“Secure Connection Failed” using Firefox to administer NetScaler

When administering different Citrix NetScaler appliances you can run into the below error message.

“Secure Connection Failed” and to be more specific “Error code: sec_error_reused_issuer_and_serial” which basically means that the serial number found within the certificate has already been trusted by you. This makes sense because NetScaler uses a self-signed certificate which is the same across all NetScaler appliances.

image

Read more of this post

Awarded with VMware vExpert 2014

I am very proud to be awarded with the VMware vExpert title of 2014. :-)

Always have been working extensively with VMware products and a huge fan of the VMware product portfolio which once started with VMware ESX 2.5 back in 2006.

VMWare-vExpert-2014-Logo

The annual VMware vExpert title is given to individuals who have significantly contributed to the community of VMware users over the past year. The title is awarded to individuals (not employers) for their commitment to sharing their knowledge and passion for VMware technology above and beyond their job requirements.

Thanks VMware!

https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hlouw_917
https://communities.vmware.com/vexpert.jspa
http://blogs.vmware.com/vmtn/2014/04/vexpert-2014-announcement.html

Block Windows XP using selective Ciphers on Citrix NetScaler

As you probably know Windows XP is no longer being supported by Microsoft. No (security) updates will be made available for Windows XP making it possibly vulnerable for future exploits.

As an organization you will have to decide what you are going to do about these (probably unmanaged) Windows XP workplaces. There will still be a lot of home workers that use Windows XP and see no reason to upgrade since ’’it works fine’’, from an organization perspective these work places could potentially form a threat to the business. Especially when al sorts of direct connections are being made such as SSL/VPN, but let’s not forget the still very popular Citrix client drive mappings.

From a technical stand point of view we can easily block incoming Windows XP connection to our Citrix NetScaler Gateway virtual server or AAA virtual server (or any other SSL publication) using a selective group of Ciphers.

Quoted from Wikipedia: “a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure”.

Read more of this post

Choose your NetScaler … wisely

I spend a lot of my time breaking down the different models of Citrix NetScaler appliances and different Software Editions within the Citrix NetScaler portfolio.

I decided to set up a blog about this since the path is usually pretty much (lengthy but) the same. This does not mean the answer is always easy because there are a lot of questions that need to be answered.

The first thing I would like to get off my chest is the following: Stop seeing/selling the Citrix NetScaler as a replacement for Secure Gateway. It is so much more than that. I often have discussions with various engineers and consultants telling me that Citrix NetScaler is so expensive for a Remote Access solution because Secure Gateway always used to be free. No offense but a Citrix NetScaler solution belongs to the networking department, not the Citrix XenApp sys admin department. Or maybe limited.

Read more of this post

Creating user customizable announcements for NetScaler Access Gateway

A customer would like to designate a number of people for customizing announcements on the Access Gateway Enterprise page.  This way the organization can announce important changes, planned downtime or other announcements. The advantage of this is that a network engineer does not need to be bothered for displaying all sorts of messages on the Access Gateway by fiddling with the files on the appliances.

image

Read more of this post

[BUG] ERROR: Feature(s) not licensed [AAA]

This week I was implementing a pair of Citrix NetScaler Standard Edition appliances, mostly to be used for Access Gateway features. As always I started of with the latest Citrix NetScaler firmware which is 73.5 as of this writing. I was configuring Pre-Authentication Policies within GUI, later on I was testing HA failover and noticed that the Pre-Authentication policies were missing after doing a HA Failover.

netscaler_bug

Read more of this post

To EPA or not to EPA …

For anyone who has not worked with NetScaler Gateway Endpoint Protection Analysis before. It is pre-check before the user get to see the Gateway Logon page it has to comply certain rules that we have programmed the Gateway with. Sometimes I here people say that there is no future for EPA, but I would like to show a use-case which still is actively deployed using NetScaler Gateway and EPA’s.

This feature was already present with the Citrix Access Gateway Advanced using Citrix Advanced Access Control Option Server, yes did it! :-).

What it does is that upon client request it will launch a small piece of Citrix client software to check if the client meets our requirements for connecting. This is triggered by using an ActiveX component within Internet Explorer of Firefox. If the software is not installed it will prompt the user to do so.

Read more of this post

Follow

Get every new post delivered to your Inbox.

Join 44 other followers