Jump to content
Welcome to our new Citrix community!
  • 0

Citrix FAS - Modifying an existing Rule after configuring multiple CAs?


ScubaMiike

Question

Hi All,

 

Hoping someone may have done this before and can shed some light. 

 

We are looking to utilise an existing working FAS environment to support an additional farm within the domain. The FAS configuration uses an updated default rule modified with powershell to involve multiple CA's and is currently working as expected. The use of groups for UserACL and VDAACL has avoided a need to update the rule configuration, however an additional StoreFrontACL entry is required for the new StoreFront server to assert identity.

 

Can the addition of the StoreFront server be completed through the GUI, although the console is half-working as expected having used powershell to implement support for multiple CA's? Anything to watch out for with this?  I can only assume it won't wipe out the existing rule, remove the multiple ca configuration etc or just generally cause grief during the modification process!

 

The documentation seems to allude that this would be ok. https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/secure/federated-authentication-service/fas-config-manage/fas-ca-configuration.html.

 

Appreciate any thoughts from the FAS experts out there,

 

Michael

 

 

 

 

 

 

 

 

Link to comment

3 answers to this question

Recommended Posts

  • 0

Hi Ganesh,

 

Appreciate the reply and thanks for the reference! 

 

Looks like Set-FASRule -name *rulename* -StorefrontACLs will update the configuration. Looking further into SDDL's, i should be able to update to take the current string and append another (A;;CC;;;YYYY) where YYYY is the additional SID to update the rule, making it look like  O:BAG:DUD:P(A;;CC;;;XXXX)(A;;CC;;;YYYY).

 

Looks like this is all supported by the GUI when you have multiple CA's in newer releases which will be handy post upgrade!

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...