Marc Kuhn
-
Posts
208 -
Joined
-
Last visited
-
Days Won
6
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by Marc Kuhn
-
-
-
Hi Arnaud
i followed the article and now i'm able to open Secure Hub with my user again, but it doesn't behave correct. I'm not asked to configure a PIN and the Secure Mail isn't able to connect. It's very strange because i was able to use Secure Mail after the Netscaler Update, which was made a couple of weeks ago.
Also the Analyzer shows still the same error, so this is the correct place, but seems to be an issue with the ADC, so i will downgrade to 79.64. Also i saw that the new current app version 21.9.0 seems to be buggy, at least i do not have any settings to make when i update the app with this version. So i will also use an older one with 21.6.0.
Let's see how that works.
Best regards,
Marc -
Hi Arnaud
thanks for your feedback. On the XMS Server the check gives me this:
on the ADC i see these error's:
These error's i think are related to the firmware of the ADC, the LDAP checks are all red, but are working correctly.
I saw this article here: XenMobile Android Enterprise & iOS devices failed to enroll after ADC upgrade to 13.0-82.41+ or 12.1-62.23+ (citrix.com)
Could that probably an issue?
Many thanks for your feedback.
Best regards,
Marc -
By the way, i just updated the Server after the issue was here also the XenMobile to 10.14.0.6. The ADC is 13.0-82.45
-
Hi guys
i have a new XenMobile (On-Prem) Server up and running and did some testings. Yesterday everything worked fine, but today i'm not able anymore to enroll a new iOS device (don't have setup Android). The process stops after installing the profile and get back to the Citrix Secure Hub. Instead of getting the screen where i can define the PIN i receive the login prompt again and i'm not able to login there. When i run the XenMobile Analyzer i receive this:
Can someone point to the right direction what could cause this?
Many thanks for your help
Best regards,
Marc
-
Hi
is there anybody who was able to configure this shortcuts with the OMA-URI in Intune for the Citrix Workspace App? Citrix Support told me they don't support Intune and Microsoft Support doesn't know what the issue could be :-).
I'm wondering if there is a solution for that or if we need to configure it with reg-key's, which isn't that pretty.
Many thanks for any feedback.
Best regards,
Marc -
Hi Rick
i'm fighting with the same issue. I was able to ingest both ADMX files and configure a Demo SAML Store with a OMA-URI, but the one for the shortcuts aren't configured successfully:
These are my settings for that:
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Citrix~Policy~ICAClient~SelfService/Policy_EnableAppShortCut
Value (String): <enabled/> <data id="Part_PutShortcutsOnDesktop" value="True"/><data id="Part_PutShortcutsInstartmenu" value="False"/>
From what i was checking in the Registry the OMA-URI should be okey. I think i will try to get it done with the support. By the way, if you are in a hurry, you might want to use one of the others methods listed in Carl's article: Citrix Workspace app 2106 – Carl Stalhood
Best regards,
Marc -
Hi Mike
i'm also trying to configure the Citrix Workspace App with Intune and Ingest the ADMX Templates. Where you able to configure it or not? I'm able to ingest both ADMX Files and also configure a Store with this OMA-URI:
But the following setting isn't working:
OMA-URI: ./Device/Vendor/MSFT/Policy/Config/Citrix~Policy~ICAClient~SelfService/Policy_EnableAppShortCut
Value (String): <enabled/> <data id="Part_PutShortcutsOnDesktop" value="True"/><data id="Part_PutShortcutsInstartmenu" value="False"/>
Many thanks for your feedback
Best regards,
Marc
-
Hi all
many thanks for those registry keys. With that i was able to resolve the issue for my users. I only knew from 1, but turned out we had 4 users with the same issue, which i was able to solve.
Thanks a lot for your help, much appreciated!
Best regards,
Marc
-
Hi
we are building up the same. But currently using Microsoft Always On VPN Device & User Tunnel as those can be established at the same time.
Also we are looking currently into Conditional Access with Azure MFA to improve Security.
Best regards
Marc
-
Hi guys
we having a Citrix CVAD 1912 LTSR CU1 environment with Server 2016 and Published Desktop configured and installed MS Teams according to the docs from Citrix. Everything is working fine except the Videostream of the Meeting Members (internal and external), when the Users are working in the office and in Citrix. From Homeoffice it is working just fine, but in the office we having difficulties with it.
We have HP ThinClients t630 with Windows 10 and the Citrix Workspace App 21.02.0.25 installed on it, no Proxy is set (automatically detect is not checked). A check with the Powershell script from ControlUp is showing this:
From the Office-LAN we have configured the following ports according to this guide:
Office 365 URLs and IP address ranges - Microsoft 365 Enterprise | Microsoft Docs
Does anybody else having a similar issue? Also while Teams Client within Citrix (Optimized) isn't working properly when using Teams on the Notebook it is just working fine. Are there any other firewall ports we need to implement for Teams redirected from Citrix via Citrix Workspace App?
Many thanks for any hints
Marc
-
Hi all
if anybody is searching for the same, in firmware 13.0-71.44 you can change this behavior following:
• Add a custom portal theme based on RfWebUI (if not done already)
add vpn portalTheme cust_rf -baseTheme RfWebUI
• Edit the custom theme config to change default view to desktops.
