Solved

Sharepoint 2010 and Citrix Netscaler

Posted on 2015-02-23
20
338 Views
Last Modified: 2016-10-25
I started at my new company 4 months ago and they have a Sharepoint site which is externally accessible. We also use a Citrix Netscaler to load balance all services. I was told the previous admin was not able to get Sharepoint to work with the Netscaler becuase they keep on getting two login prompts. They ended up setting up a 2007 ISA server to get around this. I have been task to decommision the ISA server and sharepoint is the last remaining app hosted.

Has anyone run into this issue before with Sharepoint and the Netscaler. I wanted to post this question ahead of time so I can start preparing.
0
Comment
Question by:compdigit44
  • 11
  • 8
20 Comments
 
LVL 2

Expert Comment

by:aroddick
ID: 40629990
Hi,

We've just finished a setup of SharePoint 2010 Reverse Proxy. The only feature that doesn't work that we've identified is the 'SharePoint Sites Connect to Office' which uses WebDav.

We also use OWA Reverse Proxy (for externals and non-domain computers). Citrix StoreFront and the 'full tunnel' VPN (for staff with domain computers).

We're running 10.1 on the Netscaler, planning to in-place upgrade to 10.5

How far into it are you? I'm by no means an expert, learning on the fly but I'm happy to help if I can.

Cheers,

Adam
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40631686
We have Netscaler 10.1 as well. I am in the planing phase and we have a large Netscaler HA environment. The external landing page points to an IP on the ISA server.  

1) Would the login page when not  going through Citrix?
2) What are your vServer settings for Sharepoint to avoid the double prompt issue
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40631921
Just has an idea. I can easily test this without impact production my setup a vserver on our Netscaler and access the VIP by IP only from the outside while users sill use the DNS name associated with the ISA server!!!!
0
 
LVL 2

Expert Comment

by:aroddick
ID: 40632228
Hang tight, writing something up for you with screenshots to show you how we've got it configured.
0
 
LVL 2

Expert Comment

by:aroddick
ID: 40632504
I don't know how much of the attached will be useful to you but it might be a start. There is more to our configuration because we have SMS/Token 2-factor and Client Certificate checks but I've tried to grab the core part.

Assuming your Netscaler config is OK there were a couple of tweaks we had to do to the SharePoint farm, I'll check with our SP person to see if they have anything documented.
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40633026
Wow.. thanks...
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40633481
I found this article online from Microsoft on setting reverse proxy for Sharepoint with the Netscaler... Is this basically what you did???

http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/deployment-guide-netscaler-office-365-en.pdf?accessmode=direct
0
 
LVL 2

Expert Comment

by:aroddick
ID: 40634467
Did my Word Doc attachment upload correctly?

Our SharePoint person just confirmed we actually didn't end up needing to do anything with the SP Farm except that we were using http://sharepoint internally and had to make the switch to https://sharepoint (silly design choice when SP was first implemented).

I haven't seen the guide you linked before. It looks similar though guides are always a little more generic than how our own solution ends up.A little annoying that the pictures in that guide are so blurry.
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40635203
I never saw the word doc... Did you upload it????
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40637577
Our ISA 2006 server presents using with a Forms Based authentication page... when moving to the Netscaler this would be lost. How did you handle this in your orginaztion
0
 
LVL 2

Accepted Solution

by:
aroddick earned 500 total points
ID: 40638588
Trying the attachment again.
EE-Citrix-SharePoint.docx
0
 
LVL 2

Expert Comment

by:aroddick
ID: 40638595
I can't help you on the Forms Auth sorry, we have it disabled in IIS.
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40638604
I guess what I am trying to say is with ISA is give you the default login page... We are not using FBA at all.... When users log in external are they getting a plan windows login prompt???
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40638606
I am starting to look though your Word Doc.. So in short you created a LDAP policy which authenticates users upfront... correct


Never used a LDAP policy before

Is this what you are referencing on page 2 of your rword doc


Thanks again for everything .....
0
 
LVL 2

Expert Comment

by:aroddick
ID: 40638697
In response to your ISA question:

So, users will get the black Netscaler Gateway login page, once they log in successfully there they will have:
1. On a domain computer, pass-through authentication so they don't get any further credential prompts from Windows or IE.
2. Non domain computers get repeated prompts as they connect to team sites or open up documents.

Is that what you meant?

Also, my pleasure - I hope it is some small help. Netscaler is such a seriously steep learning curve -_-
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40640400
I am working through your Word document now. So the AAA vServer really hold the LDAP policy that's it.. We already a a vserver in our DMZ that does LDAP. Could I some how piggy back of this??? I am also waiting on or Security team to open ports in the fireall for me
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40641758
Here is my concern. We already have a load balanced vserver that host LDAP and applications reference it by IP. With the AAA vServer is need the FQDN of the LDAP connection. Do I need to now have a external DNS record for me LDAP vserver or can this just be a local host entry on the Netscaler.

Thank you so much for all of your help......
0
 
LVL 2

Expert Comment

by:aroddick
ID: 40648539
Sorry for the late reply, LDAP not needed externally, it all happens from the SNIP to the internal network - did you work it all out? :)
0
 
LVL 19

Author Comment

by:compdigit44
ID: 40650302
HOw did you set it up with out LDAP??? Some type of authentication source needs to be listed?
0
 

Expert Comment

by:robertarenson
ID: 41600358
aroddick, we are having a similar issue, would love to see the doc that you originally posted, it may help us out on our problem which is almost exact to this issue. I tried the link but since it is a year old it only comes up to a blank page.

Thanks again

Brian
0

Join & Write a Comment

After several days of searching and hunting for limited documentation, I wanted to share this guide to hopefully save someone the hassle of trying to figure this out on their own. I have tested this on Xendesktop 7.1 and PS 4.5 running simultaneous…
Citrix XenDesktop, Citrix Studio, Citrix Policies, Citrix XenApp
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now