With the repetitive unsuccessful VDA installation with RedHat (Invalid Login), I had to try with another OS. Let's got for Ubuntu Desktop 22.04.3
Ubuntu Desktop installation 22.04.3
you can download the iso here :
The installation is straight forward and very simple.
Before we begin, make sure
To check the hostname of this machine :
hostname -f # should give you the fqdn if not follow the next line
sudo nano /etc/hostname # write your hostname here without the domain and save
sudo nano /etc/hosts # one line should remains 127.0.0.1 hostname-fqdn hostname localhost and save
To disable the multicast DNS
sudo nano /etc/nsswitch.conf
hosts: files mdns_minimal [NOTFOUND=return] dns
To:
hosts: files dns
and save
Installation of all the prerequisites
you will thanks me later for this one, there are a few...
sudo apt update
sudo apt install openjdk-11-jdk imagemagick libgtkmm-3.0-1v5 ufw ubuntu-desktop libxrandr2 libxtst6 libxm4 util-linux gtk3-nocsd bash findutils sed cups libmspack0 ibus libgoogle-perftools4 libpython3.10 libsasl2-modules-gssapi-mit libnss3-tools libqt5widgets5 libqrencode4 libimlib2 libsasl2-2 libsasl2-modules-gssapi-mit libldap-2.5-0 krb5-user libgtk2.0-0
SQLite installation
To store all the information needed for the VDA to connect and store applied policies etc...
sudo apt-get install -y sqlite3
PBIS installation and domain join
This will allow to join the computer to the Active Directcory domain
sudo wget https://github.com/BeyondTrust/pbis-open/releases/download/9.1.0/pbis-open-9.1.0.551.linux.x86_64.deb.sh
sudo chmod +x pbis-open-9.1.0.551.linux.x86_64.deb.sh
sudo sh pbis-open-9.1.0.551.linux.x86_64.deb.sh
sudo /opt/pbis/bin/domainjoin-cli join yourdomain.local adminuser
sudo reboot
DotNet runtime installation
You can download it here, download the latest ASP.NET Core Runtime version, binaries, x64
sudo mkdir /opt/dotnet
sudo tar zxvf aspnetcore-runtime-6.0.26-linux-x64.tar.gz -C /opt/dotnet
Citrix Linux VDA installation
You need to download it from here
sudo dpkg -i /yourpath/xendesktopvda_23.11.0.66-1.ubuntu22.04_amd64.deb
sudo apt-get install -f
sudo nano /etc/xdl/db.conf # replace posgresql by SQLite and save
And then we can proceed to the configuration
export CTX_XDL_NON_DOMAIN_JOINED='n'
export CTX_XDL_AD_INTEGRATION=pbis
export CTX_XDL_DDC_LIST='fqdndeliverycontroller1 fqdndeliverycontroller2'
export CTX_XDL_VDI_MODE='y'
export CTX_XDL_HDX_3D_PRO='n'
export CTX_XDL_START_SERVICE='y'
export CTX_XDL_REGISTER_SERVICE='y'
export CTX_XDL_ADD_FIREWALL_RULES='y'
export CTX_XDL_DESKTOP_ENVIRONMENT= '<none>'
export CTX_XDL_DOTNET_RUNTIME_PATH='/opt/dotnet'
export CTX_XDL_VDA_PORT='80'
export CTX_XDL_SITE_NAME='<none>'
export CTX_XDL_LDAP_LIST='<none>'
export CTX_XDL_SEARCH_BASE='<none>'
export CTX_XDL_SUPPORT_DDC_AS_CNAME='y'
export CTX_XDL_FAS_LIST='fqdnfasserver'
sudo -E /opt/Citrix/VDA/sbin/ctxsetup.sh
You can make sure everything is fine by running
sudo systemctx status ctxvda.service ctxhdx.service
And of course I got the fucking Invalid Login message ! 😠
Let's check the logs now, logs file related to the VDA are located here /var/log/xdl
user@ubuntu01:~$ sudo tail -f /var/log/xdl/jproxy.log
2024-01-26 15:24:13.267 [INFO ] [1] - Krb5 ticket cache file spec: /tmp/krb5cc_<uid>
2024-01-26 15:24:13.371 [INFO ] [19] - [VDA POLICY]: Start Ldap proxy Server.
2024-01-26 15:24:13.392 [INFO ] [20] - Start kerberos proxy server.
2024-01-26 15:24:13.397 [WARN ] [15] - FASProxyServer.prepareFasServer: failed to prepare FAS Server. Please confirm if FAS Server is configured correctly. If you are not using FAS, please ignore this warning.
2024-01-26 15:24:16.401 [INFO ] [34] - Listening on /var/xdl/.cbpcontroller for incoming data..
2024-01-26 15:24:16.401 [INFO ] [34] - Start CBP Proxy Server.
2024-01-26 15:24:16.402 [INFO ] [34] - Clean the sock file if it exist
2024-01-26 15:24:16.402 [INFO ] [34] - Listening for incoming data...
2024-01-26 15:24:16.402 [INFO ] [34] - Modify sock file attr
2024-01-26 15:24:42.916 [INFO ] [18] - LdapServerMonitor.checkLdapServer start wait timer event occur
Ok so there is something wrong with FAS initial setup, so let's redo this part by executing this script :
sudo bash /opt/Citrix/VDA/sbin/ctxfascfg.sh
result :
ctxfascfg.sh sets up Federated Authentication Service for the Linux VDA, which includes the automatic installation of
the necessary packages and changes to the configuration files.
Step 1: Check the current OS platform.
The platform is ubuntu. [Pass]
Step 2: Get the Active Directory integration method.
Step 3: Install dependent packages.
[Success]
Step 4: Configure krb5.conf.
The Federated Authentication Service (FAS) servers are configured through AD Group Policy. But because
the Linux VDA does not support AD Group Policy, you can provide a semicolon-separated list of FAS servers instead.
Caution 1: The sequence must be the same as configured in AD Group Policy.
Caution 2: If any server address is removed, you must fill its blank with the '<none>' string and keep the
index of server addresses without any changes.
If required, please specify the list of FAS servers (e.g., fasserver.company.com): fqdnfasserver
Specify the KDC hostname:fqdndomaincontroler
Specify the path to store the root CA certificate and all intermediate certificates) (e.g., /etc/pki/CA/certs/):/etc/pki/CA/certs/
/etc/krb5.conf configuration finished.
Step 5: Configure PAM ctxfas. [Success]
ctxfascfg.sh finished successfully. Federated Authentication Service is ready.
Don't forget to put your CAroot to the /etc/pki/CA/certs folder beforehand
Let's try again :
It's all good, after reboot it's still good.
I don't understand what the hell is wrong with RedHat VDA installation, never got it to work with RedHat 8 and 9....