Posts Categorized: Citrix

Every now and then it’s necessary to actually look into a SSL stream between client and NetScaler to inspect what’s actually happening. I struggled with this topic quite a bit, and documentation (eg. From Citrix) is not always complete. I will not pretend this document covers all, but I had some good successes decrypting traces with the following procedure. If you have any additions please let me know, and I will be happy to add them to this post.

At the moment I’m playing around with Norskale. The environment manager solution Citrix has purchased. It’s free in the platinum edition, and really cool. Ofcourse it immediately took me an evening stumbling upon something nobody wrote about. So there we go:

Today I was building a new PVS image which gave a blue screen every time I booted it from an empty vDisk in Private Image mode.
I wanted to capture a new build. When I disabled the device in PVS it booted just fine from the local hard disk. The blue screen reported an error on the CVhdMp.sys .

Now I know there are a lot of reasons why PVS can blue screen, and you should definitely inspect them if this doesn’t solve your issue. In our case it was just plain and simple annoying Symantec Endpoint Protection (SEP) which needed to be de-installed. After deinstallation I could boot just fine, build my image and installed SEP again in a new version.

Good luck imaging!

So this is one of those topics why I actually started this blog. I’m preparing our environment for a big upgrade off all Citrix Receivers, implement Storefront and decommission our last two webinterface servers. A nice job which already gave me quite a headache. So in this tut I will try to give you the complete tutorial how to implement NSGW with Storefront so the Receiver can actually SSO, and all traffic is routed through the NetScaler Gateway.

So this is kind of nerdy but it’s also very cool. And poorly documented, so it’s nice figuring it out. Keeps me off the street 🙂 It is possible to use Google Authenticator as a second factor to authenticate to your NetScaler. And it’s not really hard to implement as well. So if you read Citrix’s blog about it you will see they’re using OpenOTP. The rest of the document is incomplete and give you very little instructions how to install. I will try to write a complete tutorial on how you can acchieve it. Let’s go!

Momentarily I’m working a lot with NetScaler and SHA256 certificates. I noticed that with the change to SHA256 certs the NetScaler has some difficulties importing. The error you get is: Invalid private key, or PEM pass phrase required for this private key.

At this moment I’m using this command a lot so I thought it would come in handy to write a seperate article about it (easier to find). The command you use to convert a private key to PEM format is……..

In this tutorial I’ll guide you in securing your management page. The goal of the tut. is making sure the NetScaler Management Page is SSL encrypted and AD Integrated. Meaning you’re able to login with your Active Directory admin account. Let’s go!