Frédéric LOUKA
-
Posts
34 -
Joined
-
Last visited
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by Frédéric LOUKA
-
-
On 2/25/2021 at 1:31 PM, Martin Meier said:
Check your system for ghost NICs or E1000 NICs and remove them.
set devmgr_show_nonpresent_devices=1 start devmgmt.msc
Try to update VMware Tools using another process.
I prefer to use a temporary E1000 NIC to update the Tools.
- Boot vDisk as usual
-
Add an additional E1000 NIC
- use the same virtual network!
- Wait for the VM to install the driver and assign the new NIC an IP-Address
-
Disconnect all VMXnet3 NICs / unplug the virtual cables ?
- Reconnect if using RDP using the temp. IP of the E1000 NIC
-
Update VMware Tools
- DO NOT REBBOT AFTER INSTALLATION !
-
Re-Connect all VMXnet3 NICs / plugin the virtual cables ?
- Reconnect if using RDP using the normal IP of the VM
- Remove the additional E1000 NIC
- Remove the remaining E1000 Ghost NIC from device manager
- Reboot
Hi Martin,
Thank you for this process, it worked for me ! I tried to use the other method, addind the e1000, rebooting the VM and nothing worked, except your process ?
Thank again,
Fred
-
Hello William,
I'm sorry, I do not remember if I solved my problem or deleted the version which gave me the problem....
It was a test version but unfortunately, I'm still in production with a VDA 1912 LTSR CU5 version at the moment.
Fred
-
1
-
-
Hello,
I'm trying to set Netscaler Gateway authentication with Certificates + LDAP.
I bind my policies but I saw that when I was using the RfWebUI Theme (the default one or even a customised one), the login filed was not pre filled with the username information retrieved from the certificate.
With others themes like X1, Green Bubble, it works.
I don't want for the moment to set nfactor (I'll do later) but I would like to know if it's a normal behaviour.
I set the certificate authentication directly on my Gateway vServer (it's on mandatory).
I'm using a Netscaler VPX Premium Edition in NS13.1: Build 37.38.
Thank you for your help,
-
Hello,
I had the same problem with 2019 Server, VDA 2203 LTSR CU1 and PVS 1912 LTSR CU5
After promoting my vDisk from maintenance to test, I was unable to log on with the message
"An attempt was made to logon but the network logon service was not started"
I tried to change and follow the tips provided in this fill (change secret credentials, settings licensing KMS to none) but nothing changed.
As soon as I put my vDisk to maintenance, I'm able to log on.
@Arve, did you find a way to resolve your problem ?
Thanks,
Fred -
Hi,
It was a Windows DHCP server, sorry Mauricio, i don't hane any knowledges about the Linux DHCP....
Fred
-
Hi Mauricio,
Yes Just use the dhcp option 11 and enter your pvs servers.
In addition, this options enable the pvs High availability because you can put several entries.
If i remember you have to configure your pvs server using pxe (in the pvs configuration wizard depending where are the dhcp role installed).
And this is it, you do not need to enter a bootstrap file name.
I hope you'll be able to boot your vms.
Fred
-
Hello,
With latest versions (in my case, PVS 1912 LTSR), it now possible to create a device including the VirtualHostingPoolId setting with this command line:
New-PvsDevice -Name mytargetdevicename -CollectionName Win2019 -SiteName Datacenter1 -VirtualHostingPoolId xxxxxx-xxxx-xxx-xxxxx-xxxxxx -DeviceMac 005056XXXXXX.
I've just tried and I managed to boot my target device from the PVS Console.
Hope it'll help,
Fred
-
Hi,
We followed those steps to build an PVS image (1912 LTSR CU4) with App Layering 2110 :
- Build of the OS Layer with a VM created with UEFI Mode Secure boot enable
- Use of the ImportOsLayer.ps1 script to import the OS Layer into the ELM
- Build of the platform layer with differents agents (WEM, VDA, PVS target device)
- Creation of the template using the composite engine
- Set in the vSphere Connector the template with UEFI Mode Secure boot enable we used to create our targets devices (the same one we use in the Xendesktop Setup Wizard in PVS)
Everything work fine for us following those steps !
