Teams Slimcore optimization on Citrix - Deep Dive
Microsoft started rolling out General Availability for Citrix customers on December 09, 2024.
Fernando Klurfan (PM for Cloud Services, virtual desktops (VDI) and multimedia at Microsoft) wrote a detailed community article about this on December 13, 2024:
This eliminates the need to enroll users in the beta channel in the Teams admin center, and Slimcore gets activated if all prerequisites are met. For those of us in the EUC field who have been smashing our heads against the wall with the new Teams, this finally brings good news — and it’s a welcome relief.
Slimcore still has a few limitations; for example, since it is an MSIX Package, it is currently limited to Windows only. macOS and Linux are on the roadmap.
Table of Contents
Benefits
SlimCore means better performance and updates are now handled exclusively by Microsoft. The Workspace app is fully decoupled, allowing faster feature rollouts and seamless updates.
Features only available with Slimcore on Citrix |
---|
1080p |
Hardware acceleration on endpoint |
Gallery View 3x3 and 7x7 |
Quality of Service |
Noise suppression |
Voice isolation |
HID |
Presenter mode |
Teams Premium (Pending: Watermark, Townhalls, Decorate my Background) |
Organizational custom backgrounds (Teams Premium license required) |
Zoom +/- |
Media bypass, Location-based routing, Operator connect |
Call quality dashboard and Teams admin center |
General Requirements
Category | Requirement |
---|---|
Teams Version | 24295.605.3225.8804 (verify in Teams under Settings -> About Teams). |
VDA Version | 2203 LTSR CU3 or later, 2305 CR or later. |
Citrix Workspace App | 2203 LTSR (any CU), 2402 LTSR (any CU), or 2302 CR or later. |
MsTeamsPluginCitrix | Version 2024.41.1.1. |
Endpoint OS | Windows 10 version 1809 or later (SlimCore minimum requirement). |
GPO Configuration | GPOs must not block MSIX installations for SlimCore. |
Hardware Requirements | Minimum CPU: Intel Celeron (or equivalent) @ 1.10 GHz, 4 cores. Minimum RAM: 4 GB. |
Supported Endpoints | SlimCore Optimization is currently available only for Windows endpoints. macOS and Linux support is planned. |
Published Applications | SlimCore Optimization is not yet supported for published (seamless) Teams applications. Use Citrix HDX Optimization for published apps. |
Virtual Channel Allow List | MSTEAMS,C:\Program Files\WindowsApps\MSTeams*8wekyb3d8bbwe\ms-teams.exe MSTEAM1,C:\Program Files\WindowsApps\MSTeams*8wekyb3d8bbwe\ms-teams.exe MSTEAM2,C:\Program Files\WindowsApps\MSTeams*8wekyb3d8bbwe\ms-teams.exe |
Note for the VDA
VDA Version must be at least 2203 LTSR CU3, 2402 LTSR (any CU) or 2305 CR. However, these versions are now outdated and no longer supported (except 2402 LSTR, as the newest CU is CU1). It is strongly recommended to upgrade to the latest version to ensure security and compatibility.
LSTR 2203 CU3 and CR 2305 are affected by a critical vulnerability (CVE-2024-6151) that allows local privilege escalation. For more details, refer to the Citrix security bulletin: CTX678035.
OS for the General Usage of Teams 2.0 on your Worker/VDI
Server OS:
- Windows Server 2019 (10.0.17763)
- Windows Server 2022 (20348.2402 or higher)
- Windows Server 2016 is NOT supported.
Client OS:
- Windows 10 version 19041 (excluding Windows 10 LTSC for Teams desktop app) or later
- Windows 11 versions 22H2 or later. General support for Windows 11 21H2 was ended with Oct 8, 2024.
- Sources:
Please do not use Server 2019 anymore; it will save you a lot of headaches when using Teams or OneDrive. We are talking about an LTSC OS with a feature level of 1809. This version was developed in September 2018, which speaks for itself.
