SDX 15000 Bundle Upgrade Fail

Environment

Citrix ADC SDX 11.1 Build 61.112 (brand new appliance that came with 11.1 out of the box)

Issue

After uploading Bundle 13.0 Build 36.27 to the SDX, I attempted to upgrade the SDX appliance. According to article https://docs.citrix.com/en-us/citrix-hardware-platforms/sdx/supported-versions.html you can go straight from 11.1 to 13.0.

The upgrade passes the ‘Upgrade initialization’ phase and after a short period of time it fails on the ‘Management Service upgrade’ with the follwoing error:

“Upgrade of Management Service to build-svm-13.0-36.27.tgz failed. Upgrade of Management Service should have rebooted the system but did not reboot even after 5 minutes. Manually reboot the Management Service. Restart Update Software operation. If problem persists contact Support.”

Run the following:

• shell
• /var/log
• more messages

“Oct 23 13:30:09 <local0.err> <SDX Hostname> svm_event: 11.247.32.36 10/23/2019:00:30:09 GMT : SNMP TRAP_SENT : 127.0.0.1:BackupFailure:<SDX SVM IP> – Single Bundle Image was not found for SVM version 11.1-61.112
Oct 23 13:30:09 <local0.err><SDX Hostname>svm_event: <SDX SVM IP> 10/23/2019:00:30:09 GMT : EVENT BACKUPFAILED : 127.0.0.1:BackupFailure:11.247.32.36 – Single Bundle Image was not found for SVM version 11.1-61.112″

In the System > Events section it had the following event:

 

Troubleshooting

• Logged back into the SDX SVM, and rebooted the Management Service via UI and SSH, attempted another SDX bundle upgrade and got the same error message.
• Rebooted the whole SDX appliance then attempted the SDX bundle upgrade and the same error again.
• Attempted to upgrade to Bundle 12.1 Build 54.13, same issue
• Attempted to upgrade to Bundle 11.1 Build 63.9, failed as the ‘platform’ version in this build is lower than the version I’m on, even though its currently at Bundle 11.1 Build 61.112
• Factory reset on SDX2, no customizations done, attempted an upgrade to Bundle 13.0, same issue
• After the above factory reset, checked out /var/log/messages

Oct 24 02:27:35 <user.notice> nssdx-mgmt installsvm: [2699]: BEGIN_TIME 1571884055 Thu Oct 24 02:27:35 2019
Oct 24 02:27:35 <user.notice> nssdx-mgmt installsvm: [2699]: VERSION svm-13.0-36.27.gz
Oct 24 02:27:35 <user.notice> nssdx-mgmt installsvm: [2699]: installsvm version (13.0-36.27) kernel (svm-13.0-36.27.gz)
Oct 24 02:27:35 <user.notice> nssdx-mgmt installsvm: [2699]: inside check_sysid_white_list, sysid_to_check = –450097–
Oct 24 02:27:35 <user.notice> nssdx-mgmt installsvm: [2699]: now reading sysid_white_list
Oct 24 02:27:35 <user.notice> nssdx-mgmt installsvm: [2699]: currentLine: 450093:2:0/1,0/2
Oct 24 02:27:35 <user.notice> nssdx-mgmt installsvm: [2699]: currentLine: 450087:2:0/1,0/2
Oct 24 02:27:35 <user.notice> nssdx-mgmt installsvm: [2699]: currentLine: 450092:1:0/1
Oct 24 02:27:35 <user.notice> nssdx-mgmt installsvm: [2699]: currentLine: 450096:2:0/1,0/2
Oct 24 02:27:35 <user.notice> nssdx-mgmt installsvm: [2699]: currentLine: 450089:2:0/1,0/2
Oct 24 02:27:35 <user.notice> nssdx-mgmt installsvm: [2699]: sysid=450097 NOT found in whitelist
Oct 24 02:27:35 <user.notice> nssdx-mgmt installsvm: [2699]: Error: This version of Management Service software is incompatible with the hardware platform 450097 , please contact Citrix support

• Attempted to upgrade to Bundle v12.1 again, same GUI and ‘messages’ errors regarding the Management Service.

