John Billekens

It’s crucial to regularly update your Citrix WorkspaceApp to an up-to date version. Many environments still use outdated versions with significant security vulnerabilities (CVEs). Too often, I encounter environments that are still running old versions, including the antiquated “Receiver” versions. Not updating to a non-vulnerable or recent supported version poses a real security risk! In many environments, users have company-managed devices, for example managed via Microsoft Intune, which can be updated centrally. These devices are typically kept up to date. The greatest risk lies with non-company-managed devices, such as privately owned laptops or bring-your-own-device (BYOD) systems, where users are responsible for maintaining updates themselves.

Some companies want to allow other (guest) companies to connect to their environment and for example allow them to open a Citrix Desktop. This can be achieved by Connecting an existing Citrix environment to the guest company via SAML (and yes there are other possibilities). SAML is an authentication method based on a two-way trust. Two Microsoft products that can offer SAML authentication are ADFS (Active Directory Federation Services, an on-premises solution) and the other is and Enterprise App you can configure from the Azure portal. The other requirement is Citrix FAS (Federated Authentication Services). In this article I will show you a way to connect a guest (company) via SAML to allow them access to your Citrix environment without the need for adding the guest companies suffix to your domain. 

A couple weeks ago someone asked me if OTP4ADC could also support encrypted tokens. And at that time I hadn’t done anything with encrypted tokens on a Citrix ADC. And if you not have heard of the OTP4ADC tool/script you can read my initial blog article from when I released the first version and the basics of how it works.

Today I want to release an early (beta) version of a new tool I created, “OTP4ADC” With this tool you can add, remove or change the native OTP tokens used within your Citrix ADC, previously called NetScaler. 

A while ago I was asked to apply FSLogix App Masking at a company to hide MS Office for certain users. Normally with just Active Directory that’s a done deal. But the targets were Intune managed. And since FSLogix Application Masking Is not yet supporting AzureAD we had to find other options.

A lot of new users used my script after writing my first blog article for Citrix. Since then I made some improvements and continuing to add new features. Today I released the latest version of my “GenLeCertForNS” script. Within this version I solved some issues and improved the overall speed (especially with larger orders).

Recently I needed to script some actions for a VM on Nutanix AHV. I wanted to share with you some of the commands I found and used. I created a small function (Wait-NTNXTask) that verifies the task and waits until the task is finished. Pleas note that this is optional and not required to run the commands specified in this blog.

I recently needed to get some NVIDIA GRID license details in PowerShell for a customers monitoring solution. Unfortunately there was no PowerShell script available and also there is no available api to get these details. But I still needed the data in PowerShell, so I created a script that will just do that. It will retrieve the website with details, clean it up and present you with an object with data. Just run the script on you license server (or from another server, but remember to open the firewall port first) and you will get the details. You can find the script here:

Recently I had to configure a new NetScaler Citrix ADC for a new ShareFile Citrix Files deployment. Two Storage Zone Controllers load balanced via a Citrix ADC with a Content switch. Nothing out of the ordinary. It was when I activated the Office Online functionality on the Storage Zone Controller configuration page the error messages appeared. Each time as we tried to open an office document we got an error “Sorry, there was a problem and we can’t open this document. If this happens again, try opening the document in Microsoft Word.” for Word documents and “We couldn’t find the file you wanted. It’s possible the file was renamed, moved or deleted.” for Excel documents. I followed all the necessary checks as described in a Citrix Files Article. But everything turned out okay, it worked as expected. What could it be? As it turned out to be the NetScaler SSL configuration was configured to high!? I always want that A+ on SSL Labs, the same with this setup. It was when I reverted the Content Switch to it’s default SSL parameters (TLS1.0 and the default Cipher suite) that Office Online started functioning. It could not retrieve the documents from the Storage Zone Controllers and thus it gave me this error messages. Luckily I had a separate Content Switch for internal and external traffic. I only had to lower the SSL settings on the internal Content Switch, this is the Content Switch the Office Online server was communicating with. So I hope Microsoft will add support for TLS 1.2 in Office Online (and give it some updates)

A while ago I wrote a blog about how to change the “domain\user or username@domain.com” text in Citrix StoreFront. Now I’ve create a small PowerShell script that can do that for you.