Sunday, October 4, 2015
Windows 10 support -Xendesktop 7.6 FP3
Citrix released recenetly Xendesktop 7.6 FP3 which supports Windows 10 desktops. Here are some more features:
https://www.citrix.com/blogs/2015/10/01/feature-pack-3-for-xenapp-and-xendesktop-7-6-is-now-available/
Have a nice day!
Citrix - X1 Mouse for VDI on tablets - IPAD
It is a dream for every IT worker who uses IPAD to use Windows desktop /Windows server as comfortable as laptop. Citrix released the X1 mouse which helps IT worker more mouse friendly to use Windows desktop
https://www.youtube.com/watch?v=91m3opUBOPM
Have a nice weekend!
Citrix HDX Framehawk for unreliable latency wan links
Citrix has released HDX Framehawk feature in Xenapp/Xendesktop 7.6 FP2 & FP3 releases.
Improves performance of application delivery on low latency wan links. Below video was tested with 150ms latency and 5 % packet loss. https://www.youtube.com/watch?v=LGAiqzJ9548&feature=youtu.be …
Have a nice day!!!!!!
Tuesday, September 1, 2015
Unable to resolve DNS host names - Netscaler
Issue: the name servers have been configured as explained in this article
http://support.citrix.com/article/CTX109556
using the following commands:
From Command Line Interface
- Run the following command to add the DNS name server entries to the NetScaler appliance:
add dns nameServer <Name_Serve_IP_Address> - Run the following command to add the DNS suffix, such as example.com, to be used for all host queries:
add dns suffix <DNS_Suffix>
Solution:
Netscaler was looking for ICMP echo/reply from Name server and hence it was showing the effective state as down.
I enabled the ICMP between Netscalers and Names servers and after that the effective state has changed to UP. Now I am able to resolve DNS host names.
Have a nice Day!
Tuesday, August 18, 2015
Unable to download iOS apps after enrollment - Xenmobile
users were unable to download apps from worxstore after enrolling iOS devices. But they are able to download apps on Android devices.
Issue: APNS ports 2195 and 20196 were opened through proxy. As per Apple, these ports should open directly (without proxy) from Xenmobile Device manager server. Please see the article for reference:
https://support.apple.com/en-us/HT203609
It started working after opening APNS ports directly(without proxy) from Device manger.
Verifying ports:
Login device manager server and open cmd prompt:
telnet gateway.push.apple.com 2195
telnet feedback.push.apple.com 2196
Have a nice Day!!!
Unable to Enroll Android and iOS devices to Xenmobile
Xenmobile -device enrollment was working fine but suddenly it stopped working. Getting the following error device logs
FTUAddAccountActivity:addAccount() called with serverType ACCESS_GATEWAY_EE_PASSWORD_ONLY_WITH_ACCOUNT_SERVICE
FTUAddAccountActivity:Received user name from intent
FTUAddAccountActivity:Received password from Intent
FTUAddAccountActivity:Proceeding to account creation without user intervention.
coreAuthenticateWithAuthn:Got NSC_VPNERROR_COOKIE : 4001
com.citrix.work.vpnutils.VpnDiagnosticHelper:addRoutingTableToSupportBundle: failed because VPN is not connected
Both Android and iOS devices were unable to enroll to Xenmobile MDM. My configuration contains MDM and App controller.
Issue: I couldn't find any wrong in PKI, LDAP configuration and MAM+APPController integration. I went different logs and found that APP controller issue.
MDM only enrollment - Successful
AppController from browser /reciever- Accessible
App Controller with WOrxHome enrollment - failing
MDM+Appcontroller Enrollment -failing
I found that proxy server was down which causing the enrollment failure after intensive debugging. So intermittent solution proxy server info has been removed all Mobility servers including App controllers and has been given direct access to internet for mobility servers. Now we are able to enroll devices after removing proxy info. Hoping my proxy will come back online soon and will be reverted configuration back to proxy.
Have a nice day!
Sunday, August 9, 2015
Home drive and connectors giving error "Unexpected server response format (-104)"-Sharefile
The error "Unexpected server response format (-104)" was popping up when end users clicking the Network and Home drive connectors sharefile application on mobiles after successful authentication(SSO).
Solution:
The sharefile application has been integrated with App controller using Xenmobile SSO. Storage Zone controllers are good and there are no errors on App controller too. I checked the Netscaler configuration of Sharefile and found that the AAA authentication was enabled on "-SF_CIF_SP_LB"(example). The AAA/LDAP authentication is not required on virtual CIFS share LB server when configured Xenmobile SSO.
Traffic Management ---> Virtual Servers ----> _SF_CIF_SP_LB
Edit above virtual server and select "None" under authentication:
the above parameter resolved the issue in my situation..
Have a nice day!!!!!!
