During an implementation project I found myself in a situation where authentication on my ADFS environment failed, due to the impossibility to perform CRL checking. At that moment we didn’t have access to the outbound proxy yet, so I had to temporarily disable CRL checking for the relying parties. I used the following commands:
Posts Categorized: Tutorials
Every now and then it’s necessary to actually look into a SSL stream between client and NetScaler to inspect what’s actually happening. I struggled with this topic quite a bit, and documentation (eg. From Citrix) is not always complete. I will not pretend this document covers all, but I had some good successes decrypting traces with the following procedure. If you have any additions please let me know, and I will be happy to add them to this post.
I replaced my internal CA and needed to replace all certificates, including the machine certs on my server core machines. I had to replace the domain controller certs, and some machine certs.
So this is one of those topics why I actually started this blog. I’m preparing our environment for a big upgrade off all Citrix Receivers, implement Storefront and decommission our last two webinterface servers. A nice job which already gave me quite a headache. So in this tut I will try to give you the complete tutorial how to implement NSGW with Storefront so the Receiver can actually SSO, and all traffic is routed through the NetScaler Gateway.
So this is kind of nerdy but it’s also very cool. And poorly documented, so it’s nice figuring it out. Keeps me off the street 🙂 It is possible to use Google Authenticator as a second factor to authenticate to your NetScaler. And it’s not really hard to implement as well. So if you read Citrix’s blog about it you will see they’re using OpenOTP. The rest of the document is incomplete and give you very little instructions how to install. I will try to write a complete tutorial on how you can acchieve it. Let’s go!
I’m not really into timesyncing but I ran into an issue on my network that my time was off 10 minutes on my DC’s and servers. With the w32tm /query /source command I could see that my machines all were using the DC with the PDC emulator role enabled. The DC was using the VM IC Time Synchronization Provider as time source.
In this tutorial I’ll guide you in securing your management page. The goal of the tut. is making sure the NetScaler Management Page is SSL encrypted and AD Integrated. Meaning you’re able to login with your Active Directory admin account. Let’s go!
This tutorial is about configuring 2-factor authentication on your NetScaler based on user certificates.
At the moment I’m preparing for my CCE exam and one of the things I like to do is perform several setups. For this tutorial I implemented a XenDesktop & XenApp 7.5 server. A StoreFront server and a virtual NetScaler with a developer license. I already have in place a CA for my self signed certs, the domain joined machines automatically trust the Root CA cert and a Domain Controller is in place.
The goal of the tutorial is to get the StoreFront websites running on SSL. The XML traffic should be encrypted and the NetScaler has to connect to the StoreFront servers through SSL. Let’s start!
At the moment I’m wasting my time setting up a personal lab environment on Microsoft Windows Server 2012 R2 (Hyper-V ofcourse). One of my missions was to setup a NetScaler ADC Developer edition. I had however some strange problems setting up, so it looked like a good idea to share them.
