Linux Virtual Delivery Agent

Known issues

The following issues have been identified in this release:

  • When HDX 3D Pro is enabled, sessions on the extended monitors are blacked out and only the primary monitor displays the sessions properly. To resolve the issue, open a terminal on the VDA and run the following commands as needed:

    • For dual monitors, run:

       #sed -i "/UseEDID/a \ \ Option \"ConnectedMonitor\" \"DFP, DFP\"" /etc/X11/ctx-nvidia-2.conf
       <!--NeedCopy-->
      
    • For triple monitors, run:

       #sed -i "/UseEDID/a \ \ Option \"ConnectedMonitor\" \"DFP, DFP, DFP\"" /etc/X11/ctx-nvidia-3.conf
       <!--NeedCopy-->
      
    • For quadruple monitors, run:

       #sed -i "/UseEDID/a \ \ Option \"ConnectedMonitor\" \"DFP, DFP, DFP, DFP\"" /etc/X11/ctx-nvidia-4.conf
       <!--NeedCopy-->
      

    [LNXVDA-15259]

  • Session launch failures occur when the maximum connections set in PostgreSQL are insufficient to handle concurrent sessions. To work around the issue, increase the maximum connections by modifying the max_connections setting in the postgresql.conf file.

  • The combination of H.264 lossless compression and YUV444 software encoding is supported on Citrix Workspace app for Windows only. When you open desktop sessions and use other Citrix Workspace apps with the combination, a gray screen appears. To work around the gray screen issue, run the following command on the Linux VDA:

     /opt/Citrix/VDA/bin/ctxreg create -k "HKLM\System\CurrentControlSet\Control\Citrix\Thinwire" -t "REG_DWORD" -v "VideoLossless" -d "0x0" --force
     <!--NeedCopy-->
    

    [LNXVDA-14805]

  • Attempts to launch app sessions from a Linux VDA installed on RHEL 8.x or Rocky Linux 8.x fail. The issue occurs when the VDA is connected to the domain using System Security Services Daemon (SSSD) and the default_shell is set to /bin/csh in the /etc/sssd/sssd.conf file. [LNXVDA-14826]

  • VDA registration might fail due to the following LDAP exception thrown in /var/log/xdl/jproxy.log:

     javax.naming.NamingException: LDAP response read timed out, timeout used: 10000 ms.
     <!--NeedCopy-->
    

    To work around the issue, do the following:

    • Change the LDAP timeout value. For example, change the LDAP timeout value to 60 s using the following command:

       ctxreg create -k "HKLM\Software\Citrix\GroupPolicy\Defaults" -t "REG_DWORD" -v "LDAPTimeout" -d "0x000EA60" --force
       <!--NeedCopy-->
      
    • Speed up LDAP queries by setting a search base. You can set a search base using the CTX_XDL_SEARCH_BASE variable in ctxsetup.sh or using the following command:

       ctxreg create -k "HKLM\Software\Citrix\VirtualDesktopAgent" -t "REG_SZ" -v "LDAPComputerSearchBase" -d "<specify a search base instead of the root of the domain to improve search performance>" --force
       <!--NeedCopy-->
      

    [CVADHELP-20895]

  • Microsoft released cumulative updates KB5019966 and KB5019964 for Windows 10 in November 2022. The updates introduce failures in domain joining and registration. To work around the issue, see Knowledge center article CTX474888.

  • With the RC4_HMAC_MD5 encryption type allowed for Kerberos, the Linux VDA might fail to register with the Controller and the following error message appears:

    Error: Failure unspecified at GSS-API level (Mechanism level: Encryption type RC4 with HMAC is not supported/enabled)

    To address this issue, disable RC4_HMAC_MD5 globally in your Active Directory domain (or specifically on an OU) or allow weak encryption types on the Linux VDA. After that, clear the cached Kerberos tickets on the Controller and Citrix Cloud Connector by using the klist -li 0x3e4 purge command and restart the Linux VDA.

    To disable RC4_HMAC_MD5 globally in your Active Directory domain, complete the following steps:

    1. Open the Group Policy Management Console.
    2. Locate the target domain, and then select Default Domain Policy.
    3. Right-click Default Domain Policy and select Edit. The Group Policy Management Editor opens.
    4. Select Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.
    5. Double-click Network security: Configure encryption types allowed for Kerberos.
    6. Clear the DES_CBC_CRC, DES_CBC_MD5, and RC4_HMAC_MD5 check boxes and select AES128_HMAC_SHA1, AES256_HMAC_SHA1, and Future encryption types.

    To allow weak encryption types on the Linux VDA, complete the following steps:

    Note:

    Weak encryption types make your deployment vulnerable to attacks.

    1. Open the /etc/krb5.conf file on the Linux VDA.
    2. Add the following setting under the [libdefaults] section:

      allow_weak_crypto= TRUE

  • The Linux VDA does not support SecureICA 1.0 for encryption. Enabling SecureICA 1.0 on the Linux VDA causes session launch failure.

  • An unexpected window appears during file download. The window does not affect the file download functionality and it disappears automatically after a while. [LNXVDA-5646]

  • The default settings of PulseAudio cause the sound server program to exit after 20 seconds of inactivity. When PulseAudio exits, audio does not work. To work around this issue, set exit-idle-time=-1 in the /etc/pulse/daemon.conf file. [LNXVDA-5464]

  • Sessions cannot be launched in Citrix Workspace app for Linux when SSL encryption is enabled and session reliability is disabled. [RFLNX-1557]

  • Ubuntu graphics: In HDX 3D Pro, a black frame might appear around applications after resizing the Desktop Viewer, or sometimes, the background can appear black.

  • Printers created by the Linux VDA printing redirection might not be removed after logging out of a session.

  • CDM files are missing when a directory contains numerous files and subdirectories. This issue might occur if the client side has too many files or directories.

  • Only UTF-8 encoding is supported for non-English languages.

  • Citrix Workspace app for Android CAPS LOCK state might be reversed during session roaming. The CAPS LOCK state can be lost when roaming an existing connection to Citrix Workspace app for Android. As a workaround, use the Shift key on the extended keyboard to switch between upper case and lower case.

  • Shortcut keys with ALT do not always work when you connect to the Linux VDA using Citrix Workspace app for Mac. Citrix Workspace app for Mac sends AltGr for both left and right Options/Alt keys by default. You can modify this behavior within the Citrix Workspace app settings but the results vary with different applications.

  • Registration fails when the Linux VDA is rejoined to the domain. The rejoining generates a fresh set of Kerberos keys. But, the Broker might use a cached out-of-date VDA service ticket based on the previous set of Kerberos keys. When the VDA tries to connect to the Broker, the Broker might not be able to establish a return security context to the VDA. The usual symptom is that the VDA registration fails.

    This problem can eventually resolve itself when the VDA service ticket expires and is renewed. But because service tickets are long-lived, it can take a long time.

    As a workaround, clear the Broker’s ticket cache. Restart the Broker or run the following command on the Broker from a command prompt as Administrator:

     klist -li 0x3e4 purge
     <!--NeedCopy-->
    

    This command purges all service tickets in the LSA cache held by the Network Service principal under which the Citrix Broker Service runs. It removes service tickets for other VDAs and potentially other services. However, it is harmless – these service tickets can be reacquired from the KDC when needed again.

  • Audio plug-n-play is not supported. You can connect an audio capture device to the client machine before starting to record audio in the ICA session. If a capture device is attached after the audio recording application has started, the application might become unresponsive and you must restart it. If a capture device is unplugged while recording, a similar issue might occur.

  • Citrix Workspace app for Windows might experience audio distortion during audio recording.

Known issues