In /var/netscaler/logon/themes/cust_rf/plugins.xml, replace defaultView="apps" to with defaultView="desktops"
• Bind the new custom portal theme to vpn vserver. (f not done already)
bind vpn vserver <vpnvs> -portalTheme cust_rf
Best regards,
Marc
-
Hi Sjoerd
many thanks for sharing that. I will be able to take a look this thursday and let you know.
Best regards,
Marc
-
Hi guys
it turned out that this is a know issue in version 21.1 and 21.2. In the latest version 21.3.1.1 the VPN is working as expected.
Best regards,
Marc- 1
-
Hi Rowland
many thanks for your feedback. I was thinking that this isn't possible. This is also a nice description about how EPA is working:
Netscaler Endpoint Analyse (EPA) Pre-Authentication bypassing! – the kolbicz blog
Best regards,
Marc
-
Hi guys
do you know if there is an EPA Pre-Auth Configuration to check, with which browser the user is trying to access the Netscaler Login Page? I read this article, but this only checks if the Browser is running on the client and not if the website is opened with that browser:
Citrix NetScaler EPA (End Point Analysis) | Blog Bujarra.com
Checking if the browser is installed or is running wouldn't help me. What i would need is check if the user is trying to access the website with a secure browser or not.
Many thanks for your hints
Best regards,
Marc -
Hi all
i'm trying to configure a Citrix AlwaysOn VPN in Service-Mode with an internal Device-Cert (SCEP) to be able to join a new device to the On-Prem AD outside of the company. For that i found this article:
Windows Autopilot Hybrid Azure AD join via Citrix Always On VPN (hmaslowski.com)
Also i was looking for the Citrix Documentation on that: Configure Always On VPN before Windows Logon (citrix.com)
I tried to have that working without Autopilot on my Windows 10 Enterprise device. In the Registry i have these settings:
AlwaysOn: 1
AlwaysOnService: 1
AlwaysOnURL: https://vpn.test.com
When i reboot my device, it shows me before i even login for a short time "connected in service mode", changes then after a couple of seconds to "Citrix Gateway plugin is connected in user mode". The version of the ADC is 13.0-71.44. Is somebody having a similar setup up and running or can help me, why the user-tunnel is connected?
Many thanks for your help
Best regards,
Marc
-
Hi guys
we have just installed MS Teams on a Citrix CVAD 1912 LTSR CU1 environment with Server 2016 and Office 2016. I discovered that for the users it takes a couple of days until they see the MS Teams Add-in in Outlook. When checking working users, the DLL is pointing to C:\Program Files x86..., for users where it isn't working the dll is configured to C:\Users\test\AppData\Local\Microsoft.
It seems that after a while Outlook is getting the correct path without any changing. As soon as it does that, everything is working.
Does anybody know how i could configure the correct path to the add-in? I installed the MS Teams Client with "msiexec /i Teams_windows_x64.msi ALLUSER=1 ALLUSERS=1"
Many thanks for your inputs
Best regards,
Marc
-
Hi all
this is an old case here but i'm kind of stuck here as well with a Netscaler 13.0-71.44. With the steps above i'm able to Hide the Favorites Tab, but the content is still not from the Desktops-Landing page, it is from the Favorites-Landing page.
I've configured the Responder Action & Policy and bounded it to the CS of the UG. Also i modified the file script.js like mentioned.
Does anybody having the same issue with a current release or is there in the meantime a shorter way to configure it?
Many thanks for your help
Marc
-
Hi all
i have a Citrix Unified Gatway configured with latest Firmware and FullVPN. On macOS Big Sur the Gateway Plugin isn‘t working and Citrix recommends use the App Citrix SSO instead. I can connect but i‘m not able to access the portal website with all the bookmarks. Does anybody know how it would be possible to configure so also users on Big sur are able to access this page.
Best regards
Marc
-
-
Hi Carl
i'm still figuring out how i will need to configure the nfactor flow regarding to the loginschemas. Do i need to choose in the first factor just singleauth and the second one either otpmanament or otpverify?
I have that configured like that but i'm not able to find the loginschema for just otpmanagement. Is there a default lschema i can use in the second factor?
Best regards
Marc
-
Hi Carl
alright, i must missed that. Thanks for the fast feedback.
Best regards,
Marc
-
Hi Guy's
i'm trying to configure a nFactor Flow for OTP. For that i have configured a AAA VServer and bounded there a Advanced LDAP Policy and a LoginSchema for just Username and Password. As well i have configured a nFactor Flow with a Decision-Factor as well as after that a Factor for OTP.
How can i link the nFactor Flow after the first LDAP Policy i've bound to the AAA VServer? Or do i need only to work with nFactor Flow and do not configure a Policy & Schema on the AAA VServer?
Many thanks for your help.
Best regards,
Marc
Netscaler RDP Proxy SSO not working
in Core ADC use cases
Posted
Hey guys
i'm setting up a new Citrix ADC for RDP Proxy with OTP. I'm using currently the version 13.0-83.27 and trying to login to the Unified Gateway with the UPN. There i have a RDP Bookmark which starts a RDP session to a Terminal Server.
I'm not able to logon to the Terminal Server, but as soon as i disable SSO with a traffic policy it is working and i receive the login prompt. I tried to resolve the issue with this article "Netscaler - 11.1 - SSO Failure with RDP Proxy (citrix.com)" but was not able. I will need to have the Server Logon Name Attribute set to UPN. Also i will need to have SSO configured.
I'm a little lost where to change a setting on the ADC to have that up and running.
Can someone help me with that?
Thanks and best regards,
Marc