Recently, we implemented CAD workstations through Citrix DaaS Standard for Azure. The customer uses AutoDesk 2023 products. To maintain the AutoDesk session on the non-persistent Azure MCS machines, we had to implement a Microsoft Loopback network adapter.
During our latest Citrix project, we implemented Citrix DaaS Standard for Azure, to provide GPU powered Azure CAD workstations with AutoDesk 2023. One of the challenges to solve, was AutoDesk sessions persistence, so an engineer wouldn’t have to authenticate to AutoDesk over and over again.
AutoDesk provides a knowledge base article, about how this can be solved manually in a Citrix Golden Master Image. The solution is to create a Microsoft KM-TEST Loopback Adapter in the Golden Master Image.
How to configure Autodesk Desktop Connector to maintain login session on Citrix non-persistent VMs (autodesk.com)
For this project, we decided to create the Golden Master Image through a combined Azure DevOps + Packer approach. So we needed to translate this support article into PowerShell.
Continue reading “Configure Autodesk Desktop Connector to maintain login session on Citrix non-persistent VMs”
While building a Citrix DaaS Standard for Azure environment, we made use of the new Install-Language PowerShell command. Sadly, this broke the Citrix HDX Teams optimization. In this article, I show you how to work around this issue.
During this project, we decided to build our Citrix Master images through Packer of Microsoft marketplace images. These images are en-US only, and the administrator has to provide a language pack as needed. For this use-case, Microsoft has introduced a new PowerShell command in the latest builds of Windows 10 and Windows 11 multi-user: Install-Language
This command replaces everything from the past and can be used as a simple one-liner during your master image build process:
Install-Language -Language de-DE -CopyToSettings
…breaks the OS
But as far as we know, this is currently bugged. Continue reading “Install-Language breaks Citrix HDX Teams optimization on Azure Windows 10 Multi-User”
In 2016 Ryan Butler created a PowerShell script to update a NetScaler configuration to score an A+ at the SSL Labs SSL test. I updated this script to score an A+ in 2023.
This blog post would not be possible without the groundwork from Ryan Butler and Carl Stalhood. Ryan created the initial script and Carl provided me with a current SSL cipher list for Q2 2023.
Updates and tests
Last year, I had a few new Citrix NetScaler Gateway VPX setups, and needed a fast way to get the SSL settings right. Most of the time I used the script by Ryan, but in the meantime it was outdated. I grabbed the script and the provided SSL cipher list by Carl and got a working copy that immediately scored an A+ at SSL Labs. Sadly, I did not take my time to create a pull request over at Ryan’s GitHub to give back. Today I took my time, to tidy up the code, thanks to the Visual Studio Code PowerShell formatter and write up the changelog. Continue reading “Scoring an A+ at SSLLabs.com with Citrix NetScaler – Q2 2023 update”
Microsoft offers a nice set of security baseline GPOs, for direct use in your Active Directory environment. If you make use of the “MSFT Windows Server 2022 – Domain Controller” policy, your NPS installation might start to fail.
Many of you probably have a Citrix NetScaler Gateway installation based on the following concept:
Manuel Winkel (deyda):
Microsoft Azure MFA Cloud Service in Citrix ADC
Citrix ADC / Netscaler Azure MFA Authentication
Those articles describe, how someone can implement Azure MFA with Microsoft Authenticator App pushOTP and an on-premises Microsoft NPS server, without making use of SAML, which is necessary, if you use the ICAProxy Gateway only license for Citrix NetScaler Gateway.
Continue reading “Citrix NetScaler Gateway: NPS Extension for Azure MFA fails after introducing the Microsoft Domain Controller security baseline”
With the release of the Base Image Script Framework (BIS-F) version 7.1912.x a few minor changes in the ADMX template files occurred.
We are going to outline the changes necessary to your current deployment.
Continue reading “Transition from BIS-F version 6.1.3 to 7.1912.x”