Migration of Citrix databases

With the latest Citrix Virtual Apps & Desktops (CVAD) LTSR version, older SQL Server versions have been discontinued. If you want to keep your environment stable and supportable, there is no way around migrating the Citrix databases (site, logging, monitoring) to modern SQL servers (2019/2022). Whether cluster, always on or mirroring – the procedure remains essentially the same. In this article, I will show you step by step how to migrate securely.

1. Prerequisites

Complete backups of all Citrix databases
Backups/VM snapshots of the delivery controllers (DDCs)
New SQL Server (Cluster, Always On or Mirror)
Same SQL version on Principal and Mirror

Install new Microsoft Teams (version 2) in Citrix

The New Teams version (sometimes also called Teams 2.0) will become the new standard for Microsoft’s communication platform from July 1, 2024. On October 1, 2024, the Classical Teams client in the VDI context will reach its end of support and, according to the latest news, its end of availability date on July 1, 2025. These end dates have been adjusted several times in recent weeks.

SAML Authentication between Citrix & Microsoft with Azure MFA

Update to the latest cloud navigation.

As a result of increasing projects, here is a little how-to with the summary of my previous articles. The main points are:

Azure AD Seamless Single Sign-On (PTA / PHS)
SAML Authentication (Azure AD as IdP & Citrix Gateway as SP)
Citrix Federated Authentication Service (FAS)
Microsoft Azure Multi-Factor-Authentication with Conditional Access

Requirements

Fully working Citrix Virtual Apps and Desktop Environment (StoreFront & DDC Minimum Version 7.9)
NetScaler with successful base configuration & activated Enterprise or Platinum license (Minimum Version 12.1 Build 50+ for native workspace app, for browser Minimum Version 11.1)
Configured Unified Gateway vServer
Internal and external DNS entries for Unified Gateway vServer (e.g. citrix.deyda.net)
Certificates for DNS entries (wildcard certificates are the easiest)
Existing Azure Tenant with Azure-AD base configuration (Domain, AAD Sync) & activated Azure AD Premium license
AD Connect version installed and configured (Minimum Version 1.1.644.0)
Firewall release for *.msappproxy.net on port 443
Domain administrator credentials for the domains that connected to Azure AD via AD Connect
Installed Authenticator App on Test User Mobile Phone

Install Teams & OneDrive in Citrix (Machine-Based)

Update of the existing article to the latest requirements and features.

Microsoft Teams

User Based Microsoft Teams

The standard installation that the user can perform, e.g. via the Microsoft365 Apps portal, is a user-based installation. In the Citrix environment, this is only recommended for desktop operating systems (pooled or personal desktop).

A User-Based Installation can be detected very quickly in the User Profile, because data are then located under AppData\Local\Microsoft\Teams.

This type of installation in a worker with server operating system has many cons:

No control over the installed version
Several different versions possible installed on the same worker
Complete data (~1 GB) are in the user profile

Why a Windows Server 2019 VDI should be Hybrid Azure AD joined

What is Hybrid Azure AD Join ?

Let’s just start with the official definition from the Microsoft documentation:

Hybrid Azure AD Join: Joined to on-premises AD and Azure AD requiring organizational account to sign in to the device.

This means that after the device is Hybrid Azure AD joined, it behaves the same as any other computer connected to Active Directory.

Sign in with an Active Directory account is required.
User credentials are verified against an Active Directory domain controller.
Group Policy objects for users & computers read from the domain controller are applied automatically.

After the Active Directory connection process is complete, additional steps are performed asynchronously in the background to register the device in Azure AD as well.