Category: VMware
Notes from the field: VMware App Volumes LDAP(S) lockout
This is a quick blog to address a lockout issue if you are having troubles with LDAP(S) and or the validation of the certificate. When you want to validate this or for that matter resolve it because you can’t login to the App Volumes Manager anymore do the following on the database: Select the dbo.ldap_domains…
Notes from the field: VMware Access CRL url too long?
This is just a quick post regarding CRL checking in VMware Access. It seems that when you have the “NEW” UI interface enabled there is a bug when you put in a valid CRL location in the lengths of: http://this.ismycrlfilelocation.crl that it would chop the end off and stay at http://this.ismycrlfilelocation and then a faulty…
Notes from the lab: Using VMware Access as IdP for Citrix Gateway
I like to fiddle around with possibilities when it comes to SAML, OAUTH authentications. This all started when a customer engineer triggered me with the possibility of achieving an SSO experience with the Citrix NetScaler and using VMware Access as the source of truth for authentication. Well guess what this works! And even for the…
Notes from the field: VMware Horizon instant clone breaks with Kerberos armoring
On my current customer project we’ve encountered a strange issue when some stricter security policies were implemented. Kerberos armoring was enabled which effectively broke the instant clone process for Windows 10 1809/1909 releases but not for 2009 or 21H2. It all started with a ticket that the image update process in Horizon would error out…
Notes from the lab: Citrix ShareFile and VMware Access SSO
When configuring Citrix ShareFile for an SSO experience with your Microsoft Active Directory setup we have the following guides to use it from Citrix. See How to Configure Single Sign-On (SSO) for ShareFile (citrix.com) Well I’m having my setup with another Identity Provider in my own lab and still want to achieve an managed SSO…
Notes from the lab: VMware UAG content gateway and an A+ rating
In addition to Jesper Alberts his blog a follow up with another custom UAG edge service which has it quirks called the content gateway. For the SEG article see vJAL.nl – Secure Email Gateway Now diving in, when you configure the edge service you have the following options to configure Custom Values for Content Gateway…
Notes from the field: VMware Access Kerberos integration and Office 365
Okay let’s say you have your setup for VMware Access nicely configured with your directory search attribute configured as userPrincipalName because that’s the modern way with all cloud services etc. and configured your inbound Kerberos authentication through the IDP of the Access connector. Everyone is happy and all is working well with external connections, internal…
Notes from the field: VMware Workspace ONE UEM and Android Zero Touch
On a recent project we were implementing Android Zero Touch for out of the box enrollment through WS1 UEM. For a detailed explanation what Android Zero Touch is take a look at the following URL: Zero-touch enrollment for IT admins – Android Enterprise Help When the Zero Touch Portal is enabled through the reseller and…
Notes from the field: VMware Access with VMware UAG and JWT validation
It’s been a while since I’ve retested the setup with validating gateway request with JWT entries, because I thought it was depending on an appliance such as F5 for it to work. See Launching Horizon Resources Through Validating Gateways (vmware.com) I did try and configure it none the less but never got it farther then…
Notes from the field: VMware Access Roles and RBAC bug
On recent projects we where configuring RBAC roles in VMware Access Cloud and stumbled across something annoying which turned out to be a bug. The issue is that when you assign the RBAC roles through super admin, read only admin and directory admin that once added you can’t delete or re-add the same group, it…