How to Troubleshoot Adaptive Transport Issues on Linux VDA

How to Troubleshoot Adaptive Transport Issues on Linux VDA

book

Article ID: CTX232462

calendar_today

Updated On:

Description

This article introduces the Adaptive Transport feature in Linux VDA: what it is, how it works, configuration requirements and troubleshooting tips.

Instructions

Adaptive transport was previously an experimental feature in Linux VDA 7.16, it is a fully supported feature in this release.
Note: Data transmitted through an EDT connection is in plaintext by default. For the security purpose, you can enable Datagram Transport Layer Security (DTLS) encryption (an experimental feature of Linux VDA 7.17). For more information about DTLS encryption, see product documentation Secure User Sessions using DTLS.
What is Adaptive Transport?
Adaptive transport is a data transport mechanism for XenApp and XenDesktop. It optimizes data transport by leveraging the new UDP-based reliable Citrix protocol called Enlightened Data Transport (EDT) in preference to TCP whenever possible.

EDT is built on top of UDP and improves data throughput for all ICA virtual channels. It is a reliable protocol (guarantees delivery), and is fair to other streams on the network. It delivers a superior user experience on challenging long-haul WAN and Internet connections, dynamically responding to changing network conditions while maintaining high server scalability and efficient use of bandwidth.
User-added image
When adaptive transport is enabled and set to Preferred, the use of EDT vs. TCP is driven by Receiver:
  • EDT and TCP in parallel
Starting with 2017 Q4 EDT-compatible versions of Receiver (for example, Receiver for Windows 4.10), session connections will be attempted using EDT and TCP in parallel during the initial connection, session reliability reconnection, and auto client reconnect. During the session, these Receiver versions will proactively seek UDP on the background even when TCP transport is not broken:
  • If UDP is established first, it will be used;
  • If TCP is established first and UDP is established later, a switch to UDP will occur.
  • EDT and TCP in sequential
In earlier EDT-capable Receivers, when the HDX Adaptive Transport policy in Studio is set to Preferred, data transport over EDT is used when possible, with fallback to TCP if UDP transport is unavailable.
These Receivers supporting EDT use a Sequential logic for HDX Adaptive Transport: If the policy is set to Preferred, Receiver attempts EDT first and, if it fails or times out, Receiver falls back to TCP. The assessment of UDP vs. TCP use happens only during initial connection and after a scenario involving a transport break (ACR/SR). With these Receivers, during the lifetime of the HDX session, a transport switch does not occur unless the transport breaks.
Important:
  • EDT is not exactly the same as Adaptive Transport: Adaptive Transport= EDT (UDP) + TCP (Fallback)
  • EDT is just a transport protocol, available to every Virtual Channel (except Framehawk and RTP/UDP Audio)
  • After HDX Adaptive Transport policy is set to Preferred, EDT and Adaptive transport is driven by Receiver.
  • EDT and TCP in parallel require:
  • Citrix Receiver for Windows minimum version 4.10 and Session Reliability.
  • Citrix Receiver for Mac minimum version 12.8 and Session Reliability.
For more information about adaptive transport, EDT, EDT and TCP in parallel, see the following documents:
Adaptive Transport
HDX Adaptive Transport and EDT: ICA’s New Default Transport Protocol (Part I)
HDX Adaptive Transport and EDT: ICA’s New Default Transport Protocol (Part II)
EDT Session Connection/Reconnection Attempts using UDP and TCP in Parallel
How adaptive transport works on Linux VDA
We performed following changes to support adaptive transport on Linux VDA:
  1. Implemented a new transport layer TDEDT in current ICA Transport Driver (TD)
  2. Added new UDP listeners on ICA (1494) and Session Reliability (2598) ports with default settings. We also added a new key “udp” under ConfDB path HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\icawd\Tds\udp for the UDP listeners to function with proper initial values. You can get all related keys from command:  
/opt/Citrix/VDA/bin/ctxreg list -k "HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\icawd\Tds\udp"
  1. Integrated EDT with Datagram Transport Layer Security (DTLS) encryption as an experimental feature, so that data transmitted through an EDT connection can also be encrypted. For more information about DTLS encryption, see product documentation Secure User Sessions using DTLS.
Configuration
Adaptive transport can be configured through HDX Adaptive Transport policy in Citrix Studio with following values:
  • Preferred. Adaptive transport over EDT is used when possible. This is the default value from XenApp and XenDesktop 7.16.
  • Diagnostic mode. EDT is forced on and falls back to TCP is disabled. We recommend this setting only for troubleshooting.
  • Off. TCP is forced on, and EDT is disabled.
User-added image

On Linux VDA 7.17, the UDP listeners are enabled with default settings and no explicit configuration is needed. By default, EDT will reuse ICA (1494) or Session Reliability (2598) ports, you can run the following command on Linux VDA to check whether UDP listeners are running:
netstat -an | grep "1494\|2598"
In normal circumstances, the output is similar to the following:
[root@RHEL69S ~]# netstat -an | grep "1494\|2598"
tcp        0      0 :::2598           :::*                LISTEN
tcp        0      0 :::1494           :::*                LISTEN
udp        0      0 :::1494           :::*
udp        0      0 :::2598           :::*