Version of Teams 2.0 on your Worker/VDI
Teams 2.0 must be version 24295.605.3225.8804 on Citrix. This version was released on November 18, 2024.
Teams 2.0 on the Worker/VDI should not update itself automatically, so keep this in mind and ensure you manage updates manually to maintain compatibility and avoid unexpected issues.
See: Version update history for Teams app deployments – Office release notes | Microsoft Learn
Updating and deploying Teams 2.0 on VDI can be challenging, but there are effective solutions available.
Server 2019: Powershell-Scripts/install-new-teams-srv2019.ps1 at main · Koetzing/Powershell-Scripts
Server 2022, Windows 10 and Windows 11 Multi-User: https://github.com/Koetzing/Powershell-Scripts/blob/main/install-new-teams.ps1
Note for the Virtual Channel Allow List
Virtual Channel Allow List must be configured as follows:
a) Enabled:
Include the following exclusions:
MSTEAMS,C:\Program Files\WindowsApps\MSTeams*8wekyb3d8bbwe\ms-teams.exe
MSTEAM1,C:\Program Files\WindowsApps\MSTeams*8wekyb3d8bbwe\ms-teams.exe
MSTEAM2,C:\Program Files\WindowsApps\MSTeams*8wekyb3d8bbwe\ms-teams.exe
If you’re also using other Virtual Channels, such as ControlUp, Webex, or Zoom, make sure to include those exclusions in your allow list.
b) Disabled:
This configuration is not recommended as it poses a significant security risk.
- The Virtual Channel Allow List is enabled by default with 2203 LTSR (any CU) and above or 2109 CR and above.
- Wildcards for the Virtual Channel Allow List policy are supported starting with 2203 LTSR CU2 or 2206 CR and later. The use of recent versions is crucial once again.
Now we are getting to the crucial part - the endpoint
There are several options to deploy this to the endpoint. Please do NOT install the plugin manually, as it will not receive automatic updates, leaving you responsible for manually updating the plugin.
You don’t want to do that.
However, if your endpoint really cannot have any connection to Microsoft’s CDN, installing it manually is your only option. In this case, you should ask yourself why you’re even using Teams.
Install the plugin via Citrix Workspace App
Installation via Command Line:
- For managed devices, deploy the Citrix Workspace app with the
/installMSTeamsPlugin
parameter. This method is compatible with deployment tools such as SCCM, Intune, XenMobile, Baramundi, Workspace ONE, etc. - Minimum Versions Required:
- Citrix Workspace app 2203 LTSR or any cumulative update (CU)
- Citrix Workspace app 2402 LTSR or any cumulative update (CU)
- Citrix Workspace app 2302 CR or later
- For managed devices, deploy the Citrix Workspace app with the
CitrixWorkspaceApp.exe /installMSTeamsPlugin
Installation via Graphical User Interface (GUI):
- During a fresh installation of the Citrix Workspace app, the installer provides an option to install the Microsoft Teams VDI plugin:
- On the Add-on(s) page, select the Install Microsoft Teams VDI plug-in checkbox, then click Install.
- Important Considerations:
- The GUI option to install the plugin is available during a fresh installation with Citrix Workspace app 2402 LTSR.
- For in-place upgrades to present this option, Citrix Workspace app 2405 CR or higher is required.
- During a fresh installation of the Citrix Workspace app, the installer provides an option to install the Microsoft Teams VDI plugin:
Install the plugin via Global App Configuration Service (GACS)
This is a great use case for BYOD. As mentioned before, the Teams plugin can currently only be installed on Windows. To achieve this, you need an active Citrix Cloud account. GACS allows centralized configuration and deployment for both managed and unmanaged endpoints.
Requirement | |
---|---|
Citrix Cloud Account | You must have a valid Citrix Cloud account. If you don’t have one, refer to the Citrix documentation to create it. |
Network Access | The following addresses must be contactable: - https://discovery.cem.cloud.us - https://gacs-discovery.cloud.com - https://gacs-config.cloud.com |
StoreFront URL (On-Premises) | For on-premises StoreFront deployments, the StoreFront URL must be claimed before configuration. |
Citrix Workspace App Version | The minimum supported version is Workspace App 2405 CR. GACS does not support older versions. |
Auto-Update | Auto-update must be enabled for the Workspace App. |
Step-by-Step Settings for claiming your URL
Claim Your Gateway URL in Citrix Cloud
- Log in to your Citrix Cloud account.
