This Support Article will help Administrators troubleshoot, both, Rendezvous Protocol and EDT - HDX Adaptive Transport connectivity.


Unsupported Items:

• Currently, Rendezvous protocol doesn't support proxies. To use proxies, continue to use the Cloud Connector for ICA traffic. If the Rendezvous Protocol policy is enabled and the ICA traffic can't reach the Citrix Gateway Service directly, the traffic goes through the Cloud Connector, this is also considered the fall-back method.
• UDP Audio is not supported by the Citrix Cloud Gateway Service with or without Adaptive Transport

Limitations / Statements:

• Currently, Citrix Workspace App HTML5 connections will only report as TCP. The ETA for adding support  for HTML5 Connections is being targeted between the Third and Fourth Quarters of 2021.
• For EDT Adaptive transport - ensure that if customer has any Firewalls in place to check UDP 443 is opened.
• SSL Cipher Suites must be on the VDA per a Local Machine GPO.
• The Full Browser Plugin as well as Full\Native\Receiver\WSA\Workspace both support EDT or "HDXoverUDP" connections.

---

Instructions

Enable Rendezvous Protocol Info

• This falls under the following Citrix Studio Policy:
• .

SSL Cipher Suites settings on VDA:

• Source: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/1912-ltsr/secure/tls.html
• The Chiper suite info comes from our external docs, however it's not limited to just these Suites
  • Starting with CVAD 1909, the VDA crypto kit only supports the 3 ECDHE cipher suites, however the required ones for Rendezvous are listed here.
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
      • 
• Use of AD GPO for Cipher suites and Master VDA image.
  • Also If you create the MCS image outside the OU that has the GPO applied. When you create and start the machine it refreshes the GPO for the first in the rendezvous OU. Please note that if this method is used, the Machine will require a restart once applied. Alternatively, if the base image is updated with the GPO already applied then this will not be an issue.
• Please ensure that the base\master VDA image or images are getting the GPO with the Cipher suites configured since we require these to exist on the VDA for Rendezvous to work correctly.

Verify SSL Ciphers are in place on the VDA via PowerShell:

• Get-ItemProperty HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\*
  • 
• With regards to DNS resolution, the requirement is that the Cloud Connectors need to be able to obtain the VDA's FQDN. This can be accomplished one of two ways:
  1. Enable DNS resolution in the site config. This will change the broker behavior to send VDAs' FQDNs instead of IP addresses when brokering sessions.
  2. Have a DNS Reverse Lookup Zone with PTR records for all VDAs. This will allow the Cloud Connector to do a reverse lookup when it gets the VDA's IP address from the broker.

 

• Using Remote PoSh SDK, run:
  1. Set-BrokerSite -DnsResolutionEnabled $true
  • DNS Reverse Lookup Zone with PTR records for the Citrix DaaS (formerly known as Virtual Apps and Desktops) machine
    • 

Note: This can then be verified on the VDA be checking IPCONFIG:

• NSLOOKUP -type=PTR 10.128.0.11
  • Ensure this returns the same address

Verify Citrix Rendezvous Policy on VDA:

• Get-ItemProperty HKLM:\SOFTWARE\Policies\Citrix\ICAPolicies\
  • 
• Within the VDA you can also attempt to access the various NetScaler PoPs:
  • If you access one of the FQDN/Control/Ping and the page returns back blank then access is working​​​​​​
    • 

 

• Netstat and ctxsession on VDA:
  • netstat -a -p tcp -n
  • ctxsession.exe -v
    • 
• Another example also using the Remote PoSH SDK to see and obtain IP values along side of the ctxsession info from the VDA session:
  • Get-BrokerSession | select AgentVersion,ClientAddress,ConnectedViaIP,IPAddress,LaunchedViaIP,ReceiverIPAddress,Protocol,SecureIcaActive
    • 

TROUBLESHOOTING, LOGS & TRACES:

• Required Tool: CDF Control
• Learn how to run CDF at startup here

 