To disable adaptive transport:
  1. Set the HDX Adaptive Transport policy to Off in Citrix Studio.
  2. Restart the VDA service and HDX service on Linux VDA in sequence to make the settings effective by running following command:
sudo /sbin/service ctxvda restart
sudo /sbin/service ctxhdx restart
Requirements and considerations
To support the adaptive transport features on Linux VDA, the following minimum product/component versions are required:
  • XenApp and XenDesktop: Minimum version 7.13 (Set to Preferred by default in 7.16)
  • Linux VDA: Minimum version 7.17 (7.16 was experimental)
  • StoreFront: Minimum version 3.9
  • Citrix Receiver for Windows: Minimum version 4.7 (EDT and TCP in parallel require minimum version 4.10 and Session Reliability)
  • Citrix Receiver for Mac: Minimum version 12.5 (EDT and TCP in parallel require minimum version 12.8 and Session Reliability)
  • Citrix Receiver for iOS: Minimum version 7.2
  • Citrix Receiver for Linux: Version 13.6 for Direct VDA Connections only and 13.7 for DTLS support using NetScaler Gateway (or DTLS for direct VDA connections).
  • Citrix Receiver for Android: Version 3.12.3 for Direct VDA Connections only and 3.13 for DTLS support using NetScaler Gateway (or DTLS for direct VDA connections)
  • NetScaler: Minimum versions 11.1 build 51.21, 12.0 build 35.6. We recommend minimum versions 11.1 build 55.10 or 12.0 Build 53.6 as these versions include important
Troubleshooting
Here are some common error scenarios you might encounter while using adaptive transport on Linux VDA:
Common error scenario #1: UDP listeners on Linux VDA are not running
In this scenario, perform the following steps:
  1. Make sure HDX Adaptive Transport policy in Citrix Studio is NOT set to Off. If you modified the policy setting, restart the VDA service and HDX service on Linux VDA in sequence to make the settings effective.
  2. On Linux VDA, make sure the “fEnabled” key under "HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\icawd\Tds\udp" is set to 0x00000001.
[root@rhel68s ~]# /opt/Citrix/VDA/bin/ctxreg list -k "HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\icawd\Tds\udp"
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\icawd\Tds\udp\
     [REG_DWORD] "fDTLSEnabled" = "0x00000000"
     [REG_DWORD] "fEnabled" = "0x00000001"
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\icawd\Tds\udp\UDPStackParameters\
     [REG_DWORD] "udtIFlightFlagSize" = "0x00000000"
     [REG_DWORD] "udtMSS" = "0x00000000"
     [REG_DWORD] "udtRCVBUF" = "0x00000000"
     [REG_DWORD] "udtSNDBUF" = "0x00000000"
     [REG_DWORD] "udtUDPRCVBUF" = "0x00000000"
     [REG_DWORD] "udtUDPSNDBUF" = "0x00000000"
If not, run the following command to set it and restart HDX service on Linux VDA to take effect:
/opt/Citrix/VDA/bin/ctxreg update -k  "HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\icawd\Tds\udp"   -v  "fEnabled" -d "0x00000001"
Common error scenario #2: The ICA connection is established through TCP instead of UDP, as following:
[root@rhel68s ~]# netstat -an | grep "1494\|2598"
tcp   0   0 :::2598                    :::*                        LISTEN
tcp   0   0 :::1494                    :::*                        LISTEN
tcp   0   0 ::ffff:10.108.12.205:2598  ::ffff:10.157.16.88:51672   ESTABLISHED
udp   0   0 :::2598                    :::*
udp   0   0 :::1494                    :::*

In this situation, try the following steps:
  1. Make sure the UDP listeners on Linux VDA are running
  2. Make sure the firewall rules permit corresponding UDP ports, you can check the firewall settings on Linux VDA by running command iptables –S:
[root@rhel68s ~]# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p udp -m udp --dport 2598 -j ACCEPT
-A INPUT -p udp -m udp --dport 1494 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2598 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1494 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
  1. Check the minimum product/component version requirements (see Requirements and considerations), try to use the EDT-capable receivers that support EDT and TCP in parallel.
  2. If none of the above steps work, collect more detailed logs for further investigation (see  How to get more detailed logging of adaptive transport).
How to get more detailed logging of adaptive transport
  • SSH to Linux VDA server
  • Set TD/TD_INPUT/TD_OUTPUT log level to VERBOSE use command setlog:
/opt/Citrix/VDA/bin/setlog level TD VERBOSE
/opt/Citrix/VDA/bin/setlog level TD_INPUT VERBOSE
/opt/Citrix/VDA/bin/setlog level TD_OUTPUT VERBOSE
  • Look for “TdEdt*” lines in /var/log/xdl/hdx.log
  • For general ICA connection troubleshooting purpose, you may also need to collect CDF traces of Citrix Receiver at client host.
How to confirm EDT is active
You can use Wireshark on Linux VDA inside ICA session to confirm which protocol was used to setup the ICA connection.


Note: EDT MTU discovery is not currently implemented on Linux VDA, it will be available in a future version.
 

Issue/Introduction

This article introduces the Adaptive Transport feature in Linux VDA: what it is, how it works, configuration requirements and troubleshooting tips.
Powered by Wolken Software