Jump to content


Photo

Enabling EDT for XenApp 7.13 makes connecting hit or miss

Started by Raul Gonzalez , 15 March 2017 - 11:27 AM
8 replies to this topic

Raul Gonzalez Members

Raul Gonzalez
  • 569 posts

Posted 15 March 2017 - 11:27 AM

I followed the requirements for enabling EDT but when I do, the client takes longer than normal to connect and randomly throws a connection error 1110 or 0.  However when it does connect it works fine and shows up as HDX UDP in Director.

 

I have XenApp 7.13, Storefront 3.9, Netscaler 11.1 52.13 and Citrix Receiver 4.7 installed with the HDX Adaptive Transport Policy enabled.

 

Turning off the Adaptive Transport policy results in reliable connections.

 

I also removed the TLS1.2-ECDHE-RSA-AES256-GCM-SHA384  SSL cipher from Netscaler Gateway because I experienced random disconnections/crashes when I migrated from Netscaller 11 to 11.1 with either Recever 4.6 or 4.7.



Kishore Kunisetty Citrix Employees

Kishore Kunisetty
  • 372 posts

Posted 15 March 2017 - 02:54 PM

I followed the requirements for enabling EDT but when I do, the client takes longer than normal to connect and randomly throws a connection error 1110 or 0.  However when it does connect it works fine and shows up as HDX UDP in Director.

 

I have XenApp 7.13, Storefront 3.9, Netscaler 11.1 52.13 and Citrix Receiver 4.7 installed with the HDX Adaptive Transport Policy enabled.

 

Turning off the Adaptive Transport policy results in reliable connections.

 

I also removed the TLS1.2-ECDHE-RSA-AES256-GCM-SHA384  SSL cipher from Netscaler Gateway because I experienced random disconnections/crashes when I migrated from Netscaller 11 to 11.1 with either Recever 4.6 or 4.7.

 

Are you saying you see the session launch via NSG with HDX UDP occasionally only working instead of all the time?

 

If yes you might have to get the traces from your client, nsg and vda along with wireshark to see when this fails. Please work with Citrix Support to assist you further.

 

Please share the case id once you log.

 

Thanks

Kishore



Raul Gonzalez Members

Raul Gonzalez
  • 569 posts

Posted 16 March 2017 - 11:31 AM

When I have EDT enabled, the client has trouble connecting.  However when it does make a successful connection, it does show up as HDX UDP in Director to verify I configured everything properly.

 

My one theory is my CA certificate chain certs from InCommon or COMODO all use SHA384.  I assume EDT support on Netscaler 11.1 is sensitive to this.  I assume Netscaler 12 will be out in time for Synergy with proper SHA384 support.



Kishore Kunisetty Citrix Employees

Kishore Kunisetty
  • 372 posts

Posted 16 March 2017 - 03:40 PM

Thanks for the details. So you are only seeing the issue with SHA384 in your setup.

have you seen the enclosed link already referring what frontend and backend support of these in netscaler with different models... I am not sure what model your device is.

https://docs.citrix.com/en-us/netscaler/11-1/ssl/cipher_protocl_support_matrix.html

 

Thanks

Kishore



Raul Gonzalez Members

Raul Gonzalez
  • 569 posts

Posted 17 March 2017 - 09:17 PM

They're Netscaler MPX 8005's



Kishore Kunisetty Citrix Employees

Kishore Kunisetty
  • 372 posts

Posted 20 March 2017 - 05:54 PM

They're Netscaler MPX 8005's

 

Thanks for the info. I have asked the team who may have idea about this to see if there is any known issue. If I hear back I will let you know. I would suggest you log a support case and get this looked by the relevant SME's from your setup if possible.

 

Please share your case/bug id when you hear from Citrix support team once you log this with them.

 

Thanks

Kishore



Aitor Pizarro Reyes Members

Aitor Pizarro Reyes
  • 3 posts

Posted 20 March 2017 - 06:39 PM

Hello Raul,

Did you check if IPv6 is disabled in the VDAs┬┐ I had a similar problem before I disable all components of IPv6.



Raul Gonzalez Members

Raul Gonzalez
  • 569 posts

Posted 21 March 2017 - 11:38 AM

I checked. I do have IPv6 disabled already.



Aitor Pizarro Reyes Members

Aitor Pizarro Reyes
  • 3 posts

Posted 21 March 2017 - 02:57 PM

in this way?
http://www.thewindowsclub.com/disable-ipv6-5-second-boot-delay




Also tagged with one or more of these keywords: edt, xenapp 7.13, connectivity, issues