A couple weeks ago someone asked me if OTP4ADC could also support encrypted tokens. And at that time I hadn’t done anything with encrypted tokens on a Citrix ADC. And if you not have heard of the OTP4ADC tool/script you can read my initial blog article from when I released the first version and the basics of how it works.
Today I want to release an early (beta) version of a new tool I created, “OTP4ADC” With this tool you can add, remove or change the native OTP tokens used within your Citrix ADC, previously called NetScaler.
A lot of new users used my script after writing my first blog article for Citrix. Since then I made some improvements and continuing to add new features. Today I released the latest version of my “GenLeCertForNS” script. Within this version I solved some issues and improved the overall speed (especially with larger orders).
Recently I had to configure a new NetScaler Citrix ADC for a new ShareFile Citrix Files deployment. Two Storage Zone Controllers load balanced via a Citrix ADC with a Content switch. Nothing out of the ordinary. It was when I activated the Office Online functionality on the Storage Zone Controller configuration page the error messages appeared. Each time as we tried to open an office document we got an error “Sorry, there was a problem and we can’t open this document. If this happens again, try opening the document in Microsoft Word.” for Word documents and “We couldn’t find the file you wanted. It’s possible the file was renamed, moved or deleted.” for Excel documents. I followed all the necessary checks as described in a Citrix Files Article. But everything turned out okay, it worked as expected. What could it be? As it turned out to be the NetScaler SSL configuration was configured to high!? I always want that A+ on SSL Labs, the same with this setup. It was when I reverted the Content Switch to it’s default SSL parameters (TLS1.0 and the default Cipher suite) that Office Online started functioning. It could not retrieve the documents from the Storage Zone Controllers and thus it gave me this error messages. Luckily I had a separate Content Switch for internal and external traffic. I only had to lower the SSL settings on the internal Content Switch, this is the Content Switch the Office Online server was communicating with. So I hope Microsoft will add support for TLS 1.2 in Office Online (and give it some updates)
A while ago I wrote a blog about how to change the “domain\user or username@domain.com” text in Citrix StoreFront. Now I’ve create a small PowerShell script that can do that for you.
The following was tested om 3.10+ versions, not sure if it works on older or 2.x versions.
Hide the default text # You can hide the default text “domain\user or username@domain.com” in the storefront username field. This can be done by simply editing the “custom style.css” file. This file is located in “C:\inetpub\wwwroot\Citrix\Store>Web\custom”. Replace “<Store>” with your own store name. You need to edit each store separately. Add the following to hide the text (1):
For a while now it’s possible to use Let’s Encrypt certificates, they are trusted (cross signed), secure and most of all FREE! There are already a lot of tools available to generate these certificates. I haven’t come across a tool or script to generate these certificates and upload them to a Citrix NetScaler. So I thought why not build it myself. I already tried it in a previous attempt, but I wanted more automation and thus I created this version. To learn more about the Let’s Encrypt, check how it works.. What my script does in very basic steps (for example you want a certificate for www.domain.com): Ask LE (Let’s Encrypt) to validate “www.domain.com” (1) LE returns data (2) among them:
I’ve created a PowerShell script that can be used to generate an (offline) backup of a Citrix NetScaler. If you want you can use the supplied batchfile for example to schedule the backup in Scheduled Tasks to run everyday. Some more information about the parameters used:
Recently I upgraded a couple of MPX NetScalers to a recent 11.1 build at a customers location. During the following day the customer experienced a lot of disconnecting citrix sessions. I did not experience this issue on a VPX appliance. Turned out to be an issue with the “TLS1.2-ECDHE-RSA-AES256-GCM-SHA384” cypher. And because I want to strive for an A+ rating at ssllabs (Scoring an A+ at SSLlabs.com with Citrix NetScaler – 2016 update) this one is in the list. After removing this cypher from the cypher group the customer didn’t experience any disconnects. So I thought to share this one as you may experience it for your self. Please also note this Citrix article: https://support.citrix.com/article/CTX220994
For a while now Windows 10 is supported with RES ONE Workspace 2015 and up. More and more companies are switching from their old versions (Yes, some of them are still using Windows XP) to Windows 10. I’ve done a couple of implementation now and thought to share some of the knowledge I found during these implementations.
