NetScaler on John Billekens | Notes from the field

HowTo - Configure NetScaler ADNS as an Authoritative DNS Server for a Subdomain

Sun, 23 Feb 2025 19:24:49 +0000

group: “NetScaler”

In this HowTo article, we’ll walk through the complete process of configuring a Citrix NetScaler HA pair to serve as an authoritative DNS server for a subdomain. This step-by-step guide covers everything from setting up the Authoritative DNS (ADNS) service on the NetScaler to delegating the subdomain in the parent domain’s DNS management panel. Whether you’re looking to improve DNS resolution performance, gain more control over DNS records, or support advanced NetScaler features, this guide will help you get it done efficiently and securely.

HowTo - NetScaler - Upgrade firmware

Sat, 10 Feb 2024 21:00:55 +0000

group: “NetScaler”

Upgrading firmware on time is crucial for the business continuity. Especially when new firmware become available containing fixes for high CVE’s we have seen recently.

This how to guide focuses on upgrading the NetScaler manually. If you are using an ADM appliance or ADM service, you can use those as well, to automatically upgrade the node(s).

HowTo - (Pre upgrade) Cleanup

Sat, 10 Feb 2024 20:57:37 +0000

group: “NetScaler”

Before you start an upgrade. You must make sure to have enough free space available. Although in the GUI you see sometimes that you must have 5 GB available, in my experience you need at least 6,5 GB free space.

HowTo - NetScaler - Create a backup

Mon, 23 Oct 2023 13:07:03 +0000

group: “NetScaler”

A backup can save you a lot of time in case of emergencies, configuration errors or hacks. You could download and save it in a secure environment. And when needed restore a new appliance with the saved backup.

HowTo - NetScaler - Update Certificate

Wed, 18 Oct 2023 13:27:47 +0000

group: “NetScaler”

In this how-to article I will explain the procedure how to update a certificate on a Citrix NetScaler. If you wait until a certificate is expired wil cause a lot of issues for your users or visitors. By being on time with the renewal will save you a lot of trouble.

HowTo - NetScaler - Install Certificate

Wed, 18 Oct 2023 12:38:35 +0000

group: “NetScaler”

In this how-to article I will explain the procedure how to install a new certificate on a Citrix NetScaler. Certificates are an important piece in a secure connection from a client to a server.

HowTo - Windows - Export certificate (pfx)

Wed, 18 Oct 2023 09:45:25 +0000

group: “Windows”

Certificates are an important part of a modern environment. They make communication safer by encrypting the traffic between the client and server. A safe way to move certificates between servers or store them safely is by exporting the certificate (private and public key) to an encrypted format. A commonly used format is “pfx” (Personal Information Exchange also known as PKCS#12). A pfx file can contain one or more certificates and is encrypted with a password. Without the correct password the pfx is useless. You commonly see that a pfx contains a (web) server certificate and one or more intermediate certificate(s) and a root certificate.

Manipulate the 'NameID' SAML content - part 1

Thu, 28 Oct 2021 15:22:45 +0000

Some companies want to allow other (guest) companies to connect to their environment and for example allow them to open a Citrix Desktop. This can be achieved by Connecting an existing Citrix environment to the guest company via SAML (and yes there are other possibilities). SAML is an authentication method based on a two-way trust. Two Microsoft products that can offer SAML authentication are ADFS (Active Directory Federation Services, an on-premises solution) and the other is and Enterprise App you can configure from the Azure portal. The other requirement is Citrix FAS (Federated Authentication Services). In this article I will show you a way to connect a guest (company) via SAML to allow them access to your Citrix environment without the need for adding the guest companies suffix to your domain.

Manage Native OTP tokens via Windows, Part 2

Tue, 20 Apr 2021 19:31:56 +0000

A couple weeks ago someone asked me if OTP4ADC could also support encrypted tokens. And at that time I hadn’t done anything with encrypted tokens on a Citrix ADC. And if you not have heard of the OTP4ADC tool/script you can read my initial blog article from when I released the first version and the basics of how it works.

Manage Native OTP tokens via Windows

Tue, 29 Sep 2020 20:36:32 +0000

Today I want to release an early (beta) version of a new tool I created, “OTP4ADC” With this tool you can add, remove or change the native OTP tokens used within your Citrix ADC, previously called NetScaler.

GenLeCertForNS New Update

Wed, 19 Feb 2020 16:42:40 +0000

A lot of new users used my script after writing my first blog article for Citrix. Since then I made some improvements and continuing to add new features. Today I released the latest version of my “GenLeCertForNS” script. Within this version I solved some issues and improved the overall speed (especially with larger orders).

Office Online apparently only supports TLS 1.0

Thu, 20 Sep 2018 19:57:00 +0000

Recently I had to configure a new ~~NetScaler~~ Citrix ADC for a new ~~ShareFile~~ Citrix Files deployment. Two Storage Zone Controllers load balanced via a Citrix ADC with a Content switch. Nothing out of the ordinary. It was when I activated the Office Online functionality on the Storage Zone Controller configuration page the error messages appeared. Each time as we tried to open an office document we got an error “Sorry, there was a problem and we can’t open this document. If this happens again, try opening the document in Microsoft Word.” for Word documents and “We couldn’t find the file you wanted. It’s possible the file was renamed, moved or deleted.” for Excel documents. I followed all the necessary checks as described in a Citrix Files Article. But everything turned out okay, it worked as expected. What could it be? As it turned out to be the NetScaler SSL configuration was configured to high!? I always want that A+ on SSL Labs, the same with this setup. It was when I reverted the Content Switch to it’s default SSL parameters (TLS1.0 and the default Cipher suite) that Office Online started functioning. It could not retrieve the documents from the Storage Zone Controllers and thus it gave me this error messages. Luckily I had a separate Content Switch for internal and external traffic. I only had to lower the SSL settings on the internal Content Switch, this is the Content Switch the Office Online server was communicating with. So I hope Microsoft will add support for TLS 1.2 in Office Online (and give it some updates)

Let's Encrypt Certificates on a NetScaler

Thu, 06 Apr 2017 21:25:51 +0000

For a while now it’s possible to use Let’s Encrypt certificates, they are trusted (cross signed), secure and most of all FREE! There are already a lot of tools available to generate these certificates. I haven’t come across a tool or script to generate these certificates and upload them to a Citrix NetScaler. So I thought why not build it myself. I already tried it in a previous attempt, but I wanted more automation and thus I created this version. To learn more about the Let’s Encrypt, check how it works.. What my script does in very basic steps (for example you want a certificate for www.domain.com): Ask LE (Let’s Encrypt) to validate “www.domain.com” (1) LE returns data (2) among them:

Create offline backups of the NetScaler config

Thu, 06 Apr 2017 19:07:59 +0000

I’ve created a PowerShell script that can be used to generate an (offline) backup of a Citrix NetScaler. If you want you can use the supplied batchfile for example to schedule the backup in Scheduled Tasks to run everyday. Some more information about the parameters used:

Generate an Let's Encrypt certificate what can be used on the NetScaler

Sun, 03 Jul 2016 18:32:28 +0000

Edit 07-04-2017: Check out my new and updated version! I’m trying to create an (PowerShell) script to automate the Let’s Encrypt certificate creation. Specifically for the Citrix NetScaler. Currently still Work In Progress… It’s not yet finished. The prerequisite is that you have a configured NetScaler (http) Content Switch vServer. The script will present you with the required configuration rules (it will also be copied to your clipboard so you only have to copy it in the cli of the NetScaler) For the meantime you can find it on GitHub: GenCertForNS on GitHub More soon (I hope)…