The drilldown provides additional information like Session Reliability or Auto Client Reconnect, time stamps, Endpoint IP, and Endpoint Name of the machine where the Workspace app is installed. This feature is available for Citrix Workspace app for Windows, Citrix Workspace app for Mac, Citrix Receiver for Windows, and Citrix Receiver for Mac. Citrix has identified a behavior with Receiver for Windows 4.7, Receiver for Mac 12.5, Receiver for Android 3.12.2/3.12.3, and Receiver for Linux 13.6, which prevents connections via some specific NetScaler firmware versions. The following table covers the NetScaler builds which are affected. Beginning August 2018, Citrix Receiver will be replaced by Citrix Workspace app. While you can still download older versions of Citrix Receiver, new features and enhancements will be released for Citrix Workspace app. Citrix Workspace app is a new client from Citrix that works similar to Citrix Receiver and is fully backward-compatible with. NVENC support from both Citrix and VMware is a recent feature and, if you are using an older version, you should experience no change in functionality. The following vGPU profiles have 512 Mbytes or less of frame buffer.
Objective
Upgrading to latest Receiver or Citrix Workspace App
Retrieving a list of users connecting on older Receiver versions
Citrix Cloud Management
Citrix Director
Citrix Cloud Connector
Troubleshooting
Refer to the following article to configure Citrix Gateway for Citrix Endpoint Management:
Citrix Endpoint Management TLS Version Deprecation
Instructions
Upgrading to latest Receiver or Citrix Workspace App
To ensure successful connection to Citrix Workspace from user endpoint devices, the version of Citrix Receiver installed must be equal to or greater than the versions listed below that support TLS 1.2.Receiver | Version |
Windows | 4.2.1000 |
Mac | 12.0 |
Linux | 13.2 |
Android | 3.7 |
iOS | 7.0 |
Chrome/HTML5 | Latest (Browser must support TLS 1.2) |
Citrix recommends upgrading to Citrix Workspace app if your version of Receiver is earlier than those listed above. Download here: https://www.citrix.com/products/receiver.html
Thin Clients with Earlier Receiver Versions
If you are using Thin Clients with earlier versions of Citrix Receiver that cannot be updated, install an on-prem StoreFront in your resource location and have all of the Citrix Receivers point to it.
Latest Version Of Citrix Receiver For Mac
Retrieving a list of users connecting on older Receiver versions
To retrieve a list of Receivers connecting to your Citrix Cloud environment, log into Citrix Cloud and click the Manage button for the Virtual Apps and Desktops service. The details include user, version, connection date, and endpoint device name.
Virtual Apps and Desktops (Full Edition)
Click Monitor > Trends > Custom Reports > Create Reports.
Select OData Query, provide a report name, and copy/paste the following query (change date range as needed).
Click Save, and then Execute to open the list in Excel.
Sessions?$filter = StartDate ge datetime'2019-02-01’ and StartDate le datetime'2019-03-31'&$select = CurrentConnection/ClientVersion,CurrentConnection/ClientName,User/UserName,StartDate&$expand = CurrentConnection,User
Click Monitor, and then select a catalog.
Click Export to open the list in Excel.
Citrix Cloud Management
To ensure successful connection to the Citrix Cloud management console (citrix.cloud.com), your browser must support TLS 1.2 (latest version of most web browsers).
Citrix Receiver For Mac Latest Version
Citrix Director
TLS 1.2 connection will be required when using OData APIs. To enforce use of TLS 1.2 on the client machine for clients such as MS Excel, PowerShell, LinqPad, refer to the following KB article: https://support.citrix.com/article/CTX245765
Citrix Cloud Connector
All connections to Citrix Cloud services from Citrix Cloud Connectors will require TLS 1.2. Citrix Provisioning and Machine Creation Services will allow TLS 1.0, 1.1, and TLS 1.2 connections by default (no action required) until later this year when it will change to TLS 1.2 only.
Note: If your security policy requires strict enforcement of TLS 1.2 connections, the following registry setting changes are required on each Citrix Cloud Connector.
.NET
SCHANNEL
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Client]
'DisabledByDefault'=dword:00000001
'Enabled'=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 2.0Server]
'Enabled'=dword:00000000
'DisabledByDefault'=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Client]
'Enabled'=dword:00000000
'DisabledByDefault'=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsSSL 3.0Server]
'Enabled'=dword:00000000
'DisabledByDefault'=dword:00000001
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client]
'DisabledByDefault'=dword:00000001
'Enabled'=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server]
'DisabledByDefault'=dword:00000001
'Enabled'=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Client]
'DisabledByDefault'=dword:00000001
'Enabled'=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.1Server]
'DisabledByDefault'=dword:00000001
'Enabled'=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client]
'Enabled'=dword:00000001
'DisabledByDefault'=dword:00000000
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server]
'Enabled'=dword:00000001
'DisabledByDefault'=dword:00000000
For more details, refer to the Microsoft article “Transport Layer Security (TLS) best practices with the .NET Framework”, section “SystemDefaultTlsVersions” https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#systemdefaulttlsversion
Troubleshooting
Since Citrix Cloud supports only TLS 1.2 and above, all clients accessing any data from Citrix Services with TLS versions 1.0 and 1.1 will see one of the following errors:
Director
Error:
System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
Refer to the following article to configure clients for TLS 1.2 communication:
https://support.citrix.com/article/CTX245765
Receiver
Error:
'Unable to launch your app....Cannot connect to the Citrix XenApp server. SSL Error 4... The server rejected the connection.'
Refer to Upgrading to latest Receiver or Citrix Workspace app above.
Connector
If your Citrix Cloud Connector machine is not able to establish a connection with Citrix Cloud after Mar 15, 2019, check the following registry key to ensure TLS 1.2 is not disabled:
HKLM SYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL
More details:
https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings
https://docs.microsoft.com/en-us/windows/desktop/secauthn/protocols-in-tls-ssl--schannel-ssp-
Note: Internet Explorer group policy settings also control the values found in SCHANNEL registry key; Internet Explorer > Internet Properties can be used to check enabled/disabled protocols.