Issues by accessing Citrix Virtual Apps and Desktops on a pure IPv6 Internet Provider with enabled EDT
Some weeks ago first Incidents reached my team with the problem description that Users having a problem accessing their pooled Windows 10 desktops trough Citrix ADC (aka Netscaler).
I noticed that all affected users have one thing in common, they all have UPC Cablecom as an Internet Provider. As soon they connect their device to another internet connection, for instance to the Wifi hotspot created with their mobile phone all works fine.
Further troubleshooting steps showed that if I publish a dedicated VDI with disabled EDT also all works fine. If you don’t know what EDT is, Google EDT and Citrix 🙂
Usually, EDT is enabled and uses UDP for communication if the port is open and it’s possible. Otherwise, it should fall back to TCP. It seems to fall back just works if the ports are closed.
Now my problem is, I can’t disable EDT for all pooled VDI as we have some users who really need it. I also won’t give all the users dedicated desktops.
Luckily Julian Jakob gave me the hint to disable EDT on client-side. This is the best workaround.
Guidance for the User
(Because of BYOD the user needs to do that … )
On Windows it’s just a Registry key which the users have to create:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\UDT] "HDXoverUDP"="Off"
On a Mac this command should be typed in the terminal:
defaults write com.citrix.receiver.nomas HDXOverUDPAllowed -bool NO
On iOS devices you can disable EDT in the Workpace App:
Settings => Advanced => Adaptive Transport Settings => EDT (set on inactive)
Please Citrix fix that! All that I want is a fall back to TCP if UDP is not working, I don’t care if the port is closed or if it’s another issue. If EDT doesn’t work don’t use it. For users, this manual config on the client-side is not just annoying, some are not able to do it.
- If you have a non-standard MTU, see this article: https://support.citrix.com/article/CTX231821
- Background why this is happening, it seems UPC uses CarrierGradeNAT * and its a problem with IPv4/IPv6 Encapsulation, at the end there is too little payload available (MTU issue). Kudos to Markus Löffler for this hint and the link.
- Citrix has introduced in the background a feature called MTU Discovery. It’s not yet officially announced but it’s in the documentation since 1912: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/technical-overview/hdx/adaptive-transport.html#edt-mtu-discovery maybe this also can help solving this issue. I was not yet able to test.
* Explanation in German: https://www.elektronik-kompendium.de/sites/net/2010221.htm
I’ve enabled MTUDiscovery and it really looks promising, please be aware that MTU Discovery currently is just for the WorkspaceApp for Windows available. (CWA 19.12 an newer)