Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hwle
New Contributor

Install TS Agent in Citrix Xendesktop Windows 2016 Server

Hi

 

We have recently deployed Fortiget with OS verion 6.0.0272-6325 and we plan to deploy TS Agent into our Citrix Xendesktop server which run Windows 2016 server 

 

All domain controllers have DC Agent install

Collector agent installed in one of domain joined application server

The mode is set to DC Agent mode rather Polling mode

AD access mode is set to advanced

LDAP is configured 

 

We have some issue installing TS Agent into our Citrix server

 

1. First we need to run command line below to modify the dynamic port ranges

 

"netsh int ipv4 set dynamicport tcp start=49152 num=16384" "netsh int ipv4 set dynamicport udp start=49152 num=16384"

 

Our Citrix servers seem to frequently hang/freeze after issuing this command line, revert the change and we do not see this issue

Is it common so that for Windows 2016 we need to change these dynamic port ranges? And any one is having issue above?

 

2. Even with the command line above issued and we checked the log of the TS Agent in Citrix server we frequently see this

 

11-20-2019 03:54:44 [00001534] Terminal Server Agent is starting..., version: 5.0.0276 11-20-2019 03:54:44 [00001534] WFP driver installed 11-20-2019 03:54:44 [00001534] Failed to read no_keepalive 11-20-2019 03:54:44 [00001604] failed to add session 0 11-20-2019 03:54:44 [00001604] failed to add session 1 11-20-2019 03:54:44 [00001604] failed to add session 65536 11-20-2019 03:54:44 [00001604] failed to add session 65537 11-20-2019 03:54:44 [00001604] failed to add session 65538 11-20-2019 03:54:44 [00001604] failed to add session 65539 11-20-2019 03:54:44 [00001604] failed to add session 65540

 

Our citrix server do not have any Antivirus, single NIC and single default gateway (point to fortinet firewall) 

 

3. In TSAgent setting in Citrix server, should we leave the Host IP address field blank? 

 

4. Ticket logged with fortinet but they are painfully slow to respond and classify this as P4 

2 REPLIES 2
Fishbone_FTNT

Hi hwle,

I am bit surprised servers hang already on netsh commands. Isn't the real problem somewhere else? Maybe the dynamic pool is too small, or maybe the rest for the system is too small. It would be good to investigate. Have a look at number of opened connections before you tun netsh and modifying ephemeral port pool. Subsequent tsagent failures may be impacted by the same  thing.

 

Just an idea.

Fishbone)(

smithproxy hacker - www.smithproxy.org

hwle

thanks Fishbone

 

I have somehow made the TS agent to work properly

I installed the DC agent as well in our domain controllers and select DC agent mode rather Polling mode

Both Citrix servers and Domain controllers now seem to report log on detail to fortigate unit correctly

I then create the security policy which specify the SSO group users be able to access the internet (all web traffic)

LDAP have been configured and test successfully 

i then check the Monitor traffic session in firewall but dont see any detail traffic 

Am I missing anything?

Labels
Top Kudoed Authors