Issues by accessing Citrix Virtual Apps and Desktops on a pure IPv6 Internet Provider with enabled EDT
Some weeks ago first Incidents reached my team with the problem description that Users having a problem accessing their pooled Windows 10 desktops trough Citrix ADC (aka Netscaler).
I noticed that all affected users have one thing in common, they all have UPC Cablecom as an Internet Provider. As soon they connect their device to another internet connection, for instance to the Wifi hotspot created with their mobile phone all works fine.
Further troubleshooting steps showed that if I publish a dedicated VDI with disabled EDT also all works fine. If you don’t know what EDT is, Google EDT and Citrix 🙂
Usually, EDT is enabled and uses UDP for communication if the port is open and it’s possible. Otherwise, it should fall back to TCP. It seems to fall back just works if the ports are closed.
Now my problem is, I can’t disable EDT for all pooled VDI as we have some users who really need it. I also won’t give all the users dedicated desktops.
Luckily Julian Jakob gave me the hint to disable EDT on client-side. This is the best workaround.
Guidance for the User
(Because of BYOD the user needs to do that … )
On Windows it’s just a Registry key which the users have to create:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\UDT] "HDXoverUDP"="Off"
On a Mac this command should be typed in the terminal:
defaults write com.citrix.receiver.nomas HDXOverUDPAllowed -bool NO
On iOS devices you can disable EDT in the Workpace App:
Settings => Advanced => Adaptive Transport Settings => EDT (set on inactive)
Please Citrix fix that! All that I want is a fall back to TCP if UDP is not working, I don’t care if the port is closed or if it’s another issue. If EDT doesn’t work don’t use it. For users, this manual config on the client-side is not just annoying, some are not able to do it.
Aditional Infos, added after the release of this blog post:
- Citrix will announce a feature that will probably solve this issue, but I guess I can’t blog currently about it because of my CTP NDA.
- If you have a non-standard MTU, see this article: https://support.citrix.com/article/CTX231821
- Background why this is happening, it seems UPC uses CarrierGradeNAT * and its a problem with IPv4/IPv6 Encapsulation, at the end there is too little payload available (MTU issue). Kudos to Markus Löffler for this hint and the link.
* Explanation in German: https://www.elektronik-kompendium.de/sites/net/2010221.htm
This blog article is slightly different from all others. As you can imagine tech is for me always fun, even when it’s from my professional life as a System engineer for virtualization. But this article is only about fun, with no professional aspects … today …
More than a year ago, I posted the article about using the Oculus Go VR headset to access Citrix virtual Desktop session: https://blog.sachathomet.ch/2018/11/25/virtual-virtual-workplace-or-my-first-vr-experience-with-citrix-and-oculus-go/
Yesterday I created a short video for my friends to let dem understand what I mean when I tell them that I gambled in VR instead of a morning workout 🙂
Here you can see what a VR Player sees and how awkward this looks from outside:
The reason why Oculus Quest is the breakthrough for VR?
Price and easy as pie technology:
The Oculus Quest gives you access to the world of virtual reality for less than 500.- Swiss francs (about 500.- US $), and you don’t need a high-performance gaming Computer. In contrary to the predecessor Oculus Go the Quest is not limited to one point in the room where you stand or sit, you have real 6DoF. 6DoF means you can move across a room, you have Six Dimensions of Freedom. Other existing VR Headsets need for that a permanent Setup in the room with “Lighthouses” that the Headset knows where you are. The Quest has only 4 integrated cameras and will build the virtual Guardian with those. Before you start to play you define your field when you are running to the edge of the field during the game you can see that as a grid.
More recordings here on YouTube Playlist: https://www.youtube.com/playlist?list=PLDX-0d_gd9OdXmL24Aj-c2ZtA0plOqzXG
Some weeks ago, I created my first FinTech blog post about using ApplePay without an expensive Credit card instead of using a Revolut card.