• It's suggested to only select all of the BrokerAgent based Modules, All Citrix Policies and "Portica_Driver_Td" in order to verify the Rendezvous policy was Enabled and use
  • 

VDA CDF SUCCESSFUL RENDEZVOUS LAUNCH:

• CONFIRM IF A CITRIX POLICY FOR RENDEZVOUS EXISTS:
  • 15002    0    2020/03/06 15:26:13:93561    4624    3928    -1    GroupPolicy_CoreLibrary    RegistrySetting.cpp    718    CRegistrySetting::DeleteValue    12    EntryExit    CRegistrySetting::DeleteValue: Enter path = Software\Policies\Citrix\ICAPolicies name = RendezvousProtocol
  • 15322    0    2020/03/06 15:26:13:93870    4624    3928    -1    GroupPolicy_CoreLibrary    RegistrySetting.cpp    425    CRegistrySetting::SetValue    12    EntryExit    CRegistrySetting::SetValue: path = Software\Policies\Citrix\ICAPolicies name = RendezvousProtocol value = type = 4 operation = 0   

--------------------------------------------------------------------------------------------------------------------------------------------------

• START OF BROKER AGENT FOR RENDEZVOUS
  • 31403    1    2020/03/06 15:26:59:14159    5296    3692    1    BrokerAgent        0        5    EntryExit    AgentToStack.ConnectToStackControlCOMServer - successfully instantiated StackControl using IStackControl3 for Rendezvous Protocol, IStackControl2 for Hdx-Over-Udp, IStackControl    
  • 48593    0    2020/03/06 15:28:21:46857    3228    3692    1    BrokerAgent        0        1    Information    AgentToStack.PrepareForConnection  RendezvousEnabled uint received from ICA stack = 2    
  • 48623    1    2020/03/06 15:28:21:50647    3228    3692    1    BrokerAgent        0        1    Error    LaunchManager.PrepareSession(ec97b5f2-0d65-4950-b3b7-adcde69e6ecf): Result:Success, VdaRegistered:True, RendezvousVdaEnabled:Enabled    
  • 48633    0    2020/03/06 15:28:31:22805    3228    3692    1    BrokerAgent        0        5    EntryExit    StackManager.PrepareRendezvousConnection: Enter    
  • 48634    0    2020/03/06 15:28:31:22957    3228    3692    1    BrokerAgent        0        5    EntryExit    AgentToStack.PrepareRendezvousConnection Protocol: 6 Token: 553832f627a4f0897f3e213d27914a FQDN: aws-us-e-rdvz.g.nssvc.net Port: 443   

--------------------------------------------------------------------------------------------------------------------------------------------------

