The IT Stories

Tag: Active Directory

  • Notes from the field: The Kerberos chronicles, the one with certificate-based authentication

    If you’ve read my previous Kerberos chronicles blogs you see a trend with the Microsoft patches, hardening updates and with this one the upcoming strong mapping / full enforcement mode of certificate-based authentication. See the following article for explanation: KB5014754—Certificate-based authentication changes on Windows domain controllers – Microsoft Support This one is going to have…

  • Notes from the field: The Kerberos chronicles, the one with Citrix NetScaler

    The same as my previous Kerberos blog but this time we have Citrix NetScaler in the mix with drumrolls… Kerberos Constrained Delegation henceforth to be known as KCD. This in an setup derived from the following article: Tutorial: Azure Active Directory single sign-on integration with Citrix ADC SAML Connector for Azure AD (Kerberos-based authentication) –…

  • Notes from the field: The Kerberos chronicles, the one with VMware TrueSSO

    After a lengthy and cumbersome troubleshoot on a VMware TrueSSO setup finally had the time to blog this one. In summary the situation with a customer was a working VMware TrueSSO setup which stopped working, after lengthy troubleshooting we opened a support case with VMware and later also with Microsoft. The issue was manifesting in…

  • Notes from the field: The one that Android said no more local

    On one of my projects, we’ve encountered a strange issue regarding domain name resolving. A little background on the canvas painted it’s about a VMware Workspace ONE setup with working web URL’s and UEM enrollments, you name it. We have a nice setup regarding managed devices and these use a per-app VMware tunnel connection to…

  • Notes from the field: VMware Horizon instant clone breaks with Kerberos armoring

    On my current customer project we’ve encountered a strange issue when some stricter security policies were implemented. Kerberos armoring was enabled which effectively broke the instant clone process for Windows 10 1809/1909 releases but not for 2009 or 21H2. It all started with a ticket that the image update process in Horizon would error out…

  • Notes from the field: Another cannot complete your request with Citrix FAS

    We’ve all seen it time and time again some misconfiguration with Citrix StoreFront and/or Citrix FAS and you’ll be getting the cannot complete your request message in your screen. Digging in the StoreFront logs and you’ll be seeing the most interesting messages of error kind in which you would think am I a rocket professor?…

  • Notes from the field: Citrix FAS request not supported

    On a recent Citrix FAS deployment I’ve encountered the following error: “Request not supported” when logging in to a published application or desktop. Article https://support.citrix.com/article/CTX218941 explains that re-enrollment of the domain controller authentication template or another custom template for Kerberos usage should resolve the error. A little bit of a background on the environment, an…

  • Notes from the lab: Windows firewall profile not correct after reboot

    Just thought of leaving a quick win here. Did you ever had the firewall profile of Windows not correctly mapped after reboots etc.? This is because after a reboot the Domain Controllers put it in e.g. public profile and this will get passed on to other servers as well. This will effect in not being…

  • Notes from the field: The unexplained Outlook pop-up

    Quite recently I’ve had an interesting troubleshoot at a customer. The problem was at first that there was an issue in the newly build Exchange 2019 environment that Outlook clients would open up and ask for credentials in a domain joined environment, so the SSO part of WIA isn’t working and it “seemed” to work…