Oct 24 03:09:00 <user.notice> nssdx-mgmt installsvm: [4908]: BEGIN_TIME 1571886540 Thu Oct 24 03:09:00 2019
Oct 24 03:09:00 <user.notice> nssdx-mgmt installsvm: [4908]: VERSION svm-12.1-54.13.gz
Oct 24 03:09:00 <user.notice> nssdx-mgmt installsvm: [4908]: installsvm version (12.1-54.13) kernel (svm-12.1-54.13.gz)
Oct 24 03:09:00 <user.notice> nssdx-mgmt installsvm: [4908]: inside check_sysid_white_list, sysid_to_check = –450097–
Oct 24 03:09:00 <user.notice> nssdx-mgmt installsvm: [4908]: now reading sysid_white_list
Oct 24 03:09:00 <user.notice> nssdx-mgmt installsvm: [4908]: currentLine: 450093:2:0/1,0/2
Oct 24 03:09:00 <user.notice> nssdx-mgmt installsvm: [4908]: currentLine: 450087:2:0/1,0/2
Oct 24 03:09:00 <user.notice> nssdx-mgmt installsvm: [4908]: currentLine: 450092:1:0/1
Oct 24 03:09:00 <user.notice> nssdx-mgmt installsvm: [4908]: currentLine: 450096:2:0/1,0/2
Oct 24 03:09:00 <user.notice> nssdx-mgmt installsvm: [4908]: currentLine: 450089:2:0/1,0/2
Oct 24 03:09:00 <user.notice> nssdx-mgmt installsvm: [4908]: sysid=450097 NOT found in whitelist
Oct 24 03:09:00 <user.notice> nssdx-mgmt installsvm: [4908]: Error: This version of Management Service software is incompatible with the hardware platform 450097 , please contact Citrix support

 

Resolution

Just found out that the new SDX 15xxx ONLY support v11.1 build 61.112, the version it gets shipped with

https://docs.citrix.com/en-us/citrix-hardware-platforms/sdx/hardware-platforms/sdx-15000.html

“Citrix ADC SDX 15000 appliance is supported only on SDX image version 11.1.61.112 (private build).”

 

 

Citrix Workspace Service Setup

Going through my first Citrix Cloud/Workspace/CVAD deployment I thought I’d blog the process I go through to configure Workspace. This blog post will get updated as I go and discover more about Workspace.

 

After authenticating into your Citrix Cloud instance, browse to Workspace Configuration

Access

Enable the Workspae URL and then click Edit. Choose a relevant name for your Workspace URL, once it has been Save, it can take 10mins to become available as mentioned below.

Authentication

Select the authentication method used to sign into Workspace. Configuration of each of these authentication methods is done via Identity and Access Management section.

Customize / Appearance

• Upload your Sign-in Appearance logo
• Upload your After Sign-in Appearance logo
• Content Branding (colour scheme)

Customize / Preferences

Configure the following:

• Allow Favourites (Enabled/Disabled)
• Automatically Launch Desktop (Enabled/Disabled)
• Workspace Timeout (20mins is default)
• Citrix Workspace Preferences (In a browser / In a native app / Let subscribers choose)
• Enabled Microsoft Teams (Enabled/Disabled)

 

Manage Services Integrations

By default, Virtual Apps and Desktops is enabled by default. To configure Workspace for an On Prem Virtual Apps and Desktops or XenApp 6.5 site, on ‘Virtual Apps and Desktop On-Premises Sites” click Add Site.

Will document the On Prem site connections later.

Configure Workspace with On Prem ADC Gateway

Browse to Access, under the required Resource Location select Configure Connectivity.

• Click Edit and enter in the external FQDN of your On Prem ADC Gateway.
• Select Test STA, this is likely to fail as they are behind the ADC Gateway
• Click Save

• Under Access and your Resouce Location you should now see:
  Gateway: Gateway_FQDN:443

To validate the Citrix Gateway is now handling the ICA traffic via Citrix Workspace, log into your Citrix Gateway > select Citrix Gateway > ICA Connections

Because the user authentication is handled by Citrix WorkSpace via the Citrix Cloud Connectors to Active Directory, the Citrix Gateway will show ‘anonymous’ as the username.

To validate that the Citrix Gateway is being used I SSH’d into the ADC and run:

• shell

• nstcpdump.sh host <Gateway VIP> or <Content Switch VIP> (if using Citrix Unified Gateway)

You will see hits on this once applications are launched from Citrix Workspace.

Citrix ADC Feature Matrix

I was looking for a simple breakdown of the Citrix ADC and what features you get with each license edition.

