Citrix Receiver can now use User Datagram Protocol (UDP) to support audio remoting of a XenDesktop session through a Netscaler Gateway.
This document is a distilled version of the discussion that can be found here.
Environment
Client/Citrix Receiver
You must be using Citrix Receiver 4.2 or later. (In my environment, I have a Windows 8.1 client running Windows Receiver 4.2.0.10).
Use Edit Group Policy (locally or at domain level) to make the following changes :
1) Import the Citrix Receiver Icaclient.adm template (typically) from C:\Program Files (x86)\Citrix\ICA Client\Configuration\icaclient.adm
2) Edit Administrative Templates > Classic Administrative templates > Citrix Components > Citrix Receiver > User Experience > Client audio settings.
- Enable audio
- Sound quality medium
- Enable Real-Time transport (16500 – 16509)
- Allow Real-Time transport through Gateway
Use a cmd window to run gpupdate /force.
Further details of this process are at at http://support.citrix.com/article/CTX121613
XenDesktop Controller
You must be using XenDesktop 7.6 or later. (In my environment I have a Windows Server 2012 R2 Desktop Controller running XenDesktop 7.6).
Using the policy editor in Desktop Studio to set the following: audio quality = medium
XenDesktop VDA
You must be using XenDesktop 7.6 or later. (In my environment I have a Windows 8.1 VDA running XenDesktop 7.6).
NetScaler Gateway
At the time of this writing, UDP Audio is only available if using NetScaler Gateway 10.5e build 53.9010 or later 10.5e build. Although UDP Audio is likely to be included in future main-line builds, for now it is important to use 10.5 e (enhancement) build.
I created a NetScaler Gateway using the Wizard as described in http://support.citrix.com/article/CTX200287
To allow UDP Audio:
- Enable the DTLS flag on the Netscaler Gateway Virtual Server.
- Unbind the SSL certificate pair from the NetScaler Gateway Virtual Server.
- (Re)bind the SSL certificate pair to the Netscaler Virtual Server. (Note:when rebinding the SSL certificate I got an error message about “No usable ciphers configured on the SSL vserver/service.” This is a known issue and can be ignored).
Internet Firewall: Additional rules must be added to your firewall(s) to allow the following UDP traffic.
- Client/Citrix Receiver > NetScaler Gateway – UDP/443
- Netscaler Gateway > XenDesktop VDA – UDP/16500-16509
Testing
Initial testing
My initial test of UDP audio is to use:
- Downstream Audio – On the XenDesktop VDA use Control Panel > sound > sounds > Test one of the program event sounds (asterisk) for downstream audio
- Upstream Audio – On the XenDesktop VDA use Windows Sound Recorder.
Further testing
Windows Media Player is not suitable for testing UDP Audio unless Windows Media Redirection is disabled using the policy editor in XenDesktop Studio. However, you can use a program such as VLC (http://www.videolan.org/vlc/index.en_GB.html) to play an MP3 audio file on the VDA or RDS server, and then listen to it on the client system.
Measurements of Success
On the NetScaler Gateway Console:
Configuration > Netscaler Gateway
In the right-hand pane – Monitor Connections > DTLS ICA Connections
Will show a list of DTLS ICA Connections (using UDP Audio)
On a XenDesktop VDA or RDS Server:
Use a network protocol analyser program such as Wireshark (https://www.wireshark.org/) on the XenDesktop VDA or RDS server.
Start a non-promiscuous capture, with a capture filter of “udp” (no quotes), and then run the tests described above.
On a XenDesktop Desktop VDA (e.g. Windows 8.1)
Note: The following test does not currently work on a XenDesktop RDS server.
- Run HDX Monitor 3 on the VDA
- (HDX Monitor is described in http://support.citrix.com/article/CTX135817)
- On the Attribute tab in Audio, the following will indicate whether UDP audio is in use.
- Audio over UDP = Active
- On the WMI tab in Audio, the following will indicate that UDP/RTP status.
- Component_RTP_bHandShakeSuccess = True
- Component_RTP_Enabled = True
- Component_RTP_InUse = True
- Component_RTP_RTPClientCaps = True
- Component_RTP_ServerPolicyValueRTPEnabled = True
- Component_RTP_UDPHandshakeProgress = 3
- Policy_AllowRtpAudio = True
Troubleshooting
Problems may be seen in the following situations:
- Firewall not allowing UDP traffic through
- On the NetScaler Gateway Virtual Server – Not unbinding and (re)binding the SSL certificate after setting the DTLS flag.
- Forgetting to save the NetScaler Running Configuration after making changes.
If problems persist and HDX Monitor says “Audio over UDP could not be used because the UDP ping message from the client was not received by the host,” and all things have been checked, unbind/rebind the SSL certificate, save the running configuration, and have another try.
April 2016
I recently retested UDP audio though a NetScaler Gateway with some later software versions and came across an issue that appeared to be related to my NetScaler 11.0.62.10.nc, where I had used an SSL key length of 1024.
The effect was that UDP audio did not work, and HDX Monitor informed me that “Audio over UDP could not be used because the UDP ping message from the client was not received by the host”.
The workaround/fix for me was to recreate the SSL key and certificate, by rerunning the Server Certificate Wizard, as described in http://support.citrix.com/article/CTX200287, using 2048 in Create Key > Key Size.
Citrix Receiver – 4.4.0.8014
NetScaler Gateway – 11.0.62.10.nc
XenDesktop VDA – >7.8 (beta) on Windows 10