Citrix on John Billekens | Notes from the field

HowTo - Update the Citrix FAS Authorization Certificate

Mon, 07 Jul 2025 19:54:57 +0000

group: “Citrix FAS”

When you are using Citrix FAS you will also have a Authorization Certificate. Without this certificate Citrix FAS would not be able to function. The same is applicable when the Authorization Certificate is expired, FAS can no longer do it’s job. When the Authorization Certificate is expired users are no longer able to login. Because FAS cannot request new smartcard certificates for a user.

HowTo - Configure NetScaler ADNS as an Authoritative DNS Server for a Subdomain

Sun, 23 Feb 2025 19:24:49 +0000

group: “NetScaler”

In this HowTo article, we’ll walk through the complete process of configuring a Citrix NetScaler HA pair to serve as an authoritative DNS server for a subdomain. This step-by-step guide covers everything from setting up the Authoritative DNS (ADNS) service on the NetScaler to delegating the subdomain in the parent domain’s DNS management panel. Whether you’re looking to improve DNS resolution performance, gain more control over DNS records, or support advanced NetScaler features, this guide will help you get it done efficiently and securely.

Citrix WorkspaceApp Update Script: Check and Alert for Security Risks

Wed, 28 Aug 2024 19:50:19 +0000

It’s crucial to regularly update your Citrix WorkspaceApp to an up-to date version. Many environments still use outdated versions with significant security vulnerabilities (CVEs). Too often, I encounter environments that are still running old versions, including the antiquated “Receiver” versions. Not updating to a non-vulnerable or recent supported version poses a real security risk!
In many environments, users have company-managed devices, for example managed via Microsoft Intune, which can be updated centrally. These devices are typically kept up to date. The greatest risk lies with non-company-managed devices, such as privately owned laptops or bring-your-own-device (BYOD) systems, where users are responsible for maintaining updates themselves.

HowTo - NetScaler - Upgrade firmware

Sat, 10 Feb 2024 21:00:55 +0000

group: “NetScaler”

Upgrading firmware on time is crucial for the business continuity. Especially when new firmware become available containing fixes for high CVE’s we have seen recently.

This how to guide focuses on upgrading the NetScaler manually. If you are using an ADM appliance or ADM service, you can use those as well, to automatically upgrade the node(s).

HowTo - (Pre upgrade) Cleanup

Sat, 10 Feb 2024 20:57:37 +0000

group: “NetScaler”

Before you start an upgrade. You must make sure to have enough free space available. Although in the GUI you see sometimes that you must have 5 GB available, in my experience you need at least 6,5 GB free space.

HowTo - NetScaler - Create a backup

Mon, 23 Oct 2023 13:07:03 +0000

group: “NetScaler”

A backup can save you a lot of time in case of emergencies, configuration errors or hacks. You could download and save it in a secure environment. And when needed restore a new appliance with the saved backup.

HowTo - NetScaler - Update Certificate

Wed, 18 Oct 2023 13:27:47 +0000

group: “NetScaler”

In this how-to article I will explain the procedure how to update a certificate on a Citrix NetScaler. If you wait until a certificate is expired wil cause a lot of issues for your users or visitors. By being on time with the renewal will save you a lot of trouble.

HowTo - NetScaler - Install Certificate

Wed, 18 Oct 2023 12:38:35 +0000

group: “NetScaler”

In this how-to article I will explain the procedure how to install a new certificate on a Citrix NetScaler. Certificates are an important piece in a secure connection from a client to a server.

HowTo - Windows - Export certificate (pfx)

Wed, 18 Oct 2023 09:45:25 +0000

group: “Windows”

Certificates are an important part of a modern environment. They make communication safer by encrypting the traffic between the client and server. A safe way to move certificates between servers or store them safely is by exporting the certificate (private and public key) to an encrypted format. A commonly used format is “pfx” (Personal Information Exchange also known as PKCS#12). A pfx file can contain one or more certificates and is encrypted with a password. Without the correct password the pfx is useless. You commonly see that a pfx contains a (web) server certificate and one or more intermediate certificate(s) and a root certificate.

Manipulate the 'NameID' SAML content - part 1

Thu, 28 Oct 2021 15:22:45 +0000

Some companies want to allow other (guest) companies to connect to their environment and for example allow them to open a Citrix Desktop. This can be achieved by Connecting an existing Citrix environment to the guest company via SAML (and yes there are other possibilities). SAML is an authentication method based on a two-way trust. Two Microsoft products that can offer SAML authentication are ADFS (Active Directory Federation Services, an on-premises solution) and the other is and Enterprise App you can configure from the Azure portal. The other requirement is Citrix FAS (Federated Authentication Services). In this article I will show you a way to connect a guest (company) via SAML to allow them access to your Citrix environment without the need for adding the guest companies suffix to your domain.

Manage Native OTP tokens via Windows

Tue, 29 Sep 2020 20:36:32 +0000

Today I want to release an early (beta) version of a new tool I created, “OTP4ADC” With this tool you can add, remove or change the native OTP tokens used within your Citrix ADC, previously called NetScaler.