Now I try to share a bit more my experiences with different virtual bank accounts I’ve tested. If you have read the other blog post you have maybe seen in the comments that I was asked about Boon. I’ve used Boon already some years ago and I also had the chance to test TransferWise more than a year ago. Last days I gave the Neon-free and ZAK a chance, this was the first two Swiss virtual bank account I’ve found.
I’m not working for a bank and so I can give now with my current standpoint my view and insights as a normal customer.
First I have not focused about fees, more about functionality and created the following table:
|Instant Card Freeze
|Instant Info by Transaction||Yes||Yes||Yes||Only SMS||No|
|Advanced Payment Security
(e.g. 3D Secure)
with RevP (I’m
currently in beta test)
|Location of the Company||UK||UK||UK||CH||CH|
There are also other virtual banks like e.g. N26, but honestly I had not the time to test all what is currently existing. Also my insights are a snapshot in time snapshot in time from now July 2019. New features are coming fast and things are gonna changing every week.
Now I can say Revolut has the most comprehensive offer! But I have some friends here in Switzerland which don’t trust to a foreign bank and they are sceptical about the worker conditions in this company.
Everyone needs to do his own choice, the world is changing and the disruption of the classic banks has started. I’m sure that this is not only good for the Country I’m living in, but I really hope that it has it’s good sides for the consumer of banking services.
If you have any questions to the virtual bank account’s I’ve tested feel free to add a comment to this blog post. If you have your own experience and want to share, a comment is also appreciated!
If you want to sign-up for Revolut, ZAK or Neon, feel free to use my invitation Link and get some perks.
Revolut: Sign-up with my link
and get a physical card for free as soon you topped up 10.- and used your card.
ZAK: Ask me for an invitation and get 50.- CHF
Neon: Use my invite code BTNN4F and get 10.- CHF
The idea for the concept behind this blog post was born during a lunch break in summer 2018 when in Switzerland the temperature was pretty high and my colleague Stefan Moser and I had the idea to go swimming in the Aare river instead have a proper lunch. This is a good example of how leaving the Office can facilitate creativity! During our walk upstream, Stefan explained to me that he thinks we need to give vGPU also to normal Office Worker users as long we have enough capacity.
Beginning of 2018 we equipped our virtual desktop infrastructure with Nvidia Tesla M10 GPUs after we’ve done some tests and figured out that only in this way we can get the same high user experience like with a powerful physical laptop computer. We purchased 4 new VMware Hosts with each 2 Tesla M10 GPUs, this is good enough to equip 256 VDIs with an M10-B Profile, which is recommended with Windows 10 and 2 screens.
This means our challenge was having 250 pooled non-persistent VDIs with only 100 vGPUs, that’s the amount of vGPUs we don’t need for the dedicated VDIs with special GPU needs. The idea was also to use vGPU-VDIs as long we have and then switch to the cheap GPU-less desktop.
The implementation of this solution is pretty simple if you know the Power of Tags in a Citrix Virtual Desktop environment.
The script is running as a scheduled Task e.g. every 5 minutes and opens and close the overflow pool.
Of course, depending on the Logon storm you need to consider how often the script is running and how many spare desktops you keep before you close the pool (VDI Offset, $FreeMachineThreshold in the Script).
Other use cases:
This script is not only useable to overflow a GPU/Non-GPU workload, but it can also be used in the various scenarios.
Just some examples:
– different hardware types, first the new cool servers than the old hardware.
– existing On-Prem resources before pay-per-use cloud resources
– Catalog in the same location before in a remote location (without any Citrix zones)
The script is available on GitHub:
Q: Are Tags also working when you are using Citrix Cloud?
A: Yes They are. (Thanks @bjoernmue for this info)
Those who follow me on Twitter and Facebook have already seen that I promoted the Revolut card multiple times. This was just as a happy customer! When I’m really convinced of a product I love to spread the word and want that others also can use the new cool stuff! I was a Revolut User since the beginning of 2018 and until today I spend over 8000 CHF over Revolut in 8 countries.