• RPM AND TDICA SECTION FOR RENDEZVOUS
  • 48635    0    2020/03/06 15:28:31:23093    1404    1284    -1    Rpm    Rendezvous.cpp    41    SetRendezvousParams    12    EntryExit    SetRendezvousParams: entered  
  • 48676    1    2020/03/06 15:28:31:28692    1404    1284    -1    TdIca    TdStackApi.cpp    114    TdStackRendezvousRequest    12    EntryExit    ENTRY --- TdStackRendezvousRequest  
  • 48677    1    2020/03/06 15:28:31:28692    1404    1284    -1    TdIca    TdStackApi.cpp    136    TdStackRendezvousRequest    3    Information    TdStackRendezvousRequest: Rendezvous Protocol = TCP    
  • 48678    1    2020/03/06 15:28:31:28692    1404    1284    -1    TdIca    TdListener.cpp    584    TdListenerGetListenerContext    12    EntryExit    ENTRY --- TdListenerGetListenerContext: Rendezvous to Listen Port Listener 0x2598    
  • 48686    1    2020/03/06 15:28:31:30057    1404    1284    -1    TdIca    TdRendezvous.cpp    111    TdRendezvousRequestTcp    3    Information    TdRendezvousRequestTcp:  Rendezvous Connection Created Connection Id: 1    
  • 48694    1    2020/03/06 15:28:31:30151    1404    1284    -1    TdIca    TdRendezvous.cpp    63    TdRendezvousStartHansdshakeThread    3    Information    TdRendezvousStartHansdshakeThread: TdRendezvousStartHansdshakeThread create    
  • 48768    0    2020/03/06 15:28:31:40193    832    1284    -1    TdIca    TdRendezvous.cpp    300    TdRendezvousHandshake    3    Information    TdRendezvousHandshake: Rendezvous Handshake status = 0x103    
  • 48784    1    2020/03/06 15:28:31:42154    832    1284    -1    TdIca    TdRendezvous.cpp    391    TdRendezvousReadHandshakeResponse    3    Information    TdRendezvousReadHandshakeResponse: Rendezvous Read Handshake Response message.    
  • 48785    1    2020/03/06 15:28:31:42154    832    1284    -1    TdIca    TdRendezvous.cpp    442    TdRendezvousReadHandshakeResponse    3    Information    TdRendezvousReadHandshakeResponse: Returning unused bytes 129
  • 48786    1    2020/03/06 15:28:31:42155    832    1284    -1    TdIca    TdRendezvous.cpp    284    TdRendezvousHandshake    3    Information    TdRendezvousHandshake: Rendezvous Handshake completed successfully    
  • 48787    1    2020/03/06 15:28:31:42155    832    1284    -1    TdIca    TdRendezvous.cpp    300    TdRendezvousHandshake    3    Information    TdRendezvousHandshake: Rendezvous Handshake status = 0x0    
  • 48790    0    2020/03/06 15:28:31:42155    1404    1284    -1    TdIca    TdRendezvous.cpp    150    TdRendezvousRequestTcp    3    Information    TdRendezvousRequestTcp:  Rendezvous Request completed with Status = 0x0    
  • 48819    0    2020/03/06 15:28:31:42175    1404    1284    -1    Rpm    Rendezvous.cpp    154    SetRendezvousParams    12    EntryExit    SetRendezvousParams: exiting with status = 0    

--------------------------------------------------------------------------------------------------------------------------------------------------

• BROKER AGENT CONFIRMATION OF SUCCESSFUL RENDEZVOUS CONNECTION
  • 48832    0    2020/03/06 15:28:31:42259    3228    3692    1    BrokerAgentEvents        0        9    Information    ###,CBPv1_5#6#553832f627a4f0897f3e213d27914a#Cbp.ILaunch.PrepareRendezvouSession#aws-us-e-rdvz.g.nssvc.net#443    
  • 48833    0    2020/03/06 15:28:31:42262    3228    3692    1    BrokerAgent        0        5    EntryExit    PrepareRendezvousSession (Protocol: 6)  RendezvousFqdn: aws-us-e-rdvz.g.nssvc.net RendezvousPort: 443 VDA Address: VDA address empty Token: 553832f627a4f0897f3e213d27914a Exit(Result: Success)   

--------------------------------------------------------------------------------------------------------------------------------------------------

