Julian Mooren1709156280
-
Posts
13 -
Joined
-
Last visited
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by Julian Mooren1709156280
-
-
Hello Paul,
thanks for sharing. This is great.
-
I run into the same issue during a Citrix FAS implementation.
Make sure you use a separate Callback Gateway. Because of the SAML Redirect to ADFS/AzureAD the callback proccess from StoreFront will not be successful.
Citrix FAS is not working without a configured Callback URL.
-
I disabled folder redirection in the Citrix Policy and changed the needed registry keys with a login script. Had problems with the M$ GPO.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
-
Hello Robert,
you need to disable ADAL on the client (registry) or upgrade to NetScaler >= 12.x
HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL (REG_DWORD 0)
For more Information: https://support.citrix.com/article/CTX216539
Julian
-
Already switched over to Microsoft Folder Redirection.
@Citrix: What about to take this "feature" on the roadmap?
-
Yeah I also recommend to use Microsoft Folder Redirection.
I configured the identicals settings in my lab environment and the Citrix Folder Redirection UNC Paths only get applied during the creation of a new userprofile.
My logic was strapped too much to the Microsoft way of handling FR.
Watch out when migrating from an environment like this.
Cheers
Julian
-
Today I was doing a UserHome migration to a new DFS Share for a customer.
I prefer to use Microsoft Folder Redirection but the customer environment was configured via Citrix Policy..
After changing the UNC-Path from "\\fileserver001.domain.local\Userhome to "\\dfsshare.domain.local\Userhome" the Folder Redirection was broken.
Environment is running on XenApp 7.12. An update to UPM 7.15 didnt fixx the issue.
The Citrix Policy was beeing applied correctly:
(I tried with "\\share\Userhome" & "\\share\Userhome\")
The UserShellFolder was still pointing to the old unc-share.
Someone expected the same behaviour?
Workarround: Set the new UNC-Share registry keys via Microsoft Group Policy.
Wish you a good weekend.
Julian
-
While setting up a PoC for WEM Transformer I realized the webbrowser session in "Kiosk Mode" is not able to perform a Domain-Pass-Through authentication to StoreFront.
You only can login with username and password.
StoreFront FQDN is assigned to the Intranet Zone.
SSO is working with Internet Explorer.
As soon I remove username and password authentication (only Domain-Pass-Through left) there are no login options available for the user.
I could use a local/service user for the AutoLogin on the client, but then when the user is locking his device everybody needs to enter the same password.
Not really secure ;)
Is anyone using WEM Transformer with SSO to StoreFront?
Julian
-
Great job :)
-
Hi,
Im configuring Exchange 2016 in my lab environment and having problems with the "Autodiscover" service.
When I remove the 401 Authentication on the autodiscover vServer everything is working flawless.
After reading serveral whitepapers and blogs this should be the correct configuration:
- OWA: FBA
- ECP: FBA
- ActiveSync: 401
- Autodiscover: 401
- Remaing: None
This is the result of the Microsoft Remote Connectivity Tool:
The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.domain.de:443/Autodiscover/Autodiscover.xml for user test@domain.de.
The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
Additional Details
An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
HTTP Response Headers:
request-id: ebc671e7-1ca1-4b92-8207-6b003f426345
X-CasErrorCode: UnauthenticatedRequest
Cache-Control: private
Server: Microsoft-IIS/10.0
WWW-Authenticate: Negotiate,NTLM,Basic realm="autodiscover.domain.de"
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-FEServer: EX01
Date: Mon, 17 Jul 2017 14:50:22 GMT
Content-Length: 0
Set-Cookie: NSC_TMAA=2829d751fe703f17f0c06ff44ebb4033;HttpOnly;Path=/;,NSC_TMAS=247fc3bab2d6b592609a6e80a405f4f3;Secure;HttpOnly;Path=/;,NSC_TMAP=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;,NSC_TMAV=xyz;Path=/;expires=Wednesday, 09-Nov-1999 23:12:40 GMT;
Elapsed Time: 1011 ms.The config of my AAA server looks like:
Name: AAA_Exchange2016
Certificate: Wildcard
Primary Authentication: LDAP (SAM & UPN Policy) --> SSO Attribut "userPrincipalName"
401 Based Servers: ActiveSync, Autodiscover
Form Based Servers: OWA, ECP
Session Policy: OWA SSO Profile (HTTP.REQ.URL.CONTAINS("/owa/auth/logon.aspx")
Load Balancing vServer
Name: lb_exch2016_autodiscovery
Protocol: SSL
Persistence: SourceIP
Timeout: 30mins
401 Based Authentication: ON
Authentication Virtual Server: AAA_Exchange2016
Content Switch Policies
nsconmsg -d current -g_hits result:
NetScaler NS11.1: Build 49.16.nc
reltime:mili second between two records Mon Jul 17 16:01:00 2017
Index rtime totalcount-val delta rate/sec symbol-name&device-no
0 7148 183336 9 1 route_tot_hits route(127.0.0.0_255.0.0.0)
1 0 638887 79 11 route_tot_hits route(192.168.2.0_255.255.255.0)
2 0 175948 4 0 route_tot_hits route(0.0.0.0_0.0.0.0_192.168.2.253)
3 7161 529 6 0 pol_hits Policy(LDAP_Lab_SAM)
4 0 814 6 0 pol_hits Policy(LDAP_Lab_UPN)
5 0 242 6 0 pcp_hits cspolicy(cs_pol_autodiscovery)
6 0 69 1 0 pcp_hits tmsession(SETTMSESSPARAMS_ADV_POL)
7 0 62 6 0 pcb_hits cs_pol(cs_pol_autodiscovery)(cs_exchange2016)
8 0 69 1 0 pcb_hits policyBinding_26_10000000081_GLOBAL REQ_DEFAULT_65534(SETTMS ESSPARAMS_ADV_POL)
9 0 183357 21 2 route_tot_hits route(127.0.0.0_255.0.0.0)
10 0 638993 106 14 route_tot_hits route(192.168.2.0_255.255.255.0)
11 0 175971 23 3 route_tot_hits route(0.0.0.0_0.0.0.0_192.168.2.253)
12 0 2297 1 0 ssl_ctx_tot_session_hits vserver_ssl_192.168.2.250:443(cs_exchange201 6)
13 7074 183369 12 1 route_tot_hits route(127.0.0.0_255.0.0.0)
14 0 639058 65 9 route_tot_hits route(192.168.2.0_255.255.255.0)
15 0 175976 5 0 route_tot_hits route(0.0.0.0_0.0.0.0_192.168.2.253)
Did I miss something?
Anyone else have problems with November patches kb5032189?
in App Layering 4.x
Posted
Hello everybody, a customer and myself did a lot of testing's regarding this issue the last weeks and still have an open support case at Microsoft.
As Bjoern posted, my client has been able to identify, that the issue is gone with the latest preview KB5034203.
We provided the MS Support a broken virtual disk, which is being analyzed by a support engineer.
Unfortunately the support quality is really bad, but I keep asking and asking for a identification of the root cause. I want to prevent that this is happening again with a CU in the future.
There is nothing mentioned in the changelog which is a bummer. If you want to raise the pressure on MS here is our support case ID #2401040030004010
Julian