The Good, the Bad and the Ugly
Notes from the field: VMware Horizon Instant Clone and Imprivata OneSign
On a recent project consisting of an VMware Horizon instant clone setup and Imprivata OneSign in the desktop for SSO capabilities I’ve encountered some strange timing issues. Normal logins through the horizon client via connection server would be ok with the OneSign agent online, logins through the UAG without TrueSSO would also be okay. (so…
Notes from the field: Citrix FAS request not supported
On a recent Citrix FAS deployment I’ve encountered the following error: “Request not supported” when logging in to a published application or desktop. Article https://support.citrix.com/article/CTX218941 explains that re-enrollment of the domain controller authentication template or another custom template for Kerberos usage should resolve the error. A little bit of a background on the environment, an…
Notes from the presentations: Modern authentication glued together with Microsoft, Citrix and VMware
Very happy to share my first presentation on Virtual Expo with Erik Bakker, please click the following link for the recording and all other recordings as well. https://xenapptraining.com/members/virtual-expo/2020-09/
Notes from the lab: Microsoft ADFS and VMware UAG
You don’t see many configuration articles around ADFS and UAG and that’s why I would like to share my setup. First things first, I’m expecting that there is an working Horizon environment with True SSO enabled for access to the desktop. And a working ADFS environment to add a new application to test with. My…
Notes from the field: Citrix FAS SSO not working with invalid CRL
Recently I got contacted by a customer who had problems performing an SSO to a newly build desktop environment. The setup a greenfield resource domain and forest trust from an existing tenant with a two way trust. Basically everything was correct but the logon from the users would always get terminated at the desktop with…
Notes from the field: VMware UAG reverse proxy why doesn’t it work!
When configuring VMware UAG as an reverse proxy I’ve encountered some issues last year that as far as I could see wasn’t all to well documented. My reference article for the configuration was the following: https://techzone.vmware.com/configuring-web-reverse-proxy-identity-bridging-vmware-unified-access-gateway-vmware-workspace-one-operational-tutorial#985671 Basically when you follow it to the letter in your test deployment and with a test site you will…
Notes from the field: VMware Horizon Enrollment Server and Core O/S
Recently had an deployment with a customer who has a mandate core o/s deployments are preferred unless the product doesn’t support a core o/s installation. Well for this deployment we created two core o/s subordinate ADCS servers with the enrollment server software installed and configured. Everything is working fine and dandy, no issues and seems…
Notes from the field: VMware Access connector support LDAP Signing and Channel Binding
Quite recently I’ve encountered a random synchronization error that VMware Access connector could not synchronize and would error out with the following error: “Connector communication failed because of invalid data: The specified Bind DN and password could not be used to successfully authenticate against the directory” At first I stumbled upon the known issues list:…
Notes from the field: Citrix XenMobile / Endpoint Management Per App VPN not working for iOS
This was quite a nice one to troubleshoot, turns out there is a new configuration point for per app VPN and iOS devices, at least it was for me. If you follow the configuration at https://www.citrix.com/blogs/2016/04/19/per-app-vpn-with-xenmobile-and-citrix-vpn/#:~:text=With%20the%20iOS%20per%20app,applications%20installed%20on%20the%20device. you’ll end up with a config that won’t open up a VPN when accessing the browser. Solution for this…
Notes from the lab: Windows firewall profile not correct after reboot
Just thought of leaving a quick win here. Did you ever had the firewall profile of Windows not correctly mapped after reboots etc.? This is because after a reboot the Domain Controllers put it in e.g. public profile and this will get passed on to other servers as well. This will effect in not being…
- December 2023
- November 2023
- October 2023
- September 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- May 2022
- April 2022
- February 2022
- December 2021
- November 2021
- August 2021
- July 2021
- May 2021
- March 2021
- February 2021
- January 2021
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- April 2020
- March 2020
- December 2019
- November 2019
- October 2019
- September 2019
- July 2019
- June 2019
- May 2019
- February 2019
- January 2019
- November 2018
- September 2018
- June 2018
- May 2018
- April 2018
- March 2018
- December 2017
- November 2017
- September 2017
- August 2017
- March 2017
- February 2017
- October 2016
- July 2016
- June 2016
- November 2015
- October 2015