• Cloud Connector CDF tracing Info:
• Note: You do not need to run CDF Control on startup\reboot on a Cloud Connector, just run CDF Control to capture trace
  • 104    0    2020/02/28 08:53:43:62836    7120    3260    1    XaXdProxy    CwsSupportOnPremPlugin.cs    1274    QueryCloudForEnabledFeatures    5    Information       =======>>>>>>>>>>>>>>>>>>>>>>>>> featureResults [  "rendezvousconnection",
  • 107    1    2020/02/28 08:53:43:83814    4212    3260    1    XaXdProxy.NS    NetScalerPipeServer.cs    473    CreateRendezvousRequest    5    Information    CreateRendezvousRequest from msgBuf length = 101 msgBuf = 30 01 00 61 00 13 00 18 61 7A 2D 75 73 2D 65 2D 72 64 76 7A 2E 67 2E 6E 73 73 76 63 2E 6E 65 74 00 14 00 03 34 34 33 00 22 00 1E 64 64 39 65 39 37 37 34 33 65 63 36 61 34 65 31 33 64 35 65 34 38 62 66 32 66 32 37 64 30 10 00 00 0B 31 30 2E 31 32 38 2E 30 2E 31 31 10 01 00 04 32 35 39 38 00 23 00 01 36    
  • 108    1    2020/02/28 08:53:43:83816    4212    3260    1    XaXdProxy.NS    NetScalerPipeServer.cs    561    CreateRendezvousRequest    5    Information    Rendezvous Protocol Type = 6    
  • 109    1    2020/02/28 08:53:43:83816    4212    3260    1    XaXdProxy.NS    NetScalerPipeServer.cs    220    ProcessReadPipeMsgAsync    5    Information    RendezvousFqdn=az-us-e-rdvz.g.nssvc.net  RendezvousPort=443 VdaIp=10.128.0.11, Token=dd9e97743ec6a4e13d5e48bf2f27d0    
  • 110    1    2020/02/28 08:53:43:83822    4212    3260    1    XaXdProxy.CBP    BrokerProxyPlugin.cs    1242    PrepareRendezvousSession    8    EntryExit    Enter: <<<<====== Broker Proxy Rendezvous    
  • 111    1    2020/02/28 08:53:43:83903    4212    3260    1    XaXdProxy.CBP    BrokerProxyPlugin.cs    1840    CreateConnectionToServiceHostForRendezvous    8    EntryExit    Enter: BrokerProxyPlugin.CreateConnectionToVdaForRendezvous - ILaunch.PrepareRendezvousSession    
  • 118    1    2020/02/28 08:53:43:83937    4212    3260    1    XaXdProxy.CBP    BrokerProxyPlugin.cs    1840    CreateConnectionToServiceHostForRendezvous    8    EntryExit    Exit: BrokerProxyPlugin.CreateConnectionToVdaForRendezvous - ILaunch.PrepareRendezvousSession    
  • 110    1    2020/02/28 08:53:43:83822    4212    3260    1    XaXdProxy.CBP    BrokerProxyPlugin.cs    1242    PrepareRendezvousSession    8    EntryExit    Enter: <<<<====== Broker Proxy Rendezvous    
  • 122    1    2020/02/28 08:53:43:98882    4212    3260    1    XaXdProxy.CBP    BrokerProxyPlugin.cs    1267    PrepareRendezvousSession    8    EntryExit    Exit: ======>>> Broker Proxy Rendezvous    
  • 123    1    2020/02/28 08:53:43:98886    4212    3260    1    XaXdProxy.NS    NetScalerPipeServer.cs    96    ReturnRendezvousResponse    5    Information    ReturnRendezvousResponse Token = dd9e97743ec6a4e13d5e48bf2f27d0 Rendezvous Response = Success    
  • 124    1    2020/02/28 08:53:43:98974    7120    3260    1    XaXdProxy.NS    NetScalerPipeServer.cs    246    ProcessReadPipeMsgAsync    5    Information    RendezvousFqdn=az-us-e-rdvz.g.nssvc.net  RendezvousPort=443 VdaIp=10.128.0.11, Token=dd9e97743ec6a4e13d5e48bf2f27d0 RendezvousResponse=Success  

--------------------------------------------------------------------------------------------------------------------------------------------------

• Fallback Info:
  • The best way to verify if Fallback will occur correctly back to normal connectivity through the NS GWaaS on the Cloud Connector is to block 443 on the VDA
    • 
    • 

 