There are some from Citrix like: https://www.citrix.com/products/citrix-adc/platforms.html but it doesn’t really give a simple list of exact feature to license.

I decided to create my own matrix based on the Platinum, Enterprise and Standard license. Hope its useful for you also.

I have included the XLSX file in case you need it – NetScaler Licensing

Date: 22 Feb 2019

Feature	Platinum	Advanced	Standard
Web Logging	YES	YES	YES
Surge Protection	YES	YES	NO
Load Balancing	YES	YES	YES
Content Switching	YES	YES	YES
Cache Redirection	YES	YES	NO
Sure Connect	YES	YES	NO
Compression Control	YES	YES	NO
Delta Compression	NO	NO	NO
Priority Queuing	YES	YES	NO
SSL Offloading	YES	YES	YES
Global Server Load Balancing	YES	YES	NO
GSLB Proximity	YES	YES	NO
Http DoS Protection	YES	YES	NO
Dynamic Routing	YES	YES	YES
Content Filtering	YES	YES	YES
Content Accelerator	YES	NO	NO
Integrated Caching	YES	NO	NO
SSL VPN	YES	YES	YES
AAA	YES	YES	NO
OSPF Routing	YES	YES	NO
RIP Routing	YES	YES	NO
BGP Routing	YES	YES	NO
Rewrite	YES	YES	YES
IPv6 protocol translation	YES	YES	YES
Application Firewall	YES	NO	NO
Responder	YES	YES	YES
HTML Injection	YES	YES	YES
NetScaler Push	YES	YES	NO
Web Interface on NS	YES	YES	YES
AppFlow	YES	YES	YES
CloudBridge	YES	NO	NO
ISIS Routing	YES	YES	NO
Clustering	YES	YES	NO
CallHome	YES	YES	NO
AppQoE	YES	YES	NO
Appflow for ICA	YES	YES	NO
RISE	YES	YES	NO
vPath	–	YES	YES
Front End Optimization	YES	YES	NO
Large Scale NAT	YES	YES	NO
RDP Proxy	YES	YES	NO
Reputation	YES	NO	NO
URL Filtering	NO	–	–
Video Optimization	YES	–	–
Forward Proxy	NO	–	–
SSL Interception	NO	–	–
Remote Content Inspection	YES	–	–
Adaptive TCP	YES	–	–
Connection Quality Analytics	YES	–	–

Citrix Storefront 3.16 HTML5 and Receiver for Linux Issue

Fellow Citrix CTA René Bigler highlighted an issue in the IGEL Community Slack channel that when using Storefront enabled for ‘Use Receiver for HTML5 if local Recevier is unavailable’ it would automatically default to HTML5 and fail to launch the app/desktop.

I did further testing to isolate exactly where the issue might lie. Here’s my testing and results carried out.

Environment
-Citrix XenApp 7.15 CU2
-Storefront 3.15 and 3.16
-IGEL OS 10.05.100
-Citrix Receiver 13.9.1 and 13.10.0

Test #1
-Storefront 3.15, Receiver Deployment Option: Install locally
-IGEL OS 10.05.100
-Citrix Receiver 13.9.1

Result: Logged into Storefront browser, launched XenApp desktop successfully using native Receiver

Test #2
-Storefront 3.15, Receiver Deployment Option: Install locally
-IGEL OS 10.05.100
-Citrix Receiver 13.10.1

Result: Logged into Storefront browser, launched XenApp desktop successfully using native Receiver

Test #3
-Storefront 3.15, Receiver Deployment Option: Use Receiver for HTML5 if local Recevier is unavailable.
-IGEL OS 10.05.100
-Citrix Receiver 13.9.1

Result: Logged into Storefront browser, launched XenApp desktop successfully using native Receiver

Test #4
-Storefront 3.15, Receiver Deployment Option: Use Receiver for HTML5 if local Recevier is unavailable.
-IGEL OS 10.05.100
-Citrix Receiver 13.10.1

Result: Logged into Storefront browser, launched XenApp desktop successfully using native Receiver

Test #5
-Storefront 3.16, Receiver Deployment Option: Install locally
-IGEL OS 10.05.100
-Citrix Receiver 13.9.1

Result: Logged into Storefront browser, launched XenApp desktop successfully using native Receiver