Yesterday 2 very important things happened
#1 Revolut introduced ApplePay for every customer (Standart, Premium & Metal).
#2 Revolut added me to the Pioneer Programm.
#1 Means you can now open a Revolut account in seconds and you are ready after some minutes to use ApplePay!
#2 Means not only that I receive from Revolut nice influencer perks, but it also means when YOU open a Revolut account with my link, but you should also receive your first physical card free of charge. Now you ask yourself why a physical card when you have ApplePay …Ok, first, a backup is always good, e.g. what if your iPhone battery is discharged. Also, you need the card if you want to pull money from an ATM. Revolut does not charge you until up to 200.- month on Standard for cash withdrawals at ATMs!
Ok, wait… was is Revolut precisely?
Revolut is an e-money service, which means app plus physical or virtual card. With Revolut, you can spend at home or abroad at the real interbank exchange rate (without unfair bank fees), set spending budgets, split bills, exchange currencies and withdraw from foreign ATMs for free (up to £200 month on Standard). With Revolut you can freeze/unfreeze your cards at the tap of a button. And with Premium and Metal account, where you pay a monthly fee, the possibilities are even more. But start with the Standard, you can do every time later an upgrade if you need.
- If you have to choose the currency during payment or at an ATM, ALWAYS choose the currency of the country you are currently in, so you avoid bad conversion rates outside of the force of Revolut.
- You are on a weekend trip and use your Revolut card during the weekend in a foreign currency? Exchange the money you need on the weekend already on Friday and avoid “weekend-fees” from Revolut.
- There are ATMs which have fees for the transaction by the ATM carrier, you will see this before of the transaction, keep an eye on it, I see fees between 0.- and 5.-! This is outside the force of Revolut.
- If you are in a Hotel or a Car rental and you want to use the Revolut card, consider that they may block a larger amount of your money!
- Don’t top up the Revolut card with a classic Credit card, there are Banks (e.g. Corner in Switzerland) who charge 5.- CHF fee to charge Revolut.
How to start?
- Click the link
- Enter your phone number (a text will be sent upon completion)
- To Download the app
- Create a new account in minutes
- Verify your account and top-up at least €10 or local currency equivalent
- Order your physical standard card for free
- You can create virtual cards and use those asap!
This Service is not yet available in all countries, but if you are not able to use the service you will see this already in Step 2. As I know there are some readers of my blog in the United States of America I have bad news … Currently, it’s not yet possible to open a Revolut account living in the US. As soon this will be available I will update this blog post.
And how can I use now ApplePay?
You need a device that supports ApplePay e.g. an iPhone 6 or higher or an AppleWatch. Also, it’s mandatory that ApplePay is enabled in your resident Country.
ApplePay can be added directly in the Revolut App or in a classic way in the Apple Wallet app.
By the way, to use Revolut (even without ApplePay) you need a smartphone on which you can install the Revolut App!
Disclaimer: Some months ago I was pretty sure to never write a blog post about money or a Fin Tech company. Because this is about YOUR money YOU have to make your own decisions and be careful. What I suggest is to start with a free Standart account and just start with some pocket money. Revolut does not replace your today main account!
On Black Friday sale I ordered my first VR Headset, an Oculus Go (64GB) for 222.- CHF (about 222 US $), in my opinion, a good deal for my first step in the word of Virtual Reality.
The Oculus Go is a very entry level VR with the benefit that you don’t need an additional Computer. The integrated hardware with an Android OS does all the work. But this article will not be a review of the Oculus Go as there are many others already available.
Usually, you use your Oculus Go with the apps in the Oculus store, but there is a known trick to load also other Android Apps to the Oculus, called “Sideload” and Android application. You need to set up your Oculus in Developer mode and then you are able to add APK files to the Oculus.