• Fallback Traces with TCP port 443 Blocked on the VDA CDF Traces:
  • 642    1    2020/02/28 13:36:34:00881    2648    3792    1    BrokerAgent        0        5    EntryExit    AgentToStack.ConnectToStackControlCOMServer - successfully instantiated StackControl using IStackControl3 for Rendezvous Protocol, IStackControl2 for Hdx-Over-Udp, IStackControl    
  • 1121    1    2020/02/28 13:37:40:53351    5840    3792    1    BrokerAgent        0        1    Information    AgentToStack.PrepareForConnection  RendezvousEnabled uint received from ICA stack = 2    
  • 1151    0    2020/02/28 13:37:40:56336    5840    3792    1    BrokerAgent        0        1    Error    LaunchManager.PrepareSession(4b3a7e3f-2338-45bf-bb76-c4db0104ad42): Result:Success, VdaRegistered:True, RendezvousVdaEnabled:Enabled    
  • 1172    0    2020/02/28 13:37:47:47105    5840    3792    1    BrokerAgent        0        5    EntryExit    StackManager.PrepareRendezvousConnection: Enter    
  • 1173    0    2020/02/28 13:37:47:47233    5840    3792    1    BrokerAgent        0        5    EntryExit    AgentToStack.PrepareRendezvousConnection Protocol: 6 Token: bc7053e78b375a94aa6f26ab5c8983 FQDN: az-us-e-rdvz.g.nssvc.net Port: 443   
  • 1174    1    2020/02/28 13:37:47:52007    5840    3792    1    BrokerAgentEvents        0        9    Information    ###,CBPv1_5#6#bc7053e78b375a94aa6f26ab5c8983#Cbp.ILaunch.PrepareRendezvouSession#az-us-e-rdvz.g.nssvc.net#443    
  • 1175    1    2020/02/28 13:37:47:52012    5840    3792    1    BrokerAgent        0        5    EntryExit    PrepareRendezvousSession (Protocol: 6)  RendezvousFqdn: az-us-e-rdvz.g.nssvc.net RendezvousPort: 443 VDA Address: VDA address empty Token: bc7053e78b375a94aa6f26ab5c8983 Exit(Result: Failed)   

--------------------------------------------------------------------------------------------------------------------------------------------------

• Cloud Connector CDF:
  • 31    1    2020/02/28 13:37:47:32326    5576    3260    1    XaXdProxy.NS    NetScalerPipeServer.cs    561    CreateRendezvousRequest    5    Information    Rendezvous Protocol Type = 6    
  • 32    1    2020/02/28 13:37:47:32327    5576    3260    1    XaXdProxy.NS    NetScalerPipeServer.cs    220    ProcessReadPipeMsgAsync    5    Information    RendezvousFqdn=az-us-e-rdvz.g.nssvc.net  RendezvousPort=443 VdaIp=10.128.0.11, Token=bc7053e78b375a94aa6f26ab5c8983    
  • 33    1    2020/02/28 13:37:47:32334    5576    3260    1    XaXdProxy.CBP    BrokerProxyPlugin.cs    1242    PrepareRendezvousSession    8    EntryExit    Enter: <<<<====== Broker Proxy Rendezvous    
  • 34    0    2020/02/28 13:37:47:32455    5576    3260    1    XaXdProxy.CBP    BrokerProxyPlugin.cs    1840    CreateConnectionToServiceHostForRendezvous    8    EntryExit    Enter: BrokerProxyPlugin.CreateConnectionToVdaForRendezvous - ILaunch.PrepareRendezvousSession    
  • 41    0    2020/02/28 13:37:47:32490    5576    3260    1    XaXdProxy.CBP    BrokerProxyPlugin.cs    1840    CreateConnectionToServiceHostForRendezvous    8    EntryExit    Exit: BrokerProxyPlugin.CreateConnectionToVdaForRendezvous - ILaunch.PrepareRendezvousSession    
  • 42    0    2020/02/28 13:37:47:41023    5576    3260    1    XaXdProxy.CBP    BrokerProxyPlugin.cs    2043    CloseConnectionToServiceHost    8    EntryExit    Enter: BrokerProxyPlugin.CloseConnectionToVda - ILaunch.PrepareRendezvousSession    
  • 45    0    2020/02/28 13:37:47:41393    5576    3260    1    XaXdProxy.CBP    BrokerProxyPlugin.cs    1267    PrepareRendezvousSession    8    EntryExit    Exit: ======>>> Broker Proxy Rendezvous    
  • 46    0    2020/02/28 13:37:47:41397    5576    3260    1    XaXdProxy.NS    NetScalerPipeServer.cs    96    ReturnRendezvousResponse    5    Information    ReturnRendezvousResponse Token = bc7053e78b375a94aa6f26ab5c8983 Rendezvous Response = Failed    
  • 47    0    2020/02/28 13:37:47:41414    92    3260    1    XaXdProxy.NS    NetScalerPipeServer.cs    246    ProcessReadPipeMsgAsync    5    Information    RendezvousFqdn=az-us-e-rdvz.g.nssvc.net  RendezvousPort=443 VdaIp=10.128.0.11, Token=bc7053e78b375a94aa6f26ab5c8983 RendezvousResponse=Failed   

