If you are having problems with Citrix Studio and Storefront being very slow on load, this article might help.

On Studio/Storefront startup, Windows tries to verify code integrity by checking the certificate revocation list (CRL) on the internet. If the server has no internet connection, this will result in the MMC being basically unusable. To fix this, CRL checking can be unchecked in the Internet Settings (intetcpl.cpl):

References:

https://support.citrix.com/article/CTX139325

If you have the misfortune of having to troubleshoot and repair boot issues on a virtual machine after a physical host crash, these two commands might help you.

First of all, try to get into the advanced settings on boot (it should be the F11 key), or after a while Windows (Server or 10/11) might automatically go into the menu when it cannot boot from disk. Alternatively a Windows ISO image can be used.

Once in the advanced settings, run the good old checkdisk command:

chkdsk /f C:

After completion, restart the VM and check if you are able to boot. If the issue persists, try restoring the registry database (once again through the advanced settings or a Windows ISO). A scheduled task regularly backs up the registry and puts it the folder C:\Windows\System32\config\Regbak.

copy C:\windows\system32\config\RegBack\* C:\windows\system32\config

Restart the VM and check if you are able to boot into Windows. If you still have issues, you should consider restoring from a backup (it sucks but sometimes it is unavoidable).

In an Active Directory environment, it is best practice to enable DNS Aging and Scavenging. Aging and Scavenging will ensure that old DNS entries (such as decommissioned servers or computers) are deleted regularly. You will find this option by opening the properties in DNS Manager under the advanced tab or in the properties of a Forward Lookup Zone.

For detailed information, check out https://www.windowstechno.com/dns-aging-and-scavenging/.

If you are having performance issues with your brand new File Server running on Windows Server 2019, particularly when working with small files over a network share, these PowerShell commands might save hours of troubleshooting.

Get-NetAdapter | Set-NetAdapterAdvancedProperty -DisplayName “Large Send Offload Version 2 (IPv4)” -DisplayValue “Disabled” -NoRestart

Get-NetAdapter | Set-NetAdapterAdvancedProperty -DisplayName “Large Send Offload Version 2 (IPv6)” -DisplayValue “Disabled” -NoRestart

Get-NetAdapter | Set-NetAdapterAdvancedProperty -DisplayName “Recv Segment Coalescing (IPv4)” -DisplayValue “Disabled” -NoRestart

Get-NetAdapter | Set-NetAdapterAdvancedProperty -DisplayName “Recv Segment Coalescing (IPv6)” -DisplayValue “Disabled” -NoRestart

Get-NetAdapter | Set-NetAdapterAdvancedProperty -DisplayName “Receive Side Scaling” -DisplayValue “Disabled” -NoRestart

Get-NetAdapter | Restart-NetAdapter

Note: The VM’s network adapter will be restarted, there will be a downtime of about 10 seconds.

References:

https://community.spiceworks.com/topic/2225989-server-2019-network-performance?page=8#entry-8745935

When syncing local AD users to Azure AD, you can configure Seamless Sign-On to automatically login to Microsoft 365 Apps like Sharepoint Online, OneDrive, or Exchange Online. This is very easy to do and will make logins for users less painful.

Assuming Azure AD Connect is already set up with Pass-through authentication (see https://www.ajni.it/2021/05/configuring-azure-ad-connect-for-user-synchronization/), just open Azure AD Connect and then hit “change user sign-in” and log in with an Azure AD Global admin. After that, select “Enable single sign-on”.

Enter Domain Admin credentials.

When the pre-checks is complete, hit configure and exit.

A Computer Account named AZUREADSSOACC will be created in Active Directory which allows the authentication validation between Azure AD and local Active Directory. The Kerberos decryption key is saved in the cloud and should be changed regularly. You can see that on the Computer account, service principal names are configured

Lastly, you can roll out the feature with Group Policy. The URL https://autologon.microsoftazuread-sso.com must be added to the intranet zone list, which allows the browser to send Kerberos tickets to that site.

The GPO can be found under User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Site to Zone Assignment List.

Status bar updates via script must be also enabled. This GPO is located under User Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Intranet Zone > Allow updates to status bar via script.

You can test the feature by opening portal.office.com. After entering the username, login should be done automatically without needing to insert a password.

References:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start