Here a good description of how to Sideload works: https://headjack.io/tutorial/sideload-install-app-apk-oculus-go
“Sideloaded” apps appear in Oculus Tv app in the section “unknown sources”, but unfortunately, I was not able to see the just uploaded Citrix Workspace App. I also tried after the installation of the Workspace app to just launch the Oculus Browser and open a Desktop from our companies “Citrix Web Receiver” (Netscaler, Storefront Web):
After that unsuccessful try to launch a virtual desktop, I tried to play around with sideloading other apps. I found out that the app Kodi and ES File Explorer appears in the Oculus Tv app in the section other sources. Both applications can be used to see and start other Android apps installed on the System.
So I can use the Oculus Tv to launch ES File Explorer and this app as a launcher for the Citrix Workspace App. Ok agree, all in all, sounds a bit like in the Movie Inception … virtual reality to Oculus app to native Android app to virtual desktop to other virtual desktops or virtual apps …
Unfortunately, I didn’t find out how to record the content running in Oculus when a sideloaded app is launched, so I had to trick for the video above, the first part is screen recorded, the second part is with a camera in the headset …
It’s pretty easy to set up an Oculus Go to run with the Citrix Workspace app, and the Oculus Go is an affordable VR headset. This is a cool tech demo, but not sure if I want to work a long time in an Oculus Go provided VR because this headset is really entry level. Assume headache and “VR fatigue” comes fast. Also, I miss a real Keyboard in VR. But with Augmented Reality or Mixed Reality, I think it can be a solution on the future to work with a virtual virtual Workplace!
For my tests I used:
Downloaded APKs from apkmirror.com :
ES File Explorer: com.estrongs.android.pop_22.214.171.124.1-729_minAPI14(armeabi,armeabi-v7a,x86)(nodpi)_apkmirror.com.apk
Citrix Workspace App: com.citrix.Receiver_126.96.36.199-94_minAPI19(armeabi,armeabi-v7a,x86)(nodpi)_apkmirror.com.apk
Now it’s already 2,5 years since I was elected as a Citrix Technology Professional. Becoming a CTP was a really big honor for me, but I didn’t write a long blog post about that.
Maybe because I was shocked about the fact I was chosen or I was just afraid because more eyes from the Community and Citrites are looking to me and I fear I’ll not find the right words.
I think now I’m able to write a short retrospective about this time, no I don’t say that because I intend to step back, I’m still happy in this role 🙂 But who knows if I will be active enough to get re-elected.
According to the Citrix Website (https://www.citrix.com/community/ctp) individuals are eligible to be a CTP when they prove their knowledge in Citrix products and invest a lot of time: “The CTP Program recognizes the contributions of individuals who have invested a significant amount of time and resources to become experts in Citrix products and solutions.”
Honestly, after being elected as CTP, I felt a bit under pressure to deliver new blog posts and to speak at conferences. Both are something that I like to do, but it’s only easy when I really have something to show or say. The Health Check automation was something and my early adopter experience with Windows 10, but I think these topics are now more or less stale. And for the blog posts when I have time to write it down…
The value of being a CTP is that I have access to Beta and EAR sources of the products, having a free pass to Citrix Synergy and the best, direct access to the Product Management. Besides all the CTP goodies, there is also liability and duties. Maybe not all people out there are aware of that. A CTP is not the Extension of the Citrix marketing department! But in my opinion, a CTP should be a communication channel between Citrix and their customers and more from the customer in the direction of Citrix.
To get elected as a CTP is not an easy thing, but also to stay a CTP needs effort! To make the grade for the CTP Program there are multiple possible activities. There are 1-2 online meetings with Product Management which takes about 1 hour. Also, there are two in-person meetings which take 2-3 days each.