--------------------------------------------------------------------------------------------------------------------------------------------------

• Rendezvous Failed Connection Examples:
  • Failed VDA CDF Rendezvous connection:
    • 61983    0    2020/03/06 12:36:44:58173    1612    1476    -1    TdIca    TdRendezvous.cpp    133    TdRendezvousRequestTcp    3    Error    TdRendezvousRequestTcp:  Failed to create TdSslConnectionCreate    
    • 62085    0    2020/03/06 12:36:46:61352    1612    1476    -1    TdIca    TdRendezvous.cpp    172    TdRendezvousRequestTcp    3    Error    TdRendezvousRequestTcp:  Rendezvous Request completed with Status = 0xc0000001    
    • 62087    0    2020/03/06 12:36:46:61355    1612    1476    -1    Rpm    Rendezvous.cpp    134    SetRendezvousParams    9    Error    PicaStackRendezvousRequest() failed 31   

--------------------------------------------------------------------------------------------------------------------------------------------------

• Cloud Connector CDF Failed Rendezvous connection:
  • 284    0    2020/03/06 12:42:50:45636    3852    2564    1    XaXdProxy.NS    NetScalerPipeServer.cs    96    ReturnRendezvousResponse    5    Information    ReturnRendezvousResponse Token = e4edc1c141f831dd77644df1f62099 Rendezvous Response = Failed    
  • 285    0    2020/03/06 12:42:50:45648    5800    2564    1    XaXdProxy.NS    NetScalerPipeServer.cs    246    ProcessReadPipeMsgAsync    5    Information    RendezvousFqdn=aws-us-w-rdvz.g.nssvc.net  RendezvousPort=443 VdaIp=10.0.3.5, Token=e4edc1c141f831dd77644df1f62099 RendezvousResponse=Failed   

 

• Note: For the above issue, the actual problem was that the CIPHER Suite list set on the VDA were incorrect. A common example of this can be if a bad cut\paste was done to place the values in the policy. Make sure to re-verify the below:
  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002
  • Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Cryptography\Configuration\SSL\00010002
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256

--------------------------------------------------------------------------------------------------------------------------------------------------

• EDT-Adaptive Transport HDX Info:
  • Note: Ensure that if customer has Firwalls in place to check UDP 443 is opened!
    • 
• ctxsession -v in VDA:
  • 

Note: The UNKNOWN VALUE will be addressed in an upcoming VDA version with updated ctxsession.exe

• Customers using EDT it's also strongly recommended to enable EDT MTU.
  • https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/technical-overview/hdx/adaptive-transport.html#edt-mtu-discovery

--------------------------------------------------------------------------------------------------------------------------------------------------

• EDT/Adaptive Transport Entitlement: 
  • Customers who are entitled for Citrix Gateway service for HDX Proxy get EDT at no additional cost
  • Customers using Citrix Gateway service for site aggregation cannot use EDT yet
    • Complete EDT rollout to all Cloud customers should be completed by the end of June 2021.

