Jump to content
Welcome to our new Citrix community!
  • 0

Adaptive Transport and NetScaler 12


Daniel Litschewsky

Question

Hi all,

 

does anyone have Adaptive Transport (EDT) running via NS Gateway on NetScaler 12.

 

I followed up every article to get it running on NS 12 but no luck. ICA sessions only run on 1494/2598 TCP.

Didn't test it with NS 11.1-51.21, maybe someone knows if it is supported with NS 12 or not.

Or is it only supported with NS 11.1-51.21?

 

Via LAN UDP works fine. DTLS also active on NS

 

Any hints on that issue

 

Best Regards,

 

Daniel

 

Link to comment

19 answers to this question

Recommended Posts

  • 0

Then maybe they didn't fully check that they supported anything above SHA256 for EDT.  My CA certs are SHA384

 

But this is what the guy told me:

 

The issue is with EDT/DTLS itself when it is enabled on the Netscaler and and HDX Adaptive Transport is enabled on XenApp site

Link to comment
  • 0

get EDT still not working in my environment.

We are load balancing StoreFront via KEMP Load Balancer.

But as I already said in the LAN EDT works also running over the KEMPM load balancer

 

I opened the UDP Ports 443 from external IP --> DNAT --> VIP Gateway

NetScaler Subnet IP 1494,2598 TCP + UDP to Worker LAN and StoreFront Load Balancer

 

Did I forget anything

Link to comment
  • 0

i tried to get EDT working over a Netscaler 12 aswell and i discovered that it works with the latest build, but NOT when using Unified Gateway. when i use a normal gateway, it works fine.

 

this site states unified gateway is supported: https://docs.citrix.com/en-us/netscaler-gateway/12/hdx-enlightened-data-transport-support/configuring-netscaler-gateway.html - but i remember that this was discussed already when EDT came out and i was surprised to see Unified Gateway support on this list.

 

DTLS and UDP 443 enabled - same configuration works with a NSGW but not with UGW.

 

EDIT: i found out, that using SNI was the problem. its not caused by the UGW - it works properly without SNI. seems this is not supported yet? 

Link to comment
  • 0

@derdani82

Does it work if you launch the EDT session from the internal network, bypassing NSG?

If not, focus on the ICA file (does it inlcude HDXoverUDP = Preferred), or check the UDP ports are listening on the VDA.

 

If it did, is Receiver attempting UDP and getting a reply from NSG VPN vServer? Use Wireshark to double check.

If there are UDP/DTLS packets back and forth, proceed to check UDP packets between NSG backend SNIP and VDA.

Use Wireshark again.

 

Link to comment
  • 0
On 7/16/2019 at 5:54 AM, Daniel Litschewsky said:

Try disabling IPv6 on client and endpoint

Yes looks like its a no go on the prod environment since its running ipv4/ipv6 gateways (even though VDA's are ipv4 only).

 

On the ipv4 test systems the UDP 443 is what I missed when opening ports from Netscaler to the VDA. Now its working. I will need to test further to see if the performance differences will be high enough to trigger the discussion on at least temporarily getting rid of the ipv6 gateway (from support perspective the dual stack has def not made things easy).

 

One interesting note, when the VDA's and the farm were upgraded from 7.15 to 1903, suddenly a number of Mac's running Workspace clients stopped working via Netscaler.  This was not the problem on the 7.15 VDA's that have not been upgraded. The only way to get the users back on was to downgrade Workspace clients to LTSR Receiver. Turns out that with non-functional NS-VDA EDT connectivity they weren't falling back to TCP.  Shutting off the Adaptive transport via policy allowed the use of Mac workspace clients again. PC clients worked fine, however.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...