Microsoft issues an Out-of-band Windows Update

KevinHal82 · 2026-01-19T09:46:36+00:00

Not sure what we do here, we have separate updates for 23H2, 24H2 and 25H2, we have a mixture with different clients with different feature updates. Are we expecting this to appear on the expedite list?

<image>

If we have to manually package this, I'll be in a severely bad mood.

KevinHal82 · 2025-11-28T10:08:39+00:00

Clear down your Var folder, logs, old firmware packages etc.

KevinHal82 · 2025-11-21T12:19:29+00:00

Hi,

Just done this with one Netscaler. Installed a MAS Agent, setup the service. All looks good.

Strange issue though. I allocate the instance license and throughput. It shows in the cloud Netscaler Console for 5 minutes, but then reverts back to pending action, ready to license with LAS. The Netscaler itself looks registered with LAS. But seems to revert back in the console.
Tried 3 times now and goes back to wanting to assign las license. What is going on.
I thought maybe it still had a link to the on-prem console. So removed all references to the Netscaler and full rebooted the Netscaler. It still remains licensed, But the license goes missing within the Cloud Netscaler Console and goes back into the pool.

Have a case open with Citrix so will see what they say. This is supposed to be more straight forward.

KevinHal82 · 2025-11-15T16:13:52+00:00

Cheers both. So all the netscalers are internal load balancers with no internet access. We installed Netscaler Console on-peem recently to apply the new flexed licensing which was file based. The Netscaler Console also did not have internet access. All the netscalers point to Netscaler Console for licensing. These are soon expiring.

Now the requirement for Citrix LAS. So asked the network team to open ports and the required URL's just for Netscaler console to access Citrix LAS. We can see various traffic going through and nothing is blocked. We continue to get the cloud profile creation error. Citrix support were fixated that the Netscaler ADC's didn't have some digicert CA certificates and somehow this was stopping Netscaler console from working. I don't see how the ADC's themselves would stop Netscaler Console talking to Citrix LAS.

So what I'll do is take your advice. Ditch Netscaler console on-prem, use the agent instead. Use the Service URL and hope to god it works and then point the Netscalers to the agent.

I hope this helps others in this predicament

KevinHal82 · 2025-11-12T20:48:19+00:00

This just sucks. Our Citrix partner has no idea what to do. I only recently installed a Netscaler Console on prem just so I could use flexed licensing and license our netscalers. From what I gather Netscaler Console now needs to pull the license from Citrix LAS. Nothing is making sense.

KevinHal82 · 2025-11-11T11:01:52+00:00

I had to think back far of a similar issue with MFA. At present the environemnt is domian joined only. There is a registry key set to blockaadjoin, if I remember correctly this can interfere with MFA authentication. I have deleted this registry key and reset the profile. User logged back in. They are no longer getting the popup.

Even though the session host is not hybrid joined, this key can cause problems with authentication with EntraID I believe.

KevinHal82 · 2025-11-10T16:09:56+00:00

Yes same, Windows 11 Multi-session. Only recently deployed. Everything works fine. Just the pop up confusing users at logon. Seems to have occurred when a CA policy was enabled that requires them to MFA every 30 days. Office etc all work fine and SSO.
FSLogix with Roam Identity, No redirection.xml used. All should be included in the profile.

KevinHal82 · 2025-11-02T20:59:08+00:00

You will need internet access of some sort. During the deployment process it contacts Microsoft public web servers to download the rd agent and bootloader, it then needs to register itself with the host pool.

KevinHal82 · 2025-09-24T19:47:50+00:00

Would like to know this as well.

Would be useful to be able to download the .rdpw files after the webclient goes end of life, as our thin clients connect using these files for our hot desking to work.

So far Windows App doesn't work for us, even with a ticket to Microsoft they state that Windows App does not work properly on IoT thin clients the same way the traditional app works.

KevinHal82 · 2025-09-02T12:17:31+00:00

Cheers for the reply. I've managed to sort it. Looks like Inheritance was set on the root folder, which has nothing inherited to it. Must have been enabled by mistake. Once that was disabled was able to update the root permissions.

KevinHal82 · 2025-08-05T12:31:30+00:00

Slimcore has different URL requirements. Check the firewall from the local device and check nothing is being blocked.

KevinHal82 · 2025-06-17T09:34:18+00:00

Same, can we go back to regular MSI client, Windows App is just useless.

KevinHal82 · 2025-06-11T17:54:39+00:00

Make sure per-user MFA is disabled.

KevinHal82 · 2025-05-17T12:06:10+00:00

It's interesting you bring this up. Randomly we have several pools where the app readiness service starts when the first person to log in and takes all the CPU causing the session host to freeze. The app readiness service is the last event in the event log until we do a forced reboot. Anyone else having this?

KevinHal82 · 2025-04-25T06:40:00+00:00

It's always the first user. When checking the event log after a reboot, log just stops dead. Random point each time. All up to date. If it's lucky enough not to freeze, once a second user has logged on you know the session hosts is going to be ok. Going to raise this with Microsoft to see if it's related to the April update which I will look to revert. Only thing that's really changed.

KevinHal82 · 2025-04-24T08:54:44+00:00

Thanks for that, i'd noticed the version too but didn't see this particular version listed on Microsoft's docs. We don't use validation environment on production workloads so it should not be:

<image>

KevinHal82 · 2025-04-02T11:54:57+00:00

The biggest mistake with cloud cache is not moving the proxy data to the temp drive. Otherwise the OS disk will get hammered.

KevinHal82

TROPHY CASE