A ControlUp user was dealing with a fallout after domain controller patching impacting Citrix VDA registration. Yoni suggested using the built in machine action GP Update to check the Events pane for ID 14 and the domain membership script action for repairing identity issues, while other ControlUp SMEs were tagged for further help. Links were also provided to Microsoft articles for Kerberos and Netlogon protocols.
Read the entire ‘Investigating Citrix VDA Registration Issues with ControlUp’ thread below:
Hi ControlUp community, were dealing with a fallout after domain controller patching impacting Citrix VDA registration. Trying to identify if this is result of November 2022 changes in Kerberos and Netlogon protocols, or Jan 2023 update. Any hints on how to narrow down the root cause with ControlUp, or if youre aware of specific fixes are welcomed. Thanks
based on this https://support.citrix.com/article/CTX474888/daas-vdas-not-registering-with-cloud-connectors-after-applying-microsoft-update-kb5019966, you can use ControlUp to run a GP Update on all Citrix VDA’s (using our built-in machine action), and then check the Events pane in the RT console to see if you find event ID 14
this should provide a very quick way to see if some VDA’s are affected from the KB5019966 or KB5019964 patch
Thanks Yoni, we applied the registry workaround without success, suspecting the changes in PAC signature and Netlogon RPC are causing our issues
https://support.microsoft.com/en-gb/topic/kb5020805-how-to-manage-kerberos-protocol-cha[…]ted-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb and https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol[…]ted-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25
Unfortunately I can`t find Citrix KBAs linked to the two additional registry settings
I see, not sure we can help with that. However, if you do have some Citrix VDA’s which are able to register, and some are not, ControlUp can help you quickly identify the differences, wethers its specific patches on the working VDA’s, or other configuration items. Tagging some other Citrix SME’s who may be able to help @member @member @member @member @member
I would suggest trying the domain membership script action which can show (and fix) those issues. We use it frequently when out PVS targets fail to adquite their domain identity properly
https://www.controlup.com/script-library-posts/repair-machine-domain-trust-relationship/
thanks
Continue reading and comment on the thread ‘Investigating Citrix VDA Registration Issues with ControlUp’. Not a member? Join Here!
Categories: All Archives, ControlUp Scripts & Triggers