrix DaaS Standard for Azure environment, we made use of the new Install-Language PowerShell command. Sadly, this broke the Citrix HDX Teams optimization. In this article, I show you how to work around this issue.

Install-Language…

During this project, we decided to build our Citrix Master images through Packer of Microsoft marketplace images. These images are en-US only, and the administrator has to provide a language pack as needed. For this use-case, Microsoft has introduced a new PowerShell command in the latest builds of Windows 10 and Windows 11 multi-user: Install-Language

This command replaces everything from the past and can be used as a simple one-liner during your master image build process:

Install-Language -Language de-DE -CopyToSettings

…breaks the OS

But as far as we know, this is currently bugged. Continue reading “Install-Language breaks Citrix HDX Teams optimization on Azure Windows 10 Multi-User”

Scoring an A+ at SSLLabs.com with Citrix NetScaler – Q2 2023 update

In 2016 Ryan Butler created a PowerShell script to update a NetScaler configuration to score an A+ at the SSL Labs SSL test. I updated this script to score an A+ in 2023.

Credits

This blog post would not be possible without the groundwork from Ryan Butler and Carl Stalhood. Ryan created the initial script and Carl provided me with a current SSL cipher list for Q2 2023.

Updates and tests

Last year, I had a few new Citrix NetScaler Gateway VPX setups, and needed a fast way to get the SSL settings right. Most of the time I used the script by Ryan, but in the meantime it was outdated. I grabbed the script and the provided SSL cipher list by Carl and got a working copy that immediately scored an A+ at SSL Labs. Sadly, I did not take my time to create a pull request over at Ryan’s GitHub to give back. Today I took my time, to tidy up the code, thanks to the Visual Studio Code PowerShell formatter and write up the changelog. Continue reading “Scoring an A+ at SSLLabs.com with Citrix NetScaler – Q2 2023 update”

Citrix NetScaler Gateway: NPS Extension for Azure MFA fails after introducing the Microsoft Domain Controller security baseline

Microsoft offers a nice set of security baseline GPOs, for direct use in your Active Directory environment. If you make use of the “MSFT Windows Server 2022 – Domain Controller” policy, your NPS installation might start to fail.

Introduction

Many of you probably have a Citrix NetScaler Gateway installation based on the following concept:

Manuel Winkel (deyda):

Microsoft Azure MFA Cloud Service in Citrix ADC

Thomas Preischl:

Citrix ADC / Netscaler Azure MFA Authentication

Those articles describe, how someone can implement Azure MFA with Microsoft Authenticator App pushOTP and an on-premises Microsoft NPS server, without making use of SAML, which is necessary, if you use the ICAProxy Gateway only license for Citrix NetScaler Gateway.
Continue reading “Citrix NetScaler Gateway: NPS Extension for Azure MFA fails after introducing the Microsoft Domain Controller security baseline”

Transition from BIS-F version 6.1.3 to 7.1912.x

With the release of the Base Image Script Framework (BIS-F) version 7.1912.x a few minor changes in the ADMX template files occurred.

We are going to outline the changes necessary to your current deployment.

Continue reading “Transition from BIS-F version 6.1.3 to 7.1912.x”