Tag: Citrix
Notes from the field: Citrix NetScaler, partitions, performance, and pain
On a recent joint project with my partner in crime Anton van Pelt there was a long outstanding support issue which needed our dedicated attention. Long story short we have a customer in a nice new greenfield which got migrated from F5 to NetScaler and the introduction of Citrix Gateway and migrated the backend to…
Notes from the field: Citrix Gateway DTLS fail-over UDP/TCP
On a recent troubleshoot a customer complained that after a failover all ICA sessions would do a fallback to TCP and not uplift again to UDP until the DTLS checkmark would be disabled/enabled Well this worked in the past but since 13.0 build 58.x we have the ability to create a DTLS listener VIP for…
Notes from the field: Citrix Gateway Advanced Auth RADIUS SSO not working
In the last couple of months, I came across some NetScaler redeployments regarding the latest CVE and on the other hand moving over from basic policies to advanced policies. For this to work we are depending on the AAA setup with authentication profiles to combine it all with a Citrix Gateway deployment. For RADIUS there…
Notes from the field: The Kerberos chronicles, the one with certificate-based authentication
If you’ve read my previous Kerberos chronicles blogs you see a trend with the Microsoft patches, hardening updates and with this one the upcoming strong mapping / full enforcement mode of certificate-based authentication. See the following article for explanation: KB5014754—Certificate-based authentication changes on Windows domain controllers – Microsoft Support This one is going to have…
Notes from the lab: Some magic, integrating Citrix resources with VMware Access
Like my friend Edwin de Bruin explains in his blog(s): Migrating from Citrix Gateway to VMware Access Workspace One: Part one (debruinonline.net) and Migrating from Citrix Gateway to VMware Access Workspace One: Part Two! (debruinonline.net) he expects me to deliver you all some magic. For this blog I’m going to start with the necessary resource…
Notes from the field: Microsoft Azure MFA Number Matching and the one with NPS extension
Regarding the upcoming change of Microsoft MFA number matching, some customers started to ask me hey what’s going on? Do we need to do something? Is there any impact for our users? Well, the short answer is yes. The long answer is well it depends, can we live with the current setup or is there…
Notes from the lab: Citrix XenMobile 10.15 upgrade fails
Regarding my own XenMobile deployment I had a 10.14 Rolling Patch environment 6 running and updated it to Rolling Patch 9 before the eventual upgrade to 10.15 base. This all is very easy to do and all the required information is presented at Release notes for Rolling Patches | XenMobile Server Current Release (citrix.com) regarding…
Notes from the field: Citrix NetScaler Azure subscription-based licensing
Just a quick blog regarding a deployment model of Citrix NetScaler on Azure. There is an option to use subscription-based licensing for a deployment, meaning you pay by the hour it is running in Azure. See Deploy a Citrix ADC VPX instance on Microsoft Azure for more details. This setup was chosen by a customer…
Notes from the field: The Kerberos chronicles, the one with Citrix NetScaler
The same as my previous Kerberos blog but this time we have Citrix NetScaler in the mix with drumrolls… Kerberos Constrained Delegation henceforth to be known as KCD. This in an setup derived from the following article: Tutorial: Azure Active Directory single sign-on integration with Citrix ADC SAML Connector for Azure AD (Kerberos-based authentication) –…
Notes from the lab: Using VMware Access as IdP for Citrix Gateway
I like to fiddle around with possibilities when it comes to SAML, OAUTH authentications. This all started when a customer engineer triggered me with the possibility of achieving an SSO experience with the Citrix NetScaler and using VMware Access as the source of truth for authentication. Well guess what this works! And even for the…