Test #6
-Storefront 3.16, Receiver Deployment Option: Install locally
-IGEL OS 10.05.100
-Citrix Receiver 13.10.1

Result: Logged into Storefront browser, launched XenApp desktop successfully using native Receiver

Test #7
-Storefront 3.16, Receiver Deployment Option: Use Receiver for HTML5 if local Recevier is unavailable
-IGEL OS 10.05.100
-Citrix Receiver 13.9.1

Result: Logged into Storefront browser, launched XenApp desktop, attempted to use HTML5 and failed

Test #8
-Storefront 3.16, Receiver Deployment Option: Use Receiver for HTML5 if local Recevier is unavailable
-IGEL OS 10.05.100
-Citrix Receiver 13.10.1

Result: Logged into Storefront browser, launched XenApp desktop, attempted to use HTML5 and failed

Issue

Issue appears to be with any Receiver for Linux version running on Storefront 3.16 (1808)

Workaround

If you are running Storefront 3.16 (1808) and the Receiver for Linux, ensure you have ‘Install Locally’ set rather than ‘Use Receiver for HTML5 if local Recevier is unavailable’ then your XenApp desktops/apps will launch.

 

Error “This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer package” Installation success or error status: 1620.

Issue

Attempting to install an .msp file (in my case Citrix XenApp 6.5 RollUp7) it fails to install with the following error message.

Error Message

Troubleshooting Steps

1. Run the msp with the verbose logging switch for example:

.\XA650W2K8R2X64R07.msp /L*v C:\Temp\RollUp7.log

2. Have a look in the C:\Temp\RollUp7.log file and you’re looking for the highlighted in red below “C:\Windows\Installer\d5c63.msi

Log File:

=== Verbose logging started: 30/05/2018 8:17:04 Build type: SHIP UNICODE 5.00.7601.00 Calling process: C:\windows\System32\msiexec.exe ===
MSI (c) (EC:F0) [08:17:04:901]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (EC:F0) [08:17:04:901]: Font created. Charset: Req=0, Ret=0, Font: Req=MS Shell Dlg, Ret=MS Shell Dlg

MSI (c) (EC:10) [08:17:04:917]: Resetting cached policy values
MSI (c) (EC:10) [08:17:04:917]: Machine policy value 'Debug' is 0
MSI (c) (EC:10) [08:17:04:917]: ******* RunEngine:
 ******* Product: {1471A89F-8CAB-4C46-89AB-942432D1DD3D}
 ******* Action: 
 ******* CommandLine: **********
MSI (c) (EC:10) [08:17:04:917]: Machine policy value 'DisableUserInstalls' is 0
MSI (c) (EC:10) [08:17:05:057]: Cloaking enabled.
MSI (c) (EC:10) [08:17:05:057]: Attempting to enable all disabled privileges before calling Install on Server
MSI (c) (EC:10) [08:17:05:151]: End dialog not enabled
MSI (c) (EC:10) [08:17:05:151]: Original package ==> C:\windows\Installer\d5c63.msi
MSI (c) (EC:10) [08:17:05:151]: Package we're running from ==> C:\windows\Installer\d5c63.msi
MSI (c) (EC:10) [08:17:05:166]: Note: 1: 2276 2: 3: 75 
DEBUG: Error 2276: Database: . Codepage 75 not supported by the system.
1: 2276 2: 3: 75 
This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer package.
C:\windows\Installer\d5c63.msi
MSI (c) (EC:10) [08:17:05:213]: Note: 1: 1708 
MSI (c) (EC:10) [08:17:05:213]: Product: -- Installation failed.

MSI (c) (EC:10) [08:17:05:213]: Windows Installer installed the product. Product Name: . Product Version: . Product Language: . Manufacturer: . Installation success or error status: 1620.

MSI (c) (EC:10) [08:17:05:213]: MainEngineThread is returning 1620
=== Verbose logging stopped: 30/05/2018 8:17:05 ===

 

3.  Browse to C:\Windows\Installer\ folder (hidden protected OS folder) and rename the .msi to .old mentioned in the log file.

4. Re-run the .msp install

5. This time it will prompt for the original msi files, in my case it was the mps.msi

6. Browse to the original msi file where it may be and now the .msp file will install normally.

Citrix Receiver upgrade to 4.10 via Scripted Install – “Exit code is 1602 No Plugin found with UpgradeCode = {9FAB00CA-B032-4E4E-8D0C-E3B35802335D}”

Issue

When doing either a scripted upgrade of Citrix Receiver to v4.10.x from v4.x the installation fails.

