Issues using Microsoft DirectAccess with Citrix Cloud

When migrating a Customer to Citrix Cloud I encountered a specific issue I had problem with finding the correct answer to when searching the internet. It’s an problem we solved long ago but when we migrated to Citrix Cloud we realized we could not solve it like before. Take a look in the ”Problem” section to see if you recognize the issue.


After migrating the Citrix Delivery Controller to Citrix Cloud some users started to encounter a specific issue where they where not able to start their desktop. They got an error message saying the the resource could not be found when trying to start their Desktop, but they only experienced this when working from home with their Company computer. On the office or on a private computer it works as usual. This is however not a new problem, the users Company computers is using Microsoft DirectAccess and basically when it was utilized they had this specific problem, and we know what needs to be done to solve this.


The cause of this issue is related to how Microsoft DirectAccess (DA) is communicating. DA is exclusively communicating with IPv6, and when a user tries to start a resource and the broker (Citrix Delivery Controller) assign a target server (VDA) to the ICA-file it is specified with a IPv4-address. As you can figure out DirectAccess will not be able to resolve this address.

The solution for an on-premise Citrix solution has been to activate the DnsResolution option on the Citrix Delivery Controller with the Set-BrokerSite cmdlet’s in PowerShell. The target server will then be specified as a ”hostname” rather than IPv4, and DirectAccess will be able to resolve the name. This however will not work in Citrix Cloud, you don’t have permission to use the Set-BrokerSite cmdlet, it’s disabled to maintain integrity of the service.


Unfortunately there is nothing you can do today to change this, but if you create a Citrix Case they will help you. They can activate it from their end in your Citrix Cloud Tenant. Make sure you include the Customer ID and Organization ID.


Please add a comment or contact me directly at if you have any questions or thoughts!

Disclaimer: All information on this blog is offered "as is" with no warranty. It is strongly recommended that you verify all information and validate all scripts in isolated test environments before using them in production environments.