During an implementation project I found myself in a situation where authentication on my ADFS environment failed, due to the impossibility to perform CRL checking. At that moment we didn’t have access to the outbound proxy yet, so I had to temporarily disable CRL checking for the relying parties. I used the following commands:
Every now and then it’s necessary to actually look into a SSL stream between client and NetScaler to inspect what’s actually happening. I struggled with this topic quite a bit, and documentation (eg. From Citrix) is not always complete. I will not pretend this document covers all, but I had some good successes decrypting traces with the following procedure. If you have any additions please let me know, and I will be happy to add them to this post.
I replaced my internal CA and needed to replace all certificates, including the machine certs on my server core machines. I had to replace the domain controller certs, and some machine certs.
At the moment I’m playing around with Norskale. The environment manager solution Citrix has purchased. It’s free in the platinum edition, and really cool. Ofcourse it immediately took me an evening stumbling upon something nobody wrote about. So there we go:
Recently I partnered up with UniTrends to get deeper knowledge of their backup solution. They were so nice to lend me a license so I can play around in my demo lab. Now a demo lab usually isn’t the best hardware around, and so ain’t mine. I immediately ran into an error trying to import my vCenter server. Something about both ESX hosts sharing the same UUID.
Today I was building a new PVS image which gave a blue screen every time I booted it from an empty vDisk in Private Image mode.
I wanted to capture a new build. When I disabled the device in PVS it booted just fine from the local hard disk. The blue screen reported an error on the CVhdMp.sys .
Now I know there are a lot of reasons why PVS can blue screen, and you should definitely inspect them if this doesn’t solve your issue. In our case it was just plain and simple annoying Symantec Endpoint Protection (SEP) which needed to be de-installed. After deinstallation I could boot just fine, build my image and installed SEP again in a new version.
Good luck imaging!
I had to create a SAN cert. If you google you will find a lot of articles telling you to modify your openssl.cfg . You can also do it with a command. I put some special characters in the command because they need to be escaped. You can see below how:
req -newkey rsa:2048 -keyout new_private.key -sha256 -subj "/C=NL/ST=Noord-Holland/L=\'s\-Hertogenbosch/O=Your Organization/OU=I\&CT/CN=common_name.nl/subjectAltName=DNS.1=alternate_name" -out new_certificate_request.csr
You can specify more alternate names by adding more entries:
So another management console installation problem today. This time SQL.
I encountered a SQL server with multiple instances that was using a lot of memory. Some of the instances were not limited in their memory usage. I found a nice SQL query to lookup how much memory the instances were actually using.