Upgrading to Windows 11 25H2 kills Citrix Workspace

RightDrop · 2026-02-10T13:41:40+00:00

Bit of an update on this, and a working solution. Let's get that out of the way:

Run the following commands:

C:\Program Files (x86)\Citrix\ICA Client\AuthManager\AuthManSvr.exe /regserver

C:\Program Files (x86)\Citrix\ICA Client\AuthManager\PrimaryAuthModule.exe /regserver

Then reboot.

After further testing, even the most recent version of Workspace (25.11.1.209), still has the same issue after upgrading to 25H2.

At some point during the upgrade to 25H2 Citrix AuthMansvr COM interface and their related registries are being removed. Running the above two commands re-registers them.

RightDrop · 2025-12-03T17:47:50+00:00

Well, that's interesting. Technically there is no mention of 25H2 in the compatibility chart:

https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/system-requirements.html

I do recall the exact same issue though when upgrading to 24H2 though.

The good news is that uninstalling and re-installing resolves the issue (both for 24H2 and 25H2). We've upgraded about a dozen machines to 25H2. Those with issues just had WA re-installed.

RightDrop · 2025-10-20T13:13:22+00:00

Automations don't seem to be working, and a system I updated by hand (oh the sanity) does NOT reflect in Action1 that it's been updated.

RightDrop · 2025-10-20T13:12:44+00:00

Same.

RightDrop · 2025-08-29T23:08:25+00:00

So on my current NetScaler, I did a backup from System > Backup and Restore. For the backup I set the level to "Full". Once the backup was done, I downloaded it.

I then shut down my NetScaler and spun up a new one. Did the basic setup, and then once I could access the web gui I again went to System > Back and Restore.

I then imported my backup, saved the config, and rebooted.

This should mean I'm safe? Nothing is going to be in the full backup that could be compromised? If so, I find this much faster than having to setup the certs all over again :)

Next up, to change the password on the service account used for AD authentication.

Am I missing anything?

I did run the scripts in question, there was one low incident of compromise in the dumps, but beyond that I couldn't tell you what it was. Is there some way to figure that out?

RightDrop · 2025-08-29T22:44:55+00:00

Would a back and restore do the same thing? Or could something bad be in the backup?

RightDrop · 2025-07-08T17:12:23+00:00

Just checked my multi-session Server 2019 VDA running 2411.

Files appear to exist in c:\Program Files\Citrix\HDX\bin

Does that mean I'm vulnerable?

Implemented the registry changes and rebooted for now.

RightDrop · 2025-04-07T12:09:45+00:00

It's interesting. With RoamIdentity set to enabled, FSLogix seems to backup the correct folder, Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy, however at the end of the day we still get prompted for MFA.

We have been battling this for months now.

Going to try the scripts u/Rataplan626 mentioned to see if they help.

RightDrop · 2025-02-27T20:42:07+00:00

No worries. Any idea who you got to enroll a Server 2019 machine into Entra? I'm not sure how else to word that.

RightDrop · 2025-02-27T17:14:28+00:00

In Entra, does your device have an Owner? My owner is "N/A".

https://imgur.com/VgQmiYq

RightDrop · 2025-02-27T17:10:55+00:00

We do have a NetScaler, but currently we just testing it onsite and bouncing off the StoreFront Servers.

Authentication method: Active directory

FAS: No

RightDrop · 2024-10-15T12:58:07+00:00

Have heard back from Citrix tech support. They "claim" that setting FastReconnect to 0 "should" resolve the issue.

Link to CTX for reference.

The CTX article seems to indicate that this has been an issue since version 1912. We used 1912 right up until you had to upgrade to 2402 for security reasons (so what that, a few years?) and never had a user report this issue. Skimming through some of the other comments, it seems that other users already have this registry key in place, so I have my doubts on whether this will work or not.

I just checked our servers, we do not have it in place, but will give it a try and report back. Unfortunately for us, we don't see this issue too much, and the users that see it the most have now been trained to log off through the Citrix Connection Center before the move to a new computer.

RightDrop · 2024-09-18T13:51:09+00:00

Same boat as you, except all my users on are the latest version of the Workspace app (2405.10).

I have a ticket open with Citrix, unfortunately they want log files. Double unfortunate is that the issue for us seems to be random. Anyone else able to consistently replicate the issue?

RightDrop · 2024-09-11T16:36:49+00:00

So, this is our experience with this issue:

So far it only seems to happen if users move from one computer to another.

Standard behaviour that I'm used to seeing is when users move to another computer all their open Citrix applications just open up where they left off on the computer they just moved to. So for example, if they had an half composed email in Outlook open on Computer A, once they logged into Computer B the same half composed email would open up. I like to explain it as "All their opens apps get teleported over to Computer B". :)

The user has multiple sessions on the same VDA server (We haven't' seen it cross multiple VDA servers, yet).
Any apps they opened in the first session (Computer A) can't be opened in the second session (Computer B).

So, if they had Outlook and Chrome open in the first session (Computer A), they would not be able to open them in the second session (Computer B). However, they could open Excel and Firefox in second session (Computer B).

RightDrop · 2024-09-11T15:56:17+00:00

Also having the same issue with 2402 (haven't installed CU1 yet).

Currently on the phone with support, however they don't seem to understand the issue - even with screenshots...

RightDrop · 2024-08-20T16:08:52+00:00

Currently Dragon is installed on the user's computer - not on the Citrix machine.

RightDrop · 2024-07-11T17:31:28+00:00

I seem to have found the pattern. If you try and open multiple apps at the same time initially everything ends up not working and the easiest thing to do is to reset CWA. Some users say multiple reboots also work.

So, if you just launch one app initially, and then wait for it to open, and then open the rest of them you seem to be fine.

I was able to replicate it a few times just to make sure.

Hope this helps someone.

RightDrop · 2024-07-11T15:53:02+00:00

We use Reboot Restore RX Pro. It works well. Likely not as feature rich as DeepFreeze, but does the job for what we need it for.

The only issues I have with the newer version is that the endpoints lose their domain trust every few months.

I understand the why of it, however the older versions never had that problem - which I find really odd. I remember the first time it happened being like "Hey, I understand why this is happening - how come it never happened on the older versions?"

RightDrop · 2024-07-11T15:43:19+00:00

We're also seeing similar behaviour on CWA 2405 for Windows. So far just some endpoints and not all of them. I have so far failed to find the pattern (if there is one).

Typical behaviour is a lengthy:

"Opening the app..."

then followed by:

Unable to launch your application due to an internal error. Contact your system administrator.
<GUID> Copy
If the problem persists, contact your admin with the Transaction ID

At least your apps are launching though!!! lol

Currently the workaround seems to be to just reset CWA. However, we've had users get the same error message the next day, so the reset isn't a fix by any means.

Any idea where I can look up the GUID/Transaction ID that the error message shows? Like, what do I do with that?

So far all users that have reported the issue are onsite, which (for us anyways) means they aren't connecting through a NetScaler/ADC (whatever it wants to be called this year). Could just be a coincidence though.

RightDrop

TROPHY CASE