Prepare in On-Premises CVAD
Before proceeding, please make sure your CVAD product is revision CR2407 or later, and key components such as Web Studio are all installed correctly.
Step 1: Enable WebSocket Feature in DDC
Open a powershell and run follow command, then reboot the DDC New-ItemProperty "HKLM:\SOFTWARE\Citrix\DesktopServer\WorkerProxy" -Name "WebSocket_Enabled" -PropertyType "DWord" -Value 1 -Force.
Step 2: Create the Machine Catalog and generate enrollment token for VDA
-
Create an empty Single-session OS catalog with no PVS/MCS and no power managed from the web studio. Right click the empty catalog, click Manage Enrollment Tokens.
-
Click Generate and Input the token name, select the Start date and End data. Input the times the token can be used. Click Generate, copy or download the token.
Note:
You can refer to the 1st step of DaaS part for screenshots that are mostly similar.
Step 3: Export self-signed certificate on DDC machines, and then install certs on each VDA machine
-
Run MMC to open the console, and then
File>Add/Remove Snap-in..>Certificates>Add>Computer account>Next>Finish>OK
-
Export Certificates with Certificates(Local Computer)>Personal>Certificates.
-
Select the certificate > All Tasks > Export.
Execute steps 2.1-2.3 in other DDCs on the same site.
Step 4: Trust the certificates in Citrix VDA for macOS machine
-
Open the certificates by Keychain Access app, and make sure the certificates are added to the System keychain.
-
Find the certificates in System keychain, and set them to Always Trust for at least two categories:
- Secure socket Layer(SSL)
- X.509 Basic Policy
to enable VDA enrollment and registration.
Alternatively, you can execute the following commands in Terminal App to trust the certificates:
-
Add one certificate into System keychain and trust it for Secure socket Layer(SSL) and X.509 Basic Policy.
security add-trusted-cert -d -r trustRoot -p basic -p ssl -k /Library/Keychains/System.keychain <cert file name> -
Verify if the certificate is trusted.
security verify-cert -c <cert file name>
Step 5: Configure Date&Time and DNS on Citrix VDA for macOS machine
-
Set time and date on your Mac to ensure the time synchronization between VDA and DDC has no time offset.
-
Add DNS server to your Mac to resolve DDCs’ FQDN, or add new host entries for DDCs into
/etc/hosts. -
Verify if the DNS configuration and Certificates are correctly set up
curl -w "\nStatus code: %{http_code}\n" -vI https://<FQDN of On-Premises Delivery Controllers>.
Before proceeding to the next step, ensure that the curl command output ends with the message: Status code: 200.
If the status code is not 200, you may need to check the following points:
- Check the certificate, you can also find the certificate information in the curl output under “Server certificate” to verify.
- Verify that the DNS server is configured correctly.
- Ensure that the time synchronization between the VDA and DDC has no time offset.
Once the verification is OK, other steps, such as creating a Machine Catalog and Delivery Group, are the same as when managing Windows and Linux VDAs. Go to Prepare in DaaS Management Console to check the detailed steps.
In this article
- Step 1: Enable WebSocket Feature in DDC
- Step 2: Create the Machine Catalog and generate enrollment token for VDA
- Step 3: Export self-signed certificate on DDC machines, and then install certs on each VDA machine
- Step 4: Trust the certificates in Citrix VDA for macOS machine
- Step 5: Configure Date&Time and DNS on Citrix VDA for macOS machine