Solution:
The sharefile application has been integrated with App controller using Xenmobile SSO. Storage Zone controllers are good and there are no errors on App controller too. I checked the Netscaler configuration of Sharefile and found that the AAA authentication was enabled on "-SF_CIF_SP_LB"(example). The AAA/LDAP authentication is not required on virtual CIFS share LB server when configured Xenmobile SSO.
Traffic Management ---> Virtual Servers ----> _SF_CIF_SP_LB
Edit above virtual server and select "None" under authentication:
the above parameter resolved the issue in my situation..
Have a nice day!!!!!!
Wednesday, August 5, 2015
Worxweb - Accessing Intranet and Interent -failing with error: net::ERR_NAME_NOT_Resolved
I configured worxweb application Tunnel to the internet and Full VPN. I was able to access internet sites but intranet site was failing with "net::ERR_NAME_NOT_Resolved". . Same time it working for another region . I configured traffic policies to proxy on Netscaler.
Solution:
I followed this article and figured out that my error relates to DNS suffixes
http://support.citrix.com/article/CTX136914
Configured DNS suffix for intranet domain on netscaler at
Traffic management ---> DNS --> DNS Suffix
After that Worxweb is working fine for both internet and Intranet.
Have a nice day!!!!!!!
Monday, July 20, 2015
Install .cer Root and Intermediate CA certs - Netscaler
Everyone knows how to install .pfx certs. Recently I came across a situation to install .cer certs on Netscaler. Everywhere I saw single line of instruction that "install certs using Traffic management --->SSL -->Certs--> Install". I tried that but there is no option for .cer certs.
Solution:
This solution is applicable for RootCA and Device CA certs only.
1. Login netscaler and go to Traffic Management Tab
2. Go to SSL tab and click Certificates
3. Click install
4. Select name, certificate file, select PEM ( do not select - Private key file, password)
You are done. Have a nice day!!!1
Tuesday, July 14, 2015
License server has expired. Unable to enroll devices-Citrix Xenmobile
Error: The following error is showing on Citrix Xenmobile Device manage console- "License server has expired "
Solution:
The license server has correct license files. I am able to telnet on license port but console was displaying above error.
I have applied the patch "Patch_900_9997" as recommended in the article http://support.citrix.com/article/CTX141058
Now its working fine.
Have a nice day!
JCE unlimited Strength Jurisdiction Policy is required for iOS MDM to work
Citrix Xenmobile was giving the above error.
Download the respect JCE files from Oracle:
Java 7 - http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
Java 8 - http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
Copy and replace local_policy.jar and US_export_policy.jar from the Unlimited JCEPolicy.zip file to the following location:
C:\Program Files\Java\Jdk1.8.0.45\jre\lib\security
C:\Porgram Files\Java\jr8\lib\security
Have a nice day!
Monday, March 30, 2015
Services down second HA Netscaler Node
Recently I came across an issue that services were down on second HA Netscaler node. Both Netscalers are in same network. I checked and found that "INC"(Inter Network Connection) was enabled which was causing the services to fail on second node.
How to resolve:
INC should be enabled on HA netscalers when both places on different subnet. In my situation both are in same subnet and I don't need it.
How to remove INC...
1. Take backups of Netscaler conf file
2. Break HA by removing second node from Primary node cluster on Primary
3. Break HA by removing primary node from Secondary node cluster on Secondary
3. System -->High Availability --->edit the node as Stay Primay on node where services are running good
4.System -->High Availability --->edit the node as Stay Secondary on node where services are down
5. Remove SNIP address from Network IPs from Secondary node
6. Create HA cluster on Primary node by adding secondary node and deselected "INC"
7. run Action ---> force synchronization
8. Check services on both nodes and they should be okay now
9. Remove Stay Primary and Stay Secondary and Enable active participation.
10. save the configuration
Have a nice day!
How to resolve:
INC should be enabled on HA netscalers when both places on different subnet. In my situation both are in same subnet and I don't need it.
How to remove INC...
1. Take backups of Netscaler conf file
2. Break HA by removing second node from Primary node cluster on Primary
3. Break HA by removing primary node from Secondary node cluster on Secondary
3. System -->High Availability --->edit the node as Stay Primay on node where services are running good
4.System -->High Availability --->edit the node as Stay Secondary on node where services are down
5. Remove SNIP address from Network IPs from Secondary node
6. Create HA cluster on Primary node by adding secondary node and deselected "INC"
7. run Action ---> force synchronization
8. Check services on both nodes and they should be okay now
9. Remove Stay Primary and Stay Secondary and Enable active participation.
10. save the configuration
Have a nice day!
Thursday, March 5, 2015
Desktop Sync & Xenmobile SAML for Sharefile-going to green page
I have configured the Citrix App Controller as SAML provider for Sharefile. SAML login in web browser was going to green(Receiver) page and Desktop Sync was also going to green page during configuration.
