After proceeding Microsoft patch/s after KB4520008 and each cumulative/rollup patch the ADC does not function with SSL VPN services. When logging into the VPN, there is high latency when pinging an internal Domain controller and mostly "timeouts" This makes it unusable. We have used Citrix recommended fixes, turning off EMS in the registry.

Engage Microsoft to investigate why client machines is not sending TLS Session ID. This force a Full TLS handshake for every TCP stream.

---

Problem Cause

Deep inspection on traffic network traces show Client machines is not utilizing TLS Session Re-use, not TLS Session ID and sending Full TLS handshake for every TCP stream. This not efficient and consume high CPU cycles from both Client and ADC gateway making the session unusable and extremely slow.

Patched machines with high latency and poor performance ::



Compared to a non-patched machine where the VPN Sessions shows high performance and low response times ::