-
Hi,
I had the same problem just add the new group in the security tab. After doing this, you'll be able to remove the default group from the security tab AND from the groups tab.
Hope it'll help,
Fred
-
Hello,
Our infrastructure lands on Citrix Hypervisor 8.2, Citrix PVS 1912 LTSR.
We created a Windows 10 Pro VM with UEFI mode enabled, installed our applications and our agents (PVS target Wizard, WEM agent and VDA agent).
When we tried to convert our VM in vDisk, we shutdown the VM and set the boot option on network in the Citrix Hypervisor option boot mode.
When the VM boot, the boot failed and goes directly to UEFI Shell mode....After more investigations, we discovered that the target device was able to catch an IP Address from the DHCP but the process stops at this time.
I also read that I had to configure my DHCP to declare my UEFI Class provider, and that I had to create DHCP strategy (filters) with option 67 different (the bootstrap file is different beetwen UEFI and Legacy BIOS).
If someone experimented this problem......Please ! ;-)
Fred
-
On 4/7/2021 at 9:36 PM, dpalchu521 said:
I had similar issue. Looks like if you have multiple gateways setup in SF it will try to send you for authentication to the default one.
Hello,
I have a similar problem with 2 ADC configured in my Storefronts.
Did you find a workaround to resolve this problem ?
Thank you for your help !
-
Ok thank you Rhonda.
If I resume and please, would you like to correct me if i'm wrong:
- To filter mac address with netscaler gateway, I have to use EPA scan
- The expression in EPA scan is limited to 1499 characters so I cannot add more than 9 mac address
- The use of Data Set or Pattern Set is not possible with EPA Expressions because they use classic syntaxe and Data Set or Pattern Set use default syntaxe
- Filtering mac address using a responder policy is only possible in internal network
Thank you again !
-
Thank you for the time you spend to answer me.
I did not see your message: we may have 100 mac address to add, I think we won't go to the HTTP callout.
I tried to create a responder policy using the CLIENT.ETHER.SRCMAC.EQ(00:50:56:XX:XX:XX).NOT begining without the use of data set but it does not work anymore (ERR connection RESET) and I can't connect to my gateway because I think that the ADC does not see my MAC Address.
-
Thanks, I understand.
Yes I would be interested by an example if it's possible for you, concerning the expressions that runs before....
For a large number of mac addresses a callout might be better => in fact, my customer wishes to enter the address mac of all the users....When you say "callout", what do you mean ? (excuse my poor english ;-))
-
On 3/10/2017 at 4:35 PM, Stefan Wendrich1709156509 said:
Hi,
is it possible to use an pattern set for an epa scan? Like to check if the client mac is allowed? so i can maintain only the pattern set and not the expression in the policy?
Ok, found the articles telling what Paul Blitz wrote.....
-
On 3/10/2017 at 4:35 PM, Stefan Wendrich1709156509 said:
Hi,
is it possible to use an pattern set for an epa scan? Like to check if the client mac is allowed? so i can maintain only the pattern set and not the expression in the policy?
Hi Stephan, I know it's an old question but I'm asking the same question today: what does it mean ? It's not possible so do we have to use advanced EPA policy if it exists ?
Thank you for your answer
-
Hello,
Thank you Rhonda.
One more simple question: is it possible to use pattern set in classic EPA preauthentication ? I saw on the forum it wasn't and I'm trying to use the syntaxe I saw in the topic you followed me but nothing works....
Do I have to use nfactor EPA advanced policy ? Same question, I'm not sure that I can use pattern set in thoses policies....
Fred
-
Hello everybody,
I'm trying to use a data set or data patern set to use in my epa preauthentication policy expression, using address mac filtering.
Because I have a lot of address mac to add and I do not want to add those in my native epa preauth policy.
Fisrt question: is there a caracters limitation in the expression ?
Second question, I try several syntaxes with data set or data pattern set but it seems that i'm not using the good one: if someone could help me to find the good expression to use, it would be great !
Thank you !
