Category: NetScaler
Notes from the field: Citrix NetScaler, partitions, performance, and pain
On a recent joint project with my partner in crime Anton van Pelt there was a long outstanding support issue which needed our dedicated attention. Long story short we have a customer in a nice new greenfield which got migrated from F5 to NetScaler and the introduction of Citrix Gateway and migrated the backend to…
Notes from the field: Citrix Gateway DTLS fail-over UDP/TCP
On a recent troubleshoot a customer complained that after a failover all ICA sessions would do a fallback to TCP and not uplift again to UDP until the DTLS checkmark would be disabled/enabled Well this worked in the past but since 13.0 build 58.x we have the ability to create a DTLS listener VIP for…
Notes from the field: Microsoft Azure MFA Number Matching and the one with NPS extension
Regarding the upcoming change of Microsoft MFA number matching, some customers started to ask me hey what’s going on? Do we need to do something? Is there any impact for our users? Well, the short answer is yes. The long answer is well it depends, can we live with the current setup or is there…
Notes from the field: Citrix NetScaler Azure subscription-based licensing
Just a quick blog regarding a deployment model of Citrix NetScaler on Azure. There is an option to use subscription-based licensing for a deployment, meaning you pay by the hour it is running in Azure. See Deploy a Citrix ADC VPX instance on Microsoft Azure for more details. This setup was chosen by a customer…
Notes from the field: The Kerberos chronicles, the one with Citrix NetScaler
The same as my previous Kerberos blog but this time we have Citrix NetScaler in the mix with drumrolls… Kerberos Constrained Delegation henceforth to be known as KCD. This in an setup derived from the following article: Tutorial: Azure Active Directory single sign-on integration with Citrix ADC SAML Connector for Azure AD (Kerberos-based authentication) –…
Notes from the lab: Citrix StoreFront 2203 and the cannot complete request
A quick blog regarding my Citrix lab upgrade from Citrix Virtual Apps and Dekstops (CVAD) 1912CU4 to 2203 and the little StoreFront snag I hit. Summary of my setup: Two Delivery controllers Two StoreFront servers cohabitating with Director as well Two FAS servers Two WEM servers One unmanaged VDA worker And a Citrix ADC HA…
Notes from the field: Citrix CEM / XenMobile enabling Certificate Based Authentication (CBA) after enrollment
I think any consultant at some time encountered the scenario of username / password authentication being the only authentication on the Citrix Gateway setup of Citrix CEM / XenMobile. Afterwards advising the customer to use Certificate Based Authentication (CBA) and then also the sad news okay we need to reenroll all your devices for this…
Notes from the field: NetScaler VPX & Intel Xeon Gold
Quite recently I came across an issue when deploying a VPX instance on VMware 6.5, which resulted in a bug of the VPX image and underlying physical hardware. For reference the following hardware was backing the hypervisor: Supermicro SYS-2029U-E1CR25M Intel(R) Xeon(R) Gold 5118 CPU @ 2.30GHz VMware ESXi, 6.5.0, 7967591 with vSAN NetScaler VPX 12.0…
Notes from the field: NetScaler maxloginattempts
Came across a very peculiar issue at a customer in regards to the values: Max Login Attempts Failed Login Timeout As soon as a value has been put in you could not reset it to the default value of 0, not from the GUI or CLI it would just not accept it as a value…
Notes from the lab: NetScaler VPX nsnet_connect prevents logon
When I started to rebuild my lab I came across the most strangest thing when configuring my NetScaler’s again. First a little background regarding my setup: VMware ESXi 6.5u1 Hypervisors NetScaler VPX 1000 Platinum Appliances Distributed vSwitches with vlan trunks enabled Dedicated NSVLAN for management (tagged) Data transport vlan tagged Whilst configuring and setting…