So, if you aim to be a CTP, please think that it needs a bunch of spare time to satisfy the needs! I’m doing this partially in my free time and my employer “Die Mobiliar” supports me and gives me time for the in-person meetings. Also, I have support from my wife, my family and my friends and colleagues at Die Mobiliar. At this place THANK YOU!
Besides the CTP Program, I’m also active for the CUGC, on one hand as a local leader here in Switzerland but also in the CUGC Steering Committee. I think this is kind of “double burden” but also there were good synergies to combine these two or three roles.
I sometimes was asked “What can you accomplish as a CTP?” and now I can see that I’m really able to help Citrix and the Community to bring products in better shape to the customer needs. I posted some Feature Requests and those were implemented in the last months. These are only very little features, but for me, the fact that they implemented them was a big thing!
Here are some examples:
- VDI Battery Indicator:
this feature was implemented in Virtual Desktops (XenDesktop) 7.18 !
- Limit Number of Desktops in a Site
The next feature request I submitted because my SwissCUGC fellow leader Stefan Beckmann (https://www.beckmann.ch / @alphasteff)had an issue with the missing feature in version 7.x of Virtual Apps & Desktops (XenApp/XenDesktop): This is now implemented in version 1808 (former version naming would say 7.19). (If you want to use this feature, this is currently available in command line not in the Studio)
- StoreFront Logout without closing Browser
Also, this article describes the impact of a feature request from me: http://blog.sachathomet.ch/2017/01/03/storefront-allowreloginwithoutbrowserclose/
- And also, the missing Windows 10 disconnect button I repeatedly requested from Product Management – but guess I was not the only one … 🙂 A fix you can find here https://support.citrix.com/article/CTX225970 and I hope soon it will be implemented in the standard VDA
I hope now you have a bit an idea of the role of a Citrix Technology Professional and know that it’s more than just a title like a certification like CCE-V or so. There are a lot of brilliant CTPs, see the full list here: https://www.citrix.com/community/ctp/awardees.html or follow them on Twitter, Citrix has a complete list: https://twitter.com/citrix/lists/ctps
Translation of this Blog Post to English will follow later
Als wir diesen Sommer in den Urlaub fuhren, wurde mir wieder bewusst wie toll es ist, dass ich mein zu Hause “Smart” gemacht habe. In vorherigen Smart Home Blog-Posts konntet ihr bereits lesen dass ich einerseits eine selbst zusammen gestellte Lösung mit Home Assistant als zentrale Komponente betreibe, aber auch die Produkte von Energie 360 welche unter dem Namen Smartacus verkauft werden einsetze.
Ich gebe es zu, ich bin ein Kontrollfreak … ich will immer wissen was bei mir zu Hause geht. Es geht mir dabei nicht darum Leute zu überwachen, aber Raumtemperatur, offene Türen, Stromkonsum oder Schadensverursachende Einflüsse möchte ich gerne erkennen.
Hier ein paar Beispiele:
Wer kennt es nicht, nach dem wegfahren zu Hause kommt plötzlich der Gedanke “Habe ich den Kochherd auch wirklich ausgeschaltet?”
Mit einem entsprechend ausgerüsteten SmartHome kann man sich diese Frage mit einem Blick auf der Smartphone App sofort selbst beantworten. Voraussetzung ist natürlich dass die Energiemessung im SmartHome integriert wurde, bei Smartacus geht dies z.B. mit dem Strommessmodul, wenn man lieber selbst bastelt und eine Lösung für HomeAssistant sucht lässt sich z.B. Smappee dafür integrieren.
Mit dem Strommessmodul kann man natürlich auch gerade sein Standby-Konsum überprüfen, es macht durchaus Sinn alle nicht genutzten Geräte vor dem Urlaub ganz auszuschalten oder vom Netz zu nehmen. Das spart Strom, dadurch schont es die Geldbörse und man kann noch das minimale Risiko eines Brandes durch einen Kurzschluss etc. auf 0 reduzieren. Eigentlich weiss das ja jeder, aber mir wurde es mit der Strommessung erneut vor Augen geführt. Der Stromverbrauch der Smartacus Zentraleinheit ist mit ca 5 Watt übrigens enorm gering!