Solution:
I have reconfigured the Netscaler and app controller as SAML provider for Sharefile using the following article:
http://support.citrixonline.com/en_US/ShareFile/help_files/SF090017?Title=Configure+ShareFile+Single+Sign-On+with+XenMobile#ConfigNSG
Mainly I followed the Netscaler configuration and unchecked the "Redirect to Home Page". Now SAML authentication directing to Sharefile page in web browser and as well in Desktop Sync too.
Have a nice day!
Monday, February 16, 2015
ShareFile SSO multiple (three) Citrix App Controllers SAML configuration
Recently I came across this scenario:
AD domain - Single
ShareFile Sub domain - Single
Citrix MDM Enrollment - 3 URLS (3 deployments for 3 regions)
Citrix App Controllers -3
I have configured region1 Citrix App Controller as SAML provider for Sharefile. In browser, Sharefile SAML login is working fine for all three regions. MDX Sharefile apps from region1 app controller are working fine but MDX Sharefile apps from other regions App controllers' were failing SSO.
Workaround I used:
I have installed wild card cert as SAML cert on all regions' Citrix App controllers. Configured remaining two app controllers (App & Docs--->Docs--->Sharefile) to reflect the Sharefile domain information. After that I sync up the Sharefile configuration (under docs-Sharefile) on region1 App controller. It is working now Sharefile SSO for MDX apps for all regions.
Importing wild card cert as SAML cert:
First I uploaded the wildcard cert(in .pfx) to the app controller as server certificate. I removed the chain links and exported the cert in .pem format from App Controller. I reimported the pem wild card certificate(no chains) to the app controller as SAML cert on all three regions' App Controllers.
Configuring First Citrix App Controller as SAML provider
FYI..As given below I configured the Sharefile SSO on region1 App Controller :
http://ravichallas.blogspot.com/2015/01/mdx-sharefile-app-sso.html
Have a nice day.
Friday, January 23, 2015
MDX Sharefile APP SSO
MDX ShareFile app has been published for end users. But SSO is not working. I had configured PingFederate as IDP provider for Sharefile and Single Sign On is failing.
As per Citrix, MDX Sharefile App supports only Xenmobile(App Controller) SSO only. Hence I have configured Sharefile SSO using the following articles and it worked like gem..
http://blogs.citrix.com/2014/01/16/xenmobile-sharefile-mobile-app-sso-using-saml/
http://support.citrixonline.com/en_US/sharefile/all_files/SF090017
It supports multiple domains too..For that I have added AD authentication domains on both Netscaler(Under gateway--Policies ---Authentication---LDAP) and App controller (settings --Active Directory) and linked them in Netscaler by binding the LDAP policies to Gateway virtual server.
Have a nice Day...
Tuesday, January 20, 2015
ShareFile SSO failing PingFederate
The PingFederate has been configured as SAML authentication provider for ShareFile.
ShareFile SAML logon link:
https://company.sharefile.com/saml/login
Logon screen was showing up after user passes credentials for Sharefile login even configuring after SSO.
Solution:
In my situation, I was loaded the wrong X.509 certificate.
Get the right certificate from PINGFederate server or copy the cert from PING meta server file.
Replacing:
Login to Sharefle sub domain
go to Admin ------>Configure Single Sign On ----->click "Change" to replace right cert one.
Regards
Monday, January 12, 2015
Users terminated in Citrix App Controller 9.0
Recently all users were terminated in Citrix App Controller after changing user base DN and AD server.
Issue: Users showing in terminated state on app controller
All the
users showing in a terminated state are from a child domain ZZZ.YYY.com
and all not the actual parent domain YYY.com . The "50" users of the parent
domain YYY.com were showing up as Active on App controller
in a active state.
We have deleted the domain
YYY.com on app controller and re added it again after which all the
terminated users were erased and only the "50" users of YYY.com domain were
synced on app controller in a active state.
Please be careful before deleting domain.
Have a nice day!
Wednesday, January 7, 2015
ShareFile SSO SAML configuration ADFS/Xenmobile/PING/OKTA/OneLogin
ShareFile Single Sign-On
ShareFile has added additional Identity Provider (IdP) support to its SAML implementation.ShareFile Single Sign-On can be configured with any SAML 2.0-based federation tool using basic, integrated, or forms authentication.
Please find here information to configure SSO for ShareFile using SAML authentication through the following products.
XenMobile
For configuring ShareFile Single Sign-On with XenMobile, click here.ADFS
For configuring ShareFile Single Sign-On with ADFS, click here.Okta
For configuring ShareFile Single Sign-On with Okta, click here.Ping Federate
For configuring ShareFile Single Sign-On with Ping Federate, click here.OneLogin
For configuring ShareFile Single Sign-On with OneLogin, click here.Here is the link from Citrix for complete article:
http://support.citrixonline.com/en_US/ShareFile/help_files/SF150004?Title=ShareFile+Single+Sign-On
Have a nice day!
Subscribe to:
Posts (Atom)