- Navigate to the Workspace Configuration, App Configuration section.
- Claim your Gateway URL (e.g.,
xyz.customer.com
).
Create a Responder Action
- On your Netscaler, create a Responder Action.
Bind the Responder Action to a Responder Policy
- Attach the Responder Action to a Responder Policy.
Apply the Responder Policy to Your Gateway
- Assign the Responder Policy to your on-premises Gateway
Verify Your Gateway URL
- Confirm that your Gateway URL has been successfully claimed and is functional within your Citrix Cloud environment.
Configuration settings
Compare your changes (I have enabled the update option for macOS as well)
Virtual Channel plugin manager
With 2407 and later, you can use the Virtual Channel Plugin Manager. This is another great usecase for BYOD.
The plugin manager detects the Teams app running on the VDA and prompts the user with a notification to install the plugin on their endpoint.
Steps
Check Microsoft Teams redirection policy (enabled by default)
Edit Virtual channel plugin manager policy and add:
- Microsoft Teams
On VDA 2407, you need to add the following registry key:
$RegPath = "HKLM:\SOFTWARE\Citrix\HDXMediaStream"
$RegName = "EnableAppDetector"
$RegType = "DWORD"
$RegValue = 1
This can be automated and verified using tools like ControlUp. For further details, see the Troubleshooting section.
With VDA 2411, this registry key is no longer required.
Sources:
Virtual Channel Plugin Manager Overview
Virtual Channel Plugin Manager Configuration
Networking considerations
MsTeamsVdi.exe is the process that makes all the TCP/UDP network connections to the Teams relays/conference servers or other peers.
SlimCore MSIX manifest adds the following rules to the Firewall: <Rule Direction="in" IPProtocol="TCP" Profile="all" />
<Rule Direction="in" IPProtocol="UDP" Profile="all" />
Endpoint connectivity to the following addresses and ports is crucial.
See: New VDI solution for Teams – Microsoft Teams | Microsoft Learn
Category | Required for Endpoint | Addresses | Ports | Notes |
---|---|---|---|---|
Optimize required | Yes | 52.112.0.0/14, 52.122.0.0/15, 2603:1063::/38 | UDP: 3478, 3479, 3480, 3481 | Media Processors and Transport Relay: 3478 (STUN), 3479 (Audio), 3480 (Video), 3481 (Screenshare) |
Allow required | Yes | *.lync.com, *.teams.microsoft.com, teams.microsoft.com 52.112.0.0/14, 52.122.0.0/15, 52.238.119.141/32, 52.244.160.207/32, 2603:1027::/48, 2603:1037::/48, 2603:1047::/48, 2603:1057::/48, 2603:1063::/38, 2620:1ec:6::/48, 2620:1ec:40::/42 | TCP: 443, 80 | Required for communication with Teams services |
Default required | No | *.office.net | TCP: 443, 80 | Used for SlimCore downloads and background effects |
Default required | No | *.skype.com | TCP: 443, 80 | Used for legacy Skype for Business services |
Troubleshooting and deep dive on the whole magic
Please note: If the above steps are not met, Teams will fall back to WebRTC mode (HDX Optimized).
MSTeamsPluginCitrix.dll
The staging and registration relies on the App Readiness Service (ARS) on the endpoint.
By default, even after meeting all the minimum requirements, launching the new Teams for the first time will still start in WebRTC optimized mode.
For the new SlimCore optimization to take effect, two application restarts are required during the initial setup.
