Known issues
The following issues have been identified in this release:
-
Linux VDAs might unregister when you restart the Cloud Connector or the Delivery Controller. [CVADHELP-21256]
-
With the RC4_HMAC_MD5 encryption type allowed for Kerberos, the Linux VDA might fail to register with the Controller and the following error message appears:
Error: Failure unspecified at GSS-API level (Mechanism level: Encryption type RC4 with HMAC is not supported/enabled)
To address this issue, disable RC4_HMAC_MD5 globally in your Active Directory domain (or specifically on an OU) or allow weak encryption types on the Linux VDA. After that, clear the cached Kerberos tickets on the Controller and Citrix Cloud Connector by using the klist -li 0x3e4 purge command and restart the Linux VDA.
To disable RC4_HMAC_MD5 globally in your Active Directory domain, complete the following steps:
- Open the Group Policy Management Console.
- Locate the target domain, and then select Default Domain Policy.
- Right-click Default Domain Policy and select Edit. The Group Policy Management Editor opens.
- Select Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.
- Double-click Network security: Configure encryption types allowed for Kerberos.
- Clear the DES_CBC_CRC, DES_CBC_MD5, and RC4_HMAC_MD5 check boxes and select AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future encryption types.
To allow weak encryption types on the Linux VDA, complete the following steps:
Note:
Weak encryption types make your deployment vulnerable to attacks.
- Open the /etc/krb5.conf file on the Linux VDA.
-
Add the following setting under the [libdefaults] section:
allow_weak_crypto= TRUE
-
The Linux VDA does not support SecureICA for encryption. Enabling SecureICA on the Linux VDA causes session launch failure.
-
Non-seamless published applications might exit shortly after launch. The issue occurs after a Mutter upgrade to a version later than mutter-3.28.3-4. To work around the issue, use mutter-3.28.3-4 or earlier. [LNXVDA-6967]
-
An unexpected window appears during file download. The window does not affect the file download functionality and it disappears automatically after a while. [LNXVDA-5646]
-
The default settings of PulseAudio cause the sound server program to exit after 20 seconds of inactivity. When PulseAudio exits, audio does not work. To work around this issue, set exit-idle-time=-1 in the /etc/pulse/daemon.conf file. [LNXVDA-5464]
-
Sessions cannot be launched in Citrix Workspace app for Linux when SSL encryption is enabled and session reliability is disabled. [RFLNX-1557]
-
Ubuntu graphics: In HDX 3D Pro, a black frame might appear around applications after resizing the Desktop Viewer, or sometimes, the background can appear black.
-
Printers created by the Linux VDA printing redirection might not be removed after logging out of a session.
-
CDM files are missing when a directory contains numerous files and subdirectories. This issue might occur if the client side has too many files or directories.
-
Only UTF-8 encoding is supported for non-English languages.
-
Citrix Workspace app for Android CAPS LOCK state might be reversed during session roaming. The CAPS LOCK state can be lost when roaming an existing connection to Citrix Workspace app for Android. As a workaround, use the Shift key on the extended keyboard to switch between upper case and lower case.
-
Shortcut keys with ALT do not always work when you connect to the Linux VDA using Citrix Workspace app for Mac. Citrix Workspace app for Mac sends AltGr for both left and right Options/Alt keys by default. You can modify this behavior within the Citrix Workspace app settings but the results vary with different applications.
-
Registration fails when the Linux VDA is rejoined to the domain. The rejoining generates a fresh set of Kerberos keys. But, the Broker might use a cached out-of-date VDA service ticket based on the previous set of Kerberos keys. When the VDA tries to connect to the Broker, the Broker might not be able to establish a return security context to the VDA. The usual symptom is that the VDA registration fails.
This problem can eventually resolve itself when the VDA service ticket expires and is renewed. But because service tickets are long-lived, it can take a long time.
As a workaround, clear the Broker’s ticket cache. Restart the Broker or run the following command on the Broker from a command prompt as Administrator:
klist -li 0x3e4 purge <!--NeedCopy-->
This command purges all service tickets in the LSA cache held by the Network Service principal under which the Citrix Broker Service runs. It removes service tickets for other VDAs and potentially other services. However, it is harmless – these service tickets can be reacquired from the KDC when needed again.
-
Audio plug-n-play is not supported. You can connect an audio capture device to the client machine before starting to record audio in the ICA session. If a capture device is attached after the audio recording application has started, the application might become unresponsive and you must restart it. If a capture device is unplugged while recording, a similar issue might occur.
-
Citrix Workspace app for Windows might experience audio distortion during audio recording.