Uncategorized

To install the StoreFront prerequisites, execute the following PowerShell commands on the StoreFront Server. Import-Module ServerManager Add-WindowsFeature –Name Web-Server,Web-WebServer,Web-App-Dev,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Security,Web-Basic-Auth,Web-Windows-Auth,Web-Mgmt-Tools,Web-Scripting-Tools,Web-Http-Redirect,Web-Mgmt-Compat,Web-Metabase,Web-WMI,Web-Lgcy-Scripting

When ADCS uses sha1 for their certificates, you might want to change it to sha254. NOTE: Make sure all your devices support sha256 sha1 sha256 To achieve this enter the following commands in an elivated DOS-box:

psexec \COMPUTERNAME -u domainuser -sd -i 0 “c:Procmon.exe” /accepteula /backingfile c:output.pml /nofilter /quiet Aanmelden met de gebruiker, en afmelden (kan wat langer duren door de logging) Daarna procmon stoppen (om de log file te sluiten) psexec \COMPUTERNAME -u domainuser -sd -i 0 “c:Procmon.exe” Terminate Sysinternals tools benodigd: psexec procmon

Install Hyper-V Server 2012 Core and log in to the console. Configure date and time (select #9). Enable Remote Desktop (select #7). Also select the ‘Less Secure’ option. Configure Remote Management (select #4 then #1).

VM Hardware version 9 or Higher VM Advanced settings add: vhv.enable = “true” hypervisor.cpuid.v0 = “FALSE” (Hyper-V) And in vSphere Webclient enable “Expose hardware assisted virtualization to the guest OS” under CPU.

When logging on to the Citrix Director you have to enter the domain name along with the username and password. If you don’t want to enter the domain name each time you logon you can have it filled in by default. Edit C:inetpubwwwrootDesktopDirectorLogOn.aspx (With admin rights)

I have put together this blog post about Citrix Access Gateway Enterprise Port Configuration to assist people in setting up their firewalls for implementing Access Gateway in one-arm mode. I have found that almost all of Citrix’s documentation covers the Access Gateway / NetScaler straddling the DMZ and the Internal LAN E.G the VIP sits in the DMZ and the SNIP sits in the internal LAN. In Enterprise deployments firewalls are firewalls and NetScalers are NetScalers and security do not like NetScalers trying to be firewalls; although I’m sure they do perfectly fine job of it. So the below article describes what firewall rules you will need to have in place to get a NetScaler working when all its interfaces reside in the DMZ (one-arm single subnet). You should find the diagram useful even if you are not using the model described above. This is a diagram I like to use to explain NetScalers in an HA pair. It shows all the possible routes that traffic could take, not the way traffic flows during normal operation. The VIP and SNIP “float” between the two devices, in reality they exist on both devices but at any given time are only active on whichever node is the primary in the HA pair.

The NetScaler Access Gateway uses a number of IP addresses for various purposes. When Access Gateway is deployed in a DMZ, it is important to understand the role of each. The following table summarises the various types of IP addresses and their roles in a deployment: The following diagram illustrates the firewall port requirements for normal operation when the NetScaler Access Gateway platform is deployed in a DMZ in a two arm deployment, where no MIP is required. Source

NetScaler Network Connections. # At a very high level, considering the actual NetScaler connections to the network, and because of the way that NetScaler functions and can be configured, the NetScaler should be considered a switch, and not a router/firewall. With a switch, you can configure the management IP address on an individual port, responding to just devices reachable through that port, or it can be configured to respond on all ports to devices reachable from every port. With the NetScaler, either in single arm or multi arm deployment scenarios, there is no need to tell the NetScaler that network X is on interface 1/1 and network Y is on interface 1/2 (you can if you wish to, or instructed to by the network security team, by tagging IP addresses to a defined NetScaler VLANs which have specific interfaces assigned), but generally, it will happily use the IP addresses it is configured with on the relevant interfaces. When the NetScaler receives a packet destined for one of its IP addresses, it knows that the network which defines that address is available through the interface on which the request was received. Please Note: I don’t claim to be a NetScaler Guru, or to have the knowledge to make all the bells and whistles of the NetScaler sound into a polyphony, there are others on the Internet who can better provide you with that information. The information here is from my own observations during a standard two arm deployment of Virtual and Physical NetScaler 10 Access Gateways.

Requirements: At least one Domain Controller running Windows Server 2012 with the Active Directory Administrative Center enabled. All Domain Controllers (or servers running AD LDS) must be running Windows Server 2008 R2 or higher. The Forest must be running at Windows Server 2008 R2 functional level. Import the Active Directory modules in PowerShell