Hi all,

After having a pen test we have report outlining a number of insecure ciphers that have been highlighted with our Netscaler 7500 appliances. I looking in Traffic managment / SSL/Cipher groups I can see there are 104 polices in here.

Are all these polices in use if they are in the list?

Any user can spoof another user on netscaler due to the shared ssh key authentication mechanism. I am using Netscalar 10.5, appreciate any suggestion on how to fix it.

Thanks!

Hello All,

I am about to implement Sharefile with Storage Zone Controllers on premises using the Setup Netscaler for Sharefile wizard.
In the first screen of the wizard in the "Load Balancing Virtual server configuration", there is a checkbox asking to configure Storage Zone Connectors for file shares. I am wondering if I will need to check this option since I will not be configuring any client or deploying XenMobile. What I want sharefile for is to be able configure users in the Sharefile control plane (Citrix Portal) and grant them access to upload documents through this portal. Also I will like to be able to share documents via an url sent in an email.
Would I need to check the connectors check box in my scenario?

Hi

I've done this a few years back but can't remember the procedure. The cert request has been added to the server via iis

Thanks

I need some guidance on Xenapp7.12 server installation.

I installed 2 servers one with storefront and one with other features (Delivery Controller, Licensing, etc)

Now I am stuck with configuartion.

Appreciate your help.

What I want is for users on the laptops to "Not get the error message below"  when they login to Citrix through Netscaler.
Please see details below

Error message
Citrix Receiver

Unable to launch your application. Contact your help desk with the following
information.
Cannot connect to the Citrix XenApp server.Network issues are preventing your
connection. Please try again. If the presists, please call your help desk.

I have laptops that are not joined to the domain.  This is the laptop environment, and this what happens.
1. Windows 7 Ultimate on two laptops and Windows 7 professional  on four laptops
2. Internet Explorer 11
3.Latest OS service packs for Windows 7 ultimate and professional
4. Citrix receiver 3.4 on three laptops and 4.6 on three laptops .
5. Access to Citrix is being done by using https://someserver.citrix.com
6. The laptops users are connecting to the internet using a Wireless Verizon jetpack, there own home wireless, or Verizon MiFi card.
    Then Login to Citrix from https://someserver.citrix.com.
7. After the users Login to Citrix they get the error message above. - If the users randomly try again they " sometimes " can login.
    But not without getting the error above.
8. I can add the Citrix link for Netscaler someserver.citrix.com to Internet Explorer 11 compatibility view, and Trusted Sites .
    However when you exist I.E 11 and go back in the trusted site I added disappears.
9. XenApp6.5 version

We have a netscaler VPX allowing external access to our Citrix environment, we are using gateway direct authentication on the web interface site. the authentication policies on the netscaler are pointing to our ISE radius servers.
We have 2 x domains eame and mod, if an eame user logs in they can connect with no issues, if a mod user logs in they are authenticated but then get the 401 access denied error, i have gone through 100's of posts about this an everything looks fine and works for the eame users any help is appreciated

How you do configure the External and Internal certificates? Now let me state that when I am using .com for the internal domain, everything works, but when I try using a .local for the internal domain which most folks/companies would have in place, I run into all kinds of issues with the certs on the NetScaler and Storefront.
 
I purchased a wildcard cert from GoDaddy and installed in my Netscaler Access Gateway by the way I can hit my VIP, and it loads the older black web interface looking portal - that portion works.
 
When I attempt to log in, I get an HTTP 403 forbidden page right away. Now from the internal network I can navigation to my storefront site which is using a .local domain signed cert and can log in and display my resources with no issues.
 
After every login attempt from the external access gateway site, I get the following event error in the “Citrix Delivery Services” logs on my Storefront server -
 
Failed to run discovery
Citrix.Web.DeliveryServicesProxy.ConfigLoader.DiscoveryServiceException, ReceiverWebConfigLoader, Version=2.6.0.0, Culture=neutral, PublicKeyToken=null
An error occured while contacting the Discovery Service
 
 
I tried binding the internal .local domain signed cert to my Access Gateway virtual server together with the GoDaddy wildcard .com cert but got an error indicating only one binding can be present
 
The same thing for my internal IIS binding for the Storefront server “Default Wed site” can only bind the …

Hi all
 
I have now successfully setup my Citrix Command Center to poll my 3 Netscalers, and send out alerts via E-Mail.
 
However we use an IP Pool of 250 IP's which will get assigned to users using our SSL VPN via Netscaler. When a user disconnects from the VPN, Citrix Command Center detects this under an EntityDown error and e-mails me.

I know I could change the severity of the EntityDown failure, however it does report on legitimate objects within Netscaler.

Does anyone know a way to keep the alerts of EntityDown, but exclude the IP Pool from it?

Many Thanks

Rich

If you have a have a service group member binding that was initially put in as disabled and now you want to enable it - what's the mojo?

bind serviceGroup pg-ord-http order14 8080 -state DISABLED

..and you wish to enable this binding later what's the command?

enable serviceGroup pg-ord-http order14

or..

bind serviceGroup pg-ord-http order14 8080 -state ENABLED

other?

I've got a ticket out with Citrix on this but they are being less than helpful (read: useless).

Here's the situation: we've got a Citrix 7.5 farm with two Storefront servers, two Delivery Controllers and a virtual Netscaler Gateway.  We all connect all day internally to Storefront and launch our desktops/apps with no issue.

But, those of us who go home and try to launch desktops/apps from the externally facing Citrix store are periodically met with the following error messages:

"Cannot Connect to the Citrix XenApp Server.  SSL Error 43: The proxy denied access to" yadda yadda STA yadda "port 1494"
or
"Cannot connect to the Citrix XenApp server. The Citrix SSL server you have selected is not accepting connections."
and then always
"The connection to" yadda yadda "failed with status (Unknown client error 1110)"

You can always get in eventually just by trying a few times.  For me, it's usually three times, but sometimes it's been as many as a dozen times before it worked.  And it happens across all desktops/apps.

The documentation on this issue is wide and suggests a million things.  Citrix just keeps telling me to make sure the STAs match in my Storefront/Netscaler (they do).  Any ideas?

We are in the process of migrating from XenApp 6.5 with Web Interface 5.0 to XenApp 7.x with Storefront 3.0. We've had RSA Risk-based authentication working on the Web Interface for years. Now, we are really struggling to get Storefront, Netscaler and RSA RBA working together. The documentation from RSA is pretty bad, and their support has been less than helpful so far.

Has anybody out there successfully configured this? Can you share some of your config files or other advice?