Habe ich erwähnt das in meinem SmartHome diverse Steckdosen stromlos gemacht werden, sobald ich das Haus verlasse und mein Mobiltelefon nicht mehr im Home WLAN ist? Nein … ok das ist das was für einen nächsten Blog-Post – bei Interesse wie ich das mache darf man gerne Anfragen.
Ein weiterer Grund das sich mein Smart Home diesen Sommer besonders nützlich erwies war die Tatsache, dass ich es mit einem Flut-Sensor ausgestattet habe um so “den Wasserstand” in meinem Keller zu checken. Siehe mein Post “Unterwasser“. Ich wusste somit auch das mit zu Hause keine böse Überraschung erwartet.
Trotz Smart Home hatte meine Schwiegermutter den Auftrag die Werbung aus dem Briefkasten 1x die Woche zu entfernen und in der Wohnung abzulegen, mit den Tür-Sensoren konnte ich feststellen ob und wann das gemacht wurde …
Urlaubszeit ist auch Einbruchszeit – mit dem zufälligen ein- und ausschalten von Lichtern kann eine Anwesenheit simuliert werden, was eventuell ein Einbrecher vor einer Tat abhält.
I really like summer and as a scuba diver I like a lot thins what are under water.
But last week after a summer storm there was to much under water … our basement was flooded 🙁
I’m not routinely in the basement, just when I need to take up a bottle of wine or something out of the freezer.
Until last week our basement was poorly equipped by IoT, the only one what I do is that I measure the power consumption of the freezer. But that exactly saved me from more damage, I was alerted because the freezer started to consume 100 watt instead of the usual 45 watt. So I decided to sight what is wrong. The basement was already flooded with 40cm of water.
Now I’m prepared for the future, I have installed now a Fibaro Flood Sensor and integrated to my Smartacus Smart Home System . Now I can see earlier when water comes into the basement and I have the chance to power off the freezer and to alert somebody to exhaust the water. The installation of the leak sensor with smartacus is pretty easy.
I learned, when a Smart Home System is present – it definitely makes sense to have sensors for all possible issues.
In Citrix Receiver 4.11 there is a new feature for Improved Control Over the Remote Language Bar for Seamless Published Applications (See https://support.citrix.com/article/CTX231913 ). This is especially for us here in Switzerland nice and important as we have four official spoken languages and also different Keyboard layouts. There is German, French, Italian and Romansh. Romansh is more or less neglected but beside German the languages French and Italian play a significant role.
As I plan to roll out the Receiver 4.11 in my company, my aim is to keep the possibility open for the user for configure that on receiver, but I want to have a pre-defined setting. By the way, earlier we always hid the Language bar by making use of the SeamlessFlags (on server side). But I experienced that this had in Server 2016 a negative impact to the logon time, don’t ask me why … But it’s a fact and i’s reproducible so I keep the Language bar visible and now I’m very happy that this is configurable in Receiver.
The configuration of this both features is is described here https://docs.citrix.com/en-us/receiver/windows/current-release/improve/keyboard-layout-and-language-bar.html and it’s possible to hide this Advanced feature with a reg Key.
But there is just described the config via GUI for the user! And there is today no way to configure that in the ADMX 🙁
With the help of ProcMon and Total Commander I just found out which two settings are getting touched when User set this preferences:
Local Keyboard is in the good old Appsrv.ini – the value is LocalIME=1 to use the local keyboard
Language Bar is HKCU\SOFTWARE\Ica Client\Engine\Configuration\Advanced\Modules\LocalIME
So if you want to configure this for all users you need to “patch” the AppSrv.ini to set the local Keyboard and/or Adjust the reg key above to disable the Language Bar on receiver side.