I leave you with a post of a curious thing that happened to me this week in a client, in a multi-domain environment with a two-way trust relationship, we have a XenApp community 7.6 where we have deployed several VDA servers in one domain and in the other to manage the applications of two different companies from a central point.

Here are the requirements you need for the VDA servers in the remote domain, can be successfully registered on our farm. The first thing will be to have a one-way or two-way relationship of trust. We will also confirm that we have the DNS forwarders properly configured, yes indeed, the reverse resolution is not mandatory. If we want to allow the creation of teams from XenDesktop, we must enable it through the AD Control Delegation.

You will need to make the following changes to the registration:

If the VDA and the broker are in different forests, in the VDA we added a 'REG_DWORD’ in ‘ HKEY_LOCAL_MACHINESoftwareCitrixVirtualDesktopAgent’ con el nombre ‘SupportMultipleForest’ and value ‘0x00000001 (1)’

Para VDAs de 64bit el path correcto sería ‘HKEY_LOCAL_MACHINE\Software\Wow6432Node\Citrix\VirtualDesktopAgent\’

Al igual, si el broker y los VDA están en distintos bosques, en el Controller deberemos realizar la misma modificación en ‘SupportMultipleForest’ en el path ‘HKEY_LOCAL_MACHINE\Software\Citrix\DesktopServer\’.

We must also create in the VDA the entry 'ListOfSIDs'’ and enter our SID that we can easily obtain through the XDPing tool in the Delivery Controller. To do this,, in 'HKEY_LOCAL_MACHINESoftwareCitrixVirtualDesktopAgent’ We created a 'REG_SZ’ with the name 'ListOfSIDs’ and as a value, The SIDs (Security Identifier) of the Controllers or Brokers.

And finally we must modify the file '%ProgramFiles%CitrixVirtual Desktop AgentWorkstationAgent.exe.config’ (in new versions of XenDesktop it will be called 'BrokerAgent.exe.config'); changing allowNtlm=”False” by allowNtlm=”True”

If you have any questions, you can look at the official documentation Here!.