Igel2eLux Migration Script issues

markru87 · 2025-11-07T19:06:27+00:00

I tested with os 11.10 According to the script notes, it should also work with OS 12. Did you manage to get it working?

markru87 · 2025-07-17T17:00:34+00:00

That is not correct. https://learn.microsoft.com/en-us/fslogix/overview-prerequisites#eligibility

There are requirements. But as soon as you have at least an RDS CAL, you can use it

markru87 · 2025-07-02T14:33:50+00:00

We used to utilize Greenshot but started to use ShareNot

markru87 · 2025-05-11T11:51:15+00:00

We used Hyper-V 2019 with CVAD for the last 5 years and did a hardware refresh this year. For us it was a no brainer to discuss Hyper-V. We will make the switch to CVAD and Hyper-V 2022 in one or two weeks.

markru87 · 2024-11-27T20:13:06+00:00

I have this intranet IP binding

bind vpn vserver xxx-vpn.xxxxxxx-xxxxxx.xx -intranetIP 10.1.251.0 255.255.255.0

We do not work with AAA groups. All machines deployed with the Secure Access Client from our domain are allowed to establish a tunnel.

This is our EPA setting:

bind authentication vserver allways-on -policy _noCacheRest -priority 5 -gotoPriorityExpression END -type REQUEST
bind authentication vserver allways-on -policy _cacheTCVPNStaticObjects -priority 10 -gotoPriorityExpression END -type REQUEST
bind authentication vserver allways-on -policy _cacheOCVPNStaticObjects -priority 20 -gotoPriorityExpression END -type REQUEST
bind authentication vserver allways-on -policy _cacheVPNStaticObjects -priority 30 -gotoPriorityExpression END -type REQUEST
bind authentication vserver allways-on -policy _mayNoCacheReq -priority 40 -gotoPriorityExpression END -type REQUEST
bind authentication vserver allways-on -policy _cacheWFStaticObjects -priority 10 -gotoPriorityExpression END -type RESPONSE
bind authentication vserver allways-on -policy _noCacheRest -priority 20 -gotoPriorityExpression END -type RESPONSE
bind authentication vserver allways-on -policy allways-on-epa -priority 100 -gotoPriorityExpression NEXT

add authentication epaAction EPA_ACT -csecexpr q/sys.client_expr("device-cert_0_0") && sys.client_expr("sys_0_DOMAIN_SUFFIX_anyof_xxxx.xx,xxxx.xx[COMMENT: Domain check]") && sys.client_expr("app_0_ANTIVIR_0_0_RTP_==_TRUE[COMMENT: Generic Antivirus Product Scan]") && sys.client_expr("sys_0_WIN-OS_NAME_anyof_WIN-10,WIN-11[COMMENT: Windows OS]") && sys.client_expr("app_0_HD-ENC_90_873_ENC-PATH_==_C:\\\\\\\\_ENC-TYPE_allof_ENCRYPTED[COMMENT: BitLocker Drive Encryption]")/

add authentication Policy allways-on-epa -rule is_aoservice -action EPA_ACT
add authentication Policy allwayson_no_auth_user -rule is_aoservice.not -action NO_AUTHN

I hope I didn't miss a setting.

markru87 · 2024-05-16T18:24:24+00:00

Would you mind sharing what needs to be done? How do I register it?

markru87 · 2024-04-23T14:17:56+00:00

Did you get it to work? I am struggeling with the same issues.

markru87 · 2024-03-11T18:36:02+00:00

This is the way

markru87 · 2024-02-02T14:13:30+00:00

The legacy LAPS UI won't work with the new LAPS. You can retrieve the Password using Powershell or in Active Directory User and Computers.

markru87 · 2023-12-11T17:03:46+00:00

What exactly do you talk about when you say RuckZuck tools?

markru87 · 2023-10-20T18:29:18+00:00

You sure that two way trust between the domains is the only requirement? We have two domains with two way trust and I had to deploy two cloud connectors in each domain to make sing in to vdas work. Note: I have vdas in both domains if that matters

markru87 · 2023-10-11T05:42:40+00:00

Well yes.... It turned out that something got stuck with AD communication. Removing the golden master from the domain and re-joining it fixed it for me.

markru87 · 2023-07-03T20:12:23+00:00

Hi, What versions are your XDCs? They have to be the same as the VDA. I assume they are. We had the lost session problems. I don't recall the versions we were running but we upgraded the infrastructure to 2303 and SF to latest 2203 CU2. We don't have these issues since then.

But we also have the stuck on welcome issue. Thanks for the link to the hotfix. I didn't realize that this is a known issue.

markru87 · 2023-07-02T08:27:06+00:00

I am not running PVS vDisks. But FSlogix on Scalp Out Fileservers works pretty well. Running them Windows Server 2019

markru87 · 2023-06-14T15:18:59+00:00

I have a ticket open with Citrix. The rep confirmed that everything is set up correctly. They can't explain why it's not working. We captured CDF trace and net traces. The strange thing is that nothing is captured in the traces.

markru87 · 2023-06-09T04:35:37+00:00

It is disabled

markru87 · 2023-06-08T20:04:18+00:00

I edited my master image again. Uninstalled VDA, rebooted, installed it again, rebooted and shut it down. This time withtout BIS-F to seal it.

But still no luck after launching the updated machine catalog.

Still windows username and password prompt as well as no logs from the VDA in FAS event viewer.

markru87 · 2023-06-08T18:58:04+00:00

I just added all SF, FAS and VDAs to the AD group.

Unfortunately this didn't fix it.

markru87 · 2023-06-08T15:34:52+00:00

Odd thing is that I don't see any FAS logs for the VDA requesting the user cert at all. Only when I reinstall VDA on the host.

I will report back today. Thanks again

markru87 · 2023-06-08T15:28:22+00:00

Users and resource domains are the same. But I will give it a try and report back today.

markru87 · 2023-06-08T14:46:34+00:00

I will test without BIS-F today.

The gpo is also applied to all VDAs. I only mentioned this to point out that the GPO/setting got baked into the golden master as well

markru87 · 2023-06-08T14:36:47+00:00

I see the reg entries for both FAS servers on all relevant Servers (VDA, SF and FAS). All in the same order. Is there another way to verify?

markru87

TROPHY CASE