The plugin (MsTeamsPluginCitrix.dll
) handles downloading the media engine and SlimCore, which is deployed as an MSIX package. This process runs silently without requiring admin privileges or reboots and installs at:
C:\Program Files (x86)\Citrix\ICA Client\MsTeamsPluginCitrix.dll
To verify the installation, execute the following PowerShell code:
Test-Path "C:\Program Files (x86)\Citrix\ICA Client\MsTeamsPluginCitrix.dll"
If the plugin was manually installed previously, the installation process can sometimes fail. I haven’t been able to reproduce this issue under all circumstances, but if it happens, follow these steps:
Use the Citrix Cleanup Utility to clean up the previous installation.
Reconfigure the Workspace app by running the following command:
CitrixWorkspaceApp.exe /cleaninstall
Also note:
Citrix does not handle the uninstallation of the plugin, regardless of how the plugin was installed. In case of uninstall scenarios, make sure to remove the plugin separately.
Verify the Appx Package
Microsoft stores up to 12 versions of SlimCoreVdi on the endpoint. This ensures compatibility, particularly in Citrix environments where users may access:
- Persistent environments: Where the new Teams can auto-update itself.
- Non-persistent environments: Where auto-updates for new Teams are disabled.
Get-AppxPackage *slimcore* | ft name, installlocation, version
As soon as the virtual channel is established, the MSIX installation is triggered. You can verify this in the Event Viewer logs under
- AppxPackagingOM: Microsoft-Windows-AppXDeploymentServer/Operational
- AppXDeployment-Server: Microsoft-Windows-AppXDeploymentServer/Operational
Verify your Virtual Channel Allow list
(Get-ItemProperty -Path "HKLM:\SOFTWARE\WOW6432Node\Policies\Citrix\VCPolicies" -Name "VirtualChannelWhiteList" -ErrorAction SilentlyContinue).VirtualChannelWhiteList
Bridge to the local client
As soon as the connection to the virtual channel is established, the bridge to the local MsTeamsVdi.exe process is created.
If you’re optimized in Citrix, you can see MsTeamsVdi.exe
running on your endpoint as a child process of wfica32.exe
.
To confirm optimization, use Process Explorer:
- Select
wfica32.exe
in Process Explorer. - Under the View menu, enable Show the lower pane.
- Switch to the DLL tab in the bottom pane.
Here, you should see the plugin (MsTeamsPluginCitrix.dll
) being loaded.
Logfile creation
If the optimization still does not work, you can generate a log file on the VDA using the following key combination:
Ctrl + Alt + Shift + 1
Known Issues
- Screen Capture Protection (SCP) causes the presenter's screen to show as a black screen with only the mouse cursor visible on the receiving side.
- Calls drop on Teams running on the local machine that has an HID peripheral connected if a user launches a virtual desktop from that same local machine and logs into Teams.
- Camera self-preview isn't supported at this time (either under Settings > Devices or while on a call when selecting the down arrow on the camera icon).
- In the Control Panel > Apps > Installed apps on the endpoint, users will see multiple "Microsoft Teams VDI" entries (one for every SlimCore package installed).
- When doing full monitor screen sharing, the call monitor window is visible for the other participants (without any video content inside).
- App sharing sessions might freeze for other participants if the presenter is using both VDA version 2402 and CWA for Windows 2309.1 (or higher versions).
- The issue occurs when a video element is destroyed (e.g., a participant turns off their camera in the middle of the app sharing session).
- If someone turns their camera on, there's no issue because the video element is created, not destroyed.
- If the presenter maximizes the call monitor (which destroys the self-preview of what the presenter is sharing), stopping and resharing the window resolves the issue.
Sources and additional links
New VDI solution for Teams – Microsoft Teams | Microsoft Learn
Collect log files for monitoring and troubleshooting in Teams – Microsoft Teams | Microsoft Learn
Microsoft Teams 2.1 supported for VDI/DaaS
Microsoft SlimCore Optimization | Citrix Virtual Apps and Desktops 7 2411
How to enable Teams Optimization with Microsoft’s new VDI Optimization engine – SlimCore
New Teams optimization for VDI now Generally Available in Citrix environment | Microsoft Community Hub