Fred
-
On 4/3/2020 at 6:55 PM, Joe Roberts said:
Quick update for 2020. Oddly, even with our newly acquired Premium VPX license you still can't create, much less bind an advanced authentication policy directly to gateway virtual server on ADC 13.0. There's no option for advanced. It will only accept classic policies. As best I can tell the only way to use advanced policies is still to use nFactor, which is only supported on Advanced and Premium licenses. Entering a classical authentication policy now results in explicitly telling me the will be removed in the next release. "Classic authentication policies are deprecated and will be removed in release 13.1. Please use advanced authentication policies (i.e. add/set authentication policy)" Obviously this is concerning.
I had a ticket open with Citrix for a few days, and after a gotomeeting session and reviewing what I was seeing, I was ultimately told not to worry about it. "The warning you were seeing was just a mere warning. It will not impact your policy if you upgrade the version." Hopefully that continues to be the case.
I was able to create advanced session polices this time around, it's just the authentication policies that are a problem. My hope and current assumption is that the message only applies to other areas (like session policies), does not apply to authentication polices, and the devs just opted to (intentionally or not) put the same warning on all instances of classic policy creation, even if it does not apply to that specific policy group. I just wish I could find this clearly documented somewhere.
It looks like they typically release new versions between April and June, so I may just wait until 13.1 comes out before finalizing this config and putting this new server into production. That way in case something changes, we're not unpleasantly surprised.
Hello,
Thank you for the explanations you gave us, it helped me a lot !
Fred
-
Hello,
Same problem for me and for two customers. We used the Mycitrix account to register on citrix.cloud just to be able to manage our license server.
Could Citrix give us the right procedure ? I don't thing that using the onboarding.com changes something because when I click on using mycitrix account, it redirects us to the citrix.cloud.com page....
We have to wait one business day from the Citrix Customer Services, just because they changed the way to reallocate the licenses and manage our license server.....I really don't have the time for this !!!
-
Hello,
I want to use OTP authentication only (I have to enter a pin code on my phone to validate the authentication) for my Netscaler Gateway users. What are the prerequisites ?
Do I need to fully delegate authentication to the Netscaler ? Do I have to configure a callback URL ?
What authentication method do I have to choose on my Storefront Servers ?
Are there other prerequisites ?
Thank you for your help,
Fred
-
Hello, I'm trying to configure my netscaler gateway with radius as only authentication method.
I'm using the Inwebo soft with push notification OTP.
On my gateway, I have to fill the username. In the second fied, I enter something whatever and click Enter. Then, my application on my smartphone asks me to enter my PIN code and generate the OTP for me.
The radius works and when I'm landing on the storefront page, the error messge displays (cannot complete your request).
I configure the Session Profile to use only Radius authentication. On the storefront, I configured my store to use only token authentication method and configure a call back url as it seems to be mandatory...
But what would be the process ? I think I had to delegate the authentication to the netscaler gateway but in this version of the storefront, I do not have the choice to do it only for one store ?
It seems like the storefront tries to validate the authentication through ldap even if I never use my Active Directory credentials.....
Here is the logs attached (I replaced the domain by "domain" and the username by "fmyusername".....
Thank you for your help
-
Hello,
I confirm, this is because we used the Citrix Optimizer tools.
Enabling the Themes Services resolved my problem.
Thank you,
Fred
-
+1 get the same problem and the same errors in the event viewer...
Each new version of this product is bugged, it's more and more annoying..... !
Citrix Smartcard Single Sign On Broken
in Virtual Apps
Posted
Hello,
I'm trying to use Health Smartcard on my Citrix Lab. The smartcard I'm using come from another certificate authoritie, different from my domain's PKI.
I applied the settings to set this authoritie on my domain, bind on my test user account the certificate field on the Subjet Alternative Name of my Username.
I'm now able to open a Windows Session on my domain entering the smartcard pin code. When I launch my Citrix Workspace, it seems that the Workspace is passing through my pin code to the storefront because I'm authenticated and I can see my apps.
When I click on my published desktop, I obtain an error with bad username or password and I can see that the login entered is my domain\username account....Like the Citrix Workspace passed my PIN code but the VDA was waiting for my domain password....
My question is do I have to configure Citrix FAS to make it work ?
I don't know where is my configuration problem...
I hope you'll understand my qestion !
Thank you for your help !
Fred