Every now and then it’s necessary to actually look into a SSL stream between client and NetScaler to inspect what’s actually happening. I struggled with this topic quite a bit, and documentation (eg. From Citrix) is not always complete. I will not pretend this document covers all, but I had some good successes decrypting traces with the following procedure. If you have any additions please let me know, and I will be happy to add them to this post.
Posts Categorized: Networking
At the moment I’m playing around with Norskale. The environment manager solution Citrix has purchased. It’s free in the platinum edition, and really cool. Ofcourse it immediately took me an evening stumbling upon something nobody wrote about. So there we go:
This article is mainly for my internal documentation (In case it ever happens again 🙂 ) I had some file system issues with my PFSense SG-8860 (which is a very cool firewall).
After a power outage it went in a reboot loop. I had to connect with the USB console cable and then I fixed it with the following commands:
/sbin/fsck -y /
Run it repeatedly until it no longer reports any errors, at least 3 times. Then reboot with:
So this is kind of nerdy but it’s also very cool. And poorly documented, so it’s nice figuring it out. Keeps me off the street 🙂 It is possible to use Google Authenticator as a second factor to authenticate to your NetScaler. And it’s not really hard to implement as well. So if you read Citrix’s blog about it you will see they’re using OpenOTP. The rest of the document is incomplete and give you very little instructions how to install. I will try to write a complete tutorial on how you can acchieve it. Let’s go!
I’m not really into timesyncing but I ran into an issue on my network that my time was off 10 minutes on my DC’s and servers. With the w32tm /query /source command I could see that my machines all were using the DC with the PDC emulator role enabled. The DC was using the VM IC Time Synchronization Provider as time source.
In this tutorial I’ll guide you in securing your management page. The goal of the tut. is making sure the NetScaler Management Page is SSL encrypted and AD Integrated. Meaning you’re able to login with your Active Directory admin account. Let’s go!
This tutorial is about configuring 2-factor authentication on your NetScaler based on user certificates.
At the moment I’m wasting my time setting up a personal lab environment on Microsoft Windows Server 2012 R2 (Hyper-V ofcourse). One of my missions was to setup a NetScaler ADC Developer edition. I had however some strange problems setting up, so it looked like a good idea to share them.
So at this moment we’re setting up a managed file transfer solution which needs some open ports. We would like to test these ports before our consultancy partner arrives to help us implement. We need to test if we can make a connection on a specific number of ports without actually having the software installed that listens on them.
Tutorial: Setting up SSTP on Windows Server 2012 (part 1) – prereqs
In this tutorial I’ll write about how to setup SSTP on Windows Server 2012 in a limited lab environment. It’s not a tough job, although you need some basic RRAS, DNS and Certificate knowledge. Before we start the prereqs: In my lab I use a domain controller which also is my enterprise root CA. My RRAS server is also my Online Responder. I’m going to assume you already installed these roles.