Tag: Gateway
Notes from the field: Citrix Gateway DTLS fail-over UDP/TCP
On a recent troubleshoot a customer complained that after a failover all ICA sessions would do a fallback to TCP and not uplift again to UDP until the DTLS checkmark would be disabled/enabled Well this worked in the past but since 13.0 build 58.x we have the ability to create a DTLS listener VIP for…
Notes from the field: Citrix Gateway Advanced Auth RADIUS SSO not working
In the last couple of months, I came across some NetScaler redeployments regarding the latest CVE and on the other hand moving over from basic policies to advanced policies. For this to work we are depending on the AAA setup with authentication profiles to combine it all with a Citrix Gateway deployment. For RADIUS there…
Notes from the lab: Some magic, integrating Citrix resources with VMware Access
Like my friend Edwin de Bruin explains in his blog(s): Migrating from Citrix Gateway to VMware Access Workspace One: Part one (debruinonline.net) and Migrating from Citrix Gateway to VMware Access Workspace One: Part Two! (debruinonline.net) he expects me to deliver you all some magic. For this blog I’m going to start with the necessary resource…
Notes from the field: Microsoft Azure MFA Number Matching and the one with NPS extension
Regarding the upcoming change of Microsoft MFA number matching, some customers started to ask me hey what’s going on? Do we need to do something? Is there any impact for our users? Well, the short answer is yes. The long answer is well it depends, can we live with the current setup or is there…
Notes from the lab: Using VMware Access as IdP for Citrix Gateway
I like to fiddle around with possibilities when it comes to SAML, OAUTH authentications. This all started when a customer engineer triggered me with the possibility of achieving an SSO experience with the Citrix NetScaler and using VMware Access as the source of truth for authentication. Well guess what this works! And even for the…
Notes from the lab: Citrix StoreFront 2203 and the cannot complete request
A quick blog regarding my Citrix lab upgrade from Citrix Virtual Apps and Dekstops (CVAD) 1912CU4 to 2203 and the little StoreFront snag I hit. Summary of my setup: Two Delivery controllers Two StoreFront servers cohabitating with Director as well Two FAS servers Two WEM servers One unmanaged VDA worker And a Citrix ADC HA…
Notes from the field: Citrix CEM / XenMobile enabling Certificate Based Authentication (CBA) after enrollment
I think any consultant at some time encountered the scenario of username / password authentication being the only authentication on the Citrix Gateway setup of Citrix CEM / XenMobile. Afterwards advising the customer to use Certificate Based Authentication (CBA) and then also the sad news okay we need to reenroll all your devices for this…
Notes from the field: Citrix StoreFront forcing connections through Citrix Gateway
On a recent customer project there was the need to migrate off of VDA TLS encryption and migrate the connections from StoreFront to Citrix Gateway. The customer previously had StoreFront direct connections and used the VDA TLS encryption setup to provide a TLS encrypted session to the desktop or applications. The VDA TLS encryption setup…
Notes from the lab: Citrix ADC Native Push OTP not working
I’ve updated my lab environment with Citrix Gateway push OTP support and had some trouble in configuring the Citrix SSO app on my iPhone. For some reason it couldn’t setup the gateway connection and it wasn’t reachable. (Well that was my bad in checking all my devices but I’ll get to that) Before the push…
Notes from the field: Citrix ADC Gateway Native OTP with GSLB
Fun quick fact that I’ve encountered when deploying a ADC Gateway GSLB setup for a customer! You only have to enroll once with the nFactor/Native OTP on one of the ADC’s. (when having a Active Directory Domain across multiple datacenter sites) The setup of choice: Two ADC appliances in HA set on each site GSLB…