 

• Check your connection type
  • To know if your sessions are using EDT, look at the following:
    • Connection protocol in Citrix Director
    • After you launch an app or a desktop, go to Citrix Workspace app > Connection Center > Properties tab > Transport encryption (DTLS/TLS) to know if the connection is going to TCP or EDT.
    • If you launched a desktop, then you can run “ctxsession -v” on the command prompt
      • Within the session and check the Transport Protocols to determine how the session is established:
        • EDT Rendezvous shows “UDP > DTLS > CGP > ICA”
        • TCP Rendezvous shows “TCP > SSL > CGP > ICA”
        • Non-Rendezvous shows “TCP > CGP > ICA”

 

• Connection fallback
  • If EDT negotiation fails for any reason, the session falls back to TCP with Rendezvous. And if that fails, then the session falls back to proxying through the Cloud Connectors

--------------------------------------------------------------------------------------------------------------------------------------------------

• Confirming Connections and results from ctxsession.exe -v for each type above using the SVR 2012 and 2103 VDA:
  • Non-Rendezvous shows “TCP > CGP > ICA”
    • ​​​​​​​
  • TCP Rendezvous shows “TCP > SSL > CGP > ICA”
    • To help confirm an RZ\Rendezvous connection on the VDA you can go into the OS Firewall and make sure it's Enabled and then create a new entry to block Port UDP on 443 for both Inbound and Outbound connections
      • ​​​​​​​
  • ​​​​​​​​​​​​​​​​​​​​​EDT Rendezvous shows “UDP > DTLS > CGP > ICA”
    • ​​​​​​​​​​​​​​
      • ​​​​​​​​​​​​​​​​​​​​​Note: "Local Address" should display the IPv4 or IPv6 address of the VDA system, that's not the case with EDT. I think this is one of the items I have in HDX-25769 for fixing.
        • Also "Unknown Value" appears to not work for EDT connection as well and will need to be addressed in future VDA release beyond 2103.

 

• Within VDA CDF trace you can see items like the following if EDT has connected properly:​​​​​​​
  • 42850 0 2021/05/27 12:04:41:75913 6048 3224 Unknown -1 BrokerAgent 0 5 EntryExit AgentToStack.ConnectToStackControlCOMServer - successfully instantiated StackControl using IStackControl3 for Rendezvous Protocol, IStackControl2 for Hdx-Over-Udp, IStackControl
  • 64513 1 2021/05/27 12:05:54:47269 6792 3224 Unknown -1 BrokerAgent 0 1 Information AgentToStack.PrepareForConnection RendezvousEnabled uint received from ICA stack = 2
  • 64514 1 2021/05/27 12:05:54:47321 6792 3224 Unknown -1 BrokerAgent 0 1 Information AgentToStack.PrepareForConnection(431a99d6-15b1-4475-a805-5c7f79b54e59): PORTS ICA 431a99d6-15b1-4475-a805-5c7f79b54e59, SSL 1494. CGP 0, HTML5 2598, UDP ICA 0, UDP DTS 1494, UDP CGP 0, UDP HTML5 2598, Hdx Over Udp 0

 

• EDT and Thin Client Info:
  • For CWA Android. Citrix has sent multiple notifications to vendors and customers over the last couple of months alerting them of the EDT rollout and required actions to avoid issues.
    • CWA Android had an issue where fallback to TCP fails (100% of the time) when EDT handshake succeeds between client and Gateway, but fails between Gateway and VDA. This is normally what happens when the environment isn't properly configured to use EDT (e.g. firewall rules are not in place for UDP 443, Rendezvous is not enabled, etc.)
      • Upgrade to latest versions of CWA Linux  and Android (21.5)
      • Configure pre-reqs to use EDT with NGS to avoid EDT failing between VDA and gateway, thus avoiding the fallback issue

The above mentioned sample code is provided to you as is with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the sample code should include only your own standard copyright attribution, and not that of Citrix. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the sample code.

https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/technical-overview/hdx/rendezvous-protocol.html

https://docs.citrix.com/en-us/citrix-gateway-service/hdx-edt-support-for-gateway-service.html#recommendations

https://docs.citrix.com/en-us/citrix-virtual-apps-desktops-service/hdx/rendezvous-protocol.html#proxy-configuration