A manual upgrade works as expected.

Upgrade Script example

.\CitrixReceiver.exe /noreboot /silent /includeSSON /ENABLE_SSON=Yes /EnableCEIP=false

TrolleyExpress.log file
C:\Users\<install user>\AppData\Local\Temp\CTXReceiverInstallLogs-20180524-160141\TrolleyExpress-20180524-160141

shows something similar to the following:

Error - CComponentManager::GetInstallStatus(598) - Installation NOT successful for 'XenApp Web Plugin', error: 1603.
Information - CComponentManager::GetInstallStatus(603) - Installation NOT successful for 'Citrix Receiver (DV)', it never fully tried to install, possibly due to issues.
Information - CComponentManager::GetInstallStatus(603) - Installation NOT successful for 'HDX Flash', it never fully tried to install, possibly due to issues.
Information - CComponentManager::GetInstallStatus(603) - Installation NOT successful for 'HDX Aero', it never fully tried to install, possibly due to issues.
Information - CComponentManager::GetInstallStatus(603) - Installation NOT successful for 'Authentication Manager', it never fully tried to install, possibly due to issues.
Information - CComponentManager::GetInstallStatus(603) - Installation NOT successful for 'Self Service Plug-in', it never fully tried to install, possibly due to issues.
Information - CComponentManager::GetInstallStatus(603) - Installation NOT successful for 'WebHelper', it never fully tried to install, possibly due to issues.
Information - CComponentManager::GetInstallStatus(645) - Created entry for RTME Plugin for reinstalling it if it was installed previously
Information - CComponentManager::GetInstallStatus(692) - Need to repaire plugin with UpgradeCode = {9FAB00CA-B032-4E4E-8D0C-E3B35802335D}
Information - CtxInstallHelpers::CInstalledClientPkg::FindInstalledClient(154) - No existing clients found with given upgrade code: {9FAB00CA-B032-4E4E-8D0C-E3B35802335D}
Information - CComponentManager::GetInstallStatus(704) - Repairs Receiver plugin with Product code = 
Information - CComponentManager::GetInstallStatus(713) - No Plugin found with UpgradeCode = {9FAB00CA-B032-4E4E-8D0C-E3B35802335D}
Information - CApp::SetExitCode(120) - Exit code is 1602 (called with 1603)
Information - CApp::Remove_Reg_Uninstall(1641) - CApp::Remove_Reg_Uninstall
Information - CApp::ExitInstance(1335) - Exit Code = 1602

“No Plugin found with UpgradeCode = {9FAB00CA-B032-4E4E-8D0C-E3B35802335D}”

Solution

• None currently, it’s a known issue with Citrix for upgrading to v4.10.x and 4.11.x, it’s meant to be resolved in v4.12.x.
• New installs and manual upgrades work as expected
• Upgrading to v4.9.x LTSR and earlier works as expected.

Workspace Environment Manager – Capture Screen

Workspace Environment Manager has a cool little feature for end users to use called ‘Capture Screen’, it can be accessed by right clicking on the WEM Agent in the System Tray.

This utility captures the users screen and lets them either Save the image or send it straight to a pre-configured email address (Service Desk etc). Enable Screen Capture in the WEM Administration Console under:

Advanced Settings > UI Agent Personalization > Helpdesk Options

By default the Comments field is greyed out on the end point and needs to be enabled within the WEM Administration Console.

To enable the Comments field you need to put the WEM variable “##UserScreenCaptureComment##” (without quotes) anywhere in the ‘Email Template’ field as below.

After putting in the variable, apply the settings in the WEM Administration Console and then refresh the WEM Agent on the end point. Now when selecting Capture Screen the Comments field is enabled for user input.

You can use a combination of variables through the Custom Subject and Email Template as below, remembering that ##UserScreenCaptureComment## needs to be somewhere in the Email Template.

User Comment:    ##UserScreenCaptureComment##
User Name:           ##UserName##
Display Name:      ##FullUserName##
XenApp Server:   ##ComputerName##
RDS Session ID:   ##RDSSessionID##
Client Name:       ##ClientName##

Refer here for possible variables to use: https://docs.citrix.com/en-us/workspace-environment-management/current-release/reference/dynamic-tokens.html