Potentially ongoing worldwide UDP:443 (EDT) DDoS amplify attack against Citrix (NetScaler) Gateway

Since 19 December 2020 7pm CET we see a possible worldwide DDOS amplify attack against Citrix Gateway UDP:443 DTLS EDT services.

Changelog

  • 11.01.2021: Added information about the new Citrix ADC Gateway (formerly NetScaler) firmware releases, which solve the memory leak issue with -helloVerifiyRequest
  • 24.12.2020: Added information about the official Citrix Knowledge Center article CTX289674
    Added a final summary, that repeats all possible solutions
    Maked it a lot clearer, that -helloVerifiyRequest doesn’t seem to work well
  • 22.12.2020: Added a warning note, that -helloVerifiyRequest doesn’t work on all Citrix ADC (NetScaler) firmware versions
  • 21.12.2020: Added a third possible solution regarding -helloVerifiyRequest
  • 21.12.2020: Initial version

The situation

During the night from Saturday (19.12.2020) to Sunday (20.12.2020) our Zabbix Monitoring informed us, that several Citrix Gateway VPX (50) appliances were at its license cap. We investigated the situation and soon found out, that we had 0 ICA sessions on most of them, hence no explanation for the traffic.

Zabbix Citrix Gateway Throughput Monitoring Graph
Zabbix Citrix Gateway Throughput Monitoring Graph

Continue reading “Potentially ongoing worldwide UDP:443 (EDT) DDoS amplify attack against Citrix (NetScaler) Gateway”

Caution: FSLogix 2009 (2.9.7621.30127) profiles won’t logoff completely

At three customer sites I created test machine catalogs with FSLogix 2009, and all of them had the same issue, that FSLogix profiles won’t logoff completely at the end of the day.

Update January 11, 2021: I was informed about a better solution via Twitter, and updated the Blog post accordingly.

The Problem

During my personal tests with FSLogix 2009 (2.9.7621.30127) I discovered that the profiles won’t logoff completely at the end of the day. See the following screenshots.

You can clearly see, that despite there are no active or disconnected user sessions, some of the VHDX disks are still mounted, but more important the folders from C:\users\ won’t vanish.

This makes a second login impossible on the same VDA.

Update Citrix Workspace Environment Management (WEM) to 2009 (2009.1.0.1)

An update guide for Citrix Workspace Environment Management (WEM) to the latest version 1912.

On September 28, 2020 Citrix released version 2009 of Workspace Environment Management (WEM). This is an update guide.
Customer Success Services / Software Maintenance eligibility date: Aug 15, 2020

Download Citrix WEM 2009 (2009.1.0.1) here:
https://www.citrix.com/de-de/downloads/citrix-virtual-apps-and-desktops/components/workspace-environment-management-2009.html

What’s new:
https://docs.citrix.com/en-us/workspace-environment-management/current-release/whats-new.html

Fixed issues:
https://docs.citrix.com/en-us/workspace-environment-management/current-release/fixed-issues.html

WEM setup files
WEM setup files

Continue reading “Update Citrix Workspace Environment Management (WEM) to 2009 (2009.1.0.1)”

HowTo: Dell Wyse ThinOS Downgrade from 9.0 to 8.6

If you have performed your first Dell Wyse ThinOS 9.0 tests by now, you might want to downgrade those devices back to 8.6 again. In this guide I’m showing you how.

For this test, I initially upgraded a Dell Wyse 3040 ThinClient with ThinOS to 9.0 with the Dell Wyse Management Suite 3.0. After my tests were finished, I wanted to use 8.6 on this device again, as I use it mainly to reconstruct customer issues, and most customers still use 8.6.

Continue reading “HowTo: Dell Wyse ThinOS Downgrade from 9.0 to 8.6”

Citrix Virtual Apps and Desktops 7 1912 LTSR Cumulative Update 1

The first Cumulative Update (CU1) for Citrix Virtual Apps and Desktops 7 1912 LTSR released in May 2020.

Citrix released the first of Cumulative Update (CU1) in the maintenance lifecycle of Citrix Virtual Apps and Desktops 7 1912 LTSR.

Long Term Service Release (LTSR) Lifecycle Dates
Long Term Service Release (LTSR) Lifecycle Dates

Customer Success Services / Software Maintenance eligibility date: April 15, 2020

Important quote from the release notes: Continue reading “Citrix Virtual Apps and Desktops 7 1912 LTSR Cumulative Update 1”