Hi,


I have  Citrix version 6.0 with NetScaler (5500). How can I connect directly to a Citrix server without pass by NetScaler?

Thanks

We are moving to Netscaler 11.1 using StoreFront 3.15 with a backend of XenApp 6.5.

Trying to find the best way/documentation to understand the best way to follow a session.  It used to be use the Secure Gateway logs and the STA logs.  But with the new flow, having a hard time finding logs to follow a session from end to end.  Or, is this type of logging not on by default and needs to be enabled.  Any help is appreciated.

It will help once I get logging into Splunk for the NetScaler and StoreFront, but as noted until I know what logs are useful and how to get them there, this isn't going to help me.

Once we get this working, will need to complete our new XenApp 7.15 and provision endpoints there from NetScaler and Storefront, so really would like to get a handle on the flow now.

Thanks in advance.

We have newly deployed Xenapp 7.15 LTSR CU3 on Windows 2016 OS. While launching published applications through Storefront from Win 2016 VDA, our session stuck on Windows Sign in prompt. We are not getting user id & password option. We do have RDS security policy is in place “Always prompt for password upon connection”.
But while launching published desktops, we are getting prompt to enter userid & password options. Does anyone has seen this issue?
We are using NetScaler VPX.
We identified the Issue: We do have RDS security policy is in place “Always prompt for password upon connection”.
If we disabled this policy, issues has been resolved.
But as per security team, this policy is must.
Do we have any Citrix article where it confirmed that, this policy has to disable?

we are planning to deploy a VDI solution using the Citrix xendesktop and Xenapp. we have purchased a Netscaler VPX to load balance the storefront server. we will have two storefront servers load balanced by the netscaler VPX. since it a small environment for 300 clients we are planning to install the storefront and the delivery controllers on the same machines. now my question is can I load even the delivery controllers that the storefront server uses by the same netscaler vpx.

I want to create two VIP on the netscaler VPX. one to load balance storefront servers that users use. the second VIP that Storefront used to load balance the Delivery controllers that are installed on the same servers.

thanks

we have 1 internal ADFS Server on our primary data center and secondary ADFS in our secondary data center, and traffic is redirected from office 365 to our internal ADFS Server through netscaler which is acting as reverse proxy.

In order to protect our internal ADFS server from any any outside sporadic attack, we need to set up external proxy adfs server

can you define the steps needed to streamline traffic from external ADFS Proxy server to our internal ADFS Server.

regarding setting up relying party trust etc.

Hello.  We have a discrepency on the order of steps we need to enable FIPS in a HA setup for Netscaler MPX9700.  These are running version 11.1.

From the Articles, such as https://docs.citrix.com/en-us/netscaler/12-1/ssl/fips/configure-fips-ha.html and https://docs.citrix.com/en-us/netscaler/12/getting-started-with-netscaler/configure-fips-first-time.html, it reads as though you start with the HSM/FIPS module and then the HA portion of the GUI.  We are planning to use a WildCard for the certificate on the FIPS module and the URL's provided to users.

However; from research a co-worker insists that the HA portion through the GUI needs to be setup first, and then do the HSM/FIPS portion.

Any clarification from experience is appreciated.

Hey

I am newbie to Citrix Netscaler. ;)

I have create a loadbalancer to some https servers. I works as expected.

Is it possible to use content switching on the VIP (of the loadbalancer i just created)?

https://my.domain.com -> VIP -> 10.10.10.10
https://* -> VIP -> (to one of the https servers)

Thanks in advance.

Mike

Citrix error "There are no apps or desktops available to you at this time"
Citrix XenApp 7.15 LTSR
NetScaler 12.1 VPX
SSO configured through GPO's.
When login to StoreFront URL is working fine.
But login to NetScaler StoreFront load balance URL is giving above Error.
https://support.citrix.com/article/CTX133982 
https://support.citrix.com/article/CTX200583
https://support.citrix.com/article/CTX233380
Configured SSO as per CTX133982 and followed CTX200583 /CTX233380
Please suggest.

How can we use the secondary Citrix NetScaler Server, in an H.A. pair to safely test out new configurations before the same changes are propagated to the other NetScaler?

We have 2 x version 12.0 Citrix NetScaler Servers in our environment.  They both are setup for auto-sync and propagation by default; but according to websites:

- https://support.citrix.com/article/CTX124439 
- https://docs.citrix.com/zh-cn/netscaler/11/system/high-availability-introduction/configuring-command-propagation-high-availability.html

There are commands to that can be executed to turn the HA Sync and HA Propagation off and then back on later.  At my company we would like to test out a 2 factor authentication option (during a planned maintenance window) and see how that works before it is available for all of the users.  I am thinking of doing the following:

1.  Enable the 2 factor authentication settings on the Authentication server.
       a.  Whatever it may be, that is a separate topic from this question.

2.  Then after the Authentication server is ready, disable auto-sync and auto-propagation on the NetScaler HA-Pair.

3.  Then configure the secondary NetScaler to work with the 2nd factor Authentication server.
        a.  Then plan a maintenance window to temporarily make the secondary NetScaler Server into the new primary NetScaler Server.
        b.  When I fail over the primary server, the secondary server will then become the new 'primary' server …

How can I completely disable IPv6 from all network adapters on a Windows 7 Pro. computer?  The use this method to roll-out that configuration change to hundreds of computers?  Is there perhaps a script?

What I am looking for is to disable or un-check the ipv6 settings.


I want it to be grey'd out or disabled.


According to web page: https://techjourney.net/disable-turn-off-ipv6-support-in-windows-10-8-1-8-7-vista/

I have tried opening a command prompt as administrator and running

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" /v DisabledComponents /t REG_DWORD /d 0x000000FF /f

Select all Open in new window

But after I run this command I think IPv6 is disabled partly; but, I still see the check mark on the adapters indicating that it is still enabled.  

Question1: How can I disable the ipv6 for all adapters on a windows 7 Pro. PC?  My manager specifically asked me to do the un-check box, to make it look disabled.

Question2:  How can I use that method for a mass deployment to change the config on hundreds of devices?

Question3:  How can I verify that IPv6 is indeed disabled?

Before the registry changes, if I ran an ipconfig all, under "Ethernet adapter Local Area Connection"  I saw
IPv4 Address. . . . . . . . . . . :  ###.##.##.###
Then I saw
DHCPv6 Client DUID. . . . . . . . : ##-##-##-##-##-##-##-##-##-##-##-##-##-##

After the Registry changes, I do not see any reference to DHCPv6 Client DUID. . . . . . . . : ##-##-##-##-##-##-##-##-##-##-##-##-##-##

On  a netscaler 16500 - suppose I want to traffic to https://yaya.foo.com/whatdoyouknow to redirect to https://www.sharktown.com/whatdoyouknow. But the same mechanism would deliver https://yaya.foo.com/somwhere to redirect to https://www.sharktown.com/somewhere. What would I need to cofigure? thank you

How to setup an AAA server?

I have a project on the horizon that involves setting up Dual Factor Authentication on a Citrix NetScaler Server.  I have a rough outline from: https://www.carlstalhood.com/nfactor-authentication-for-netscaler-gateway-12/

But questions today are regarding setting up an Authentication server from scratch.  I have never setup or used an AAA server or RADIUS server before.

Question1:  Will I need to simply setup a Windows 2012 R2 or 2016 Server with the Remote Access Server role?

Quesiton2:  Will I need a certificate from a Certificate Authority?

Question3:  What is required for this AAA server to work with NetScaler?  All NetScaler configuration is separate from this question.