Office Online apparently only supports TLS 1.0

Thu, 20 Sep 2018 19:57:00 +0000

Recently I had to configure a new ~~NetScaler~~ Citrix ADC for a new ~~ShareFile~~ Citrix Files deployment. Two Storage Zone Controllers load balanced via a Citrix ADC with a Content switch. Nothing out of the ordinary. It was when I activated the Office Online functionality on the Storage Zone Controller configuration page the error messages appeared. Each time as we tried to open an office document we got an error “Sorry, there was a problem and we can’t open this document. If this happens again, try opening the document in Microsoft Word.” for Word documents and “We couldn’t find the file you wanted. It’s possible the file was renamed, moved or deleted.” for Excel documents. I followed all the necessary checks as described in a Citrix Files Article. But everything turned out okay, it worked as expected. What could it be? As it turned out to be the NetScaler SSL configuration was configured to high!? I always want that A+ on SSL Labs, the same with this setup. It was when I reverted the Content Switch to it’s default SSL parameters (TLS1.0 and the default Cipher suite) that Office Online started functioning. It could not retrieve the documents from the Storage Zone Controllers and thus it gave me this error messages. Luckily I had a separate Content Switch for internal and external traffic. I only had to lower the SSL settings on the internal Content Switch, this is the Content Switch the Office Online server was communicating with. So I hope Microsoft will add support for TLS 1.2 in Office Online (and give it some updates)

Hide or change "domain user or username@domain.com" text in Storefront, part 2

Tue, 26 Jun 2018 21:08:27 +0000

A while ago I wrote a blog about how to change the “domain\user or username@domain.com” text in Citrix StoreFront. Now I’ve create a small PowerShell script that can do that for you.

Hide or change "domain user or username@domain.com" text in Storefront.

Mon, 15 Jan 2018 12:05:16 +0000

The following was tested om 3.10+ versions, not sure if it works on older or 2.x versions.

Hide the default text
#

You can hide the default text “domain\user or username@domain.com” in the storefront username field. This can be done by simply editing the “custom style.css” file. This file is located in “C:\inetpub\wwwroot\Citrix\Store>Web\custom”. Replace “<Store>” with your own store name. You need to edit each store separately. Add the following to hide the text (1):

Let's Encrypt Certificates on a NetScaler

Thu, 06 Apr 2017 21:25:51 +0000

For a while now it’s possible to use Let’s Encrypt certificates, they are trusted (cross signed), secure and most of all FREE! There are already a lot of tools available to generate these certificates. I haven’t come across a tool or script to generate these certificates and upload them to a Citrix NetScaler. So I thought why not build it myself. I already tried it in a previous attempt, but I wanted more automation and thus I created this version. To learn more about the Let’s Encrypt, check how it works.. What my script does in very basic steps (for example you want a certificate for www.domain.com): Ask LE (Let’s Encrypt) to validate “www.domain.com” (1) LE returns data (2) among them:

Create offline backups of the NetScaler config

Thu, 06 Apr 2017 19:07:59 +0000

I’ve created a PowerShell script that can be used to generate an (offline) backup of a Citrix NetScaler. If you want you can use the supplied batchfile for example to schedule the backup in Scheduled Tasks to run everyday. Some more information about the parameters used:

OptimizeEndpoint

Mon, 16 May 2016 13:40:44 +0000

I’ve been using my “Windows optimize script” for a while now. Most issues are resolved and it’s been tested thoroughly. So I thought why not give it back to the community, so here it is: OptimizeEndpoint. It can be used to optimize Windows 7, 8, 8.1 and 10. (It can also be used for Windows Server versions, but this is not tested) I used the script made by Ingmar Verheij, and made some changes. It contains most of the Citrix XenDesktop Best Practices. Please don’t run the script without reviewing the options, it can damage you master image if you’re not careful! At the top of the image there are some parameters that can be set. Read the comments. Run it on your own risk. If you have issues or questions let me know.

CtxVdStatus Script

Thu, 22 Oct 2015 20:37:44 +0000

Today I decided to put my CtxVdStatus script on GitHub. With this script you can get an overview of your Citrix XenDesktop environment. It helped me to troubleshoot some issues. You can download/view it here

Citrix on John Billekens | Notes from the field

HowTo - Update the Citrix FAS Authorization Certificate

HowTo - Configure NetScaler ADNS as an Authoritative DNS Server for a Subdomain

Citrix WorkspaceApp Update Script: Check and Alert for Security Risks

HowTo - NetScaler - Upgrade firmware

HowTo - (Pre upgrade) Cleanup

HowTo - NetScaler - Create a backup

HowTo - NetScaler - Update Certificate

HowTo - NetScaler - Install Certificate

HowTo - Windows - Export certificate (pfx)

Manipulate the 'NameID' SAML content - part 1

Manage Native OTP tokens via Windows

Office Online apparently only supports TLS 1.0

Hide or change "domain user or username@domain.com" text in Storefront, part 2

Hide or change "domain user or username@domain.com" text in Storefront.

Hide the default text #

Let's Encrypt Certificates on a NetScaler

Create offline backups of the NetScaler config

OptimizeEndpoint

CtxVdStatus Script

Hide the default text
#