Stefano Baronio
-
Posts
16 -
Joined
-
Last visited
-
Days Won
3
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by Stefano Baronio
-
-
Actually I hit the LB URL, then I'm redirected to the AAA login page. If I wait there for about 2 mins I get the error "Try again or contact your help desk" with the logs above.
I get the same error when logging off the application and wait more than 2 mins on the same login page (I have a redirect policy on the logoff button hit).
-
Hi Rhonda,
thank you for your time. I've checked point 1) and 2) and they are ok.
I couldn't find any timeout setting in AAA global setting and I've checked on Global system settings, HTTP parameters and Change Timeout Values (all 0), but they seems to be ok.
Set the SSL timeout in the Auth vServer properties to 600, but no change.
Session cookies are set after authentication, so they shouldn't get involved in this case.
At login prompt, the only cookie set is NSC_TASS. I've noticed that the cookie has the following text in it: <server-url>/&code=40e7fb01526ba8ea. After the authentication the cookie content changes and the "code" part disappear. Any changes it is related with the error "AAATM LOGIN: failed to lookup cgi/tm one time code"?
Thank you
Stefano
-
Hi all,
I just discovered that if I open the AAA login page and wait for about 2 minutes, than the login will fail with something like "call your support".
Error logged in ns.log are:
"AAATM Login: created session for <stefano.baronio> with cookie: <>"
"Artifact Store: Value absent in local cache"
"AAATM LOGIN: failed to lookup cgi/tm one time code"
And then:
"AAA Client Handler: Found extended error code 1245184
The problem happen when logging off the application as well. If I wait a couple of minutes then I can no longer log on and have to re-load the initial page.
Anybody knows a workaround for this?
Thanks
Stefano
-
Is it possible to use CS to redirect RDP traffic based on the hostname called using one IP address?
For example, I have a CS vServer with IP1. Have defined two different DNS names that resolv IP1, lets say CS-RDP1 and CS-RDP2. Now I have two different LB vServers non-addressable with one RDP service each (SVC-RDP1 and SVC-RDP2, the servers I want to access).
I would like to be able to connect to SVC-RDP1 by opening a RDP connection to CS-RDP1 and to SVC-RDP2 by opening a connection to CS-RDP2.
I can only see expression policies that use HTTP.etc.. but that apparently cannot be used with RDP vServer
Any help appreciated.
Thanks
Stefano
-
Hi Rhonda,
thank you for your answer. Unfortunately it's a Developer edition (added to the post, togheter with the release) and cannot open support tickets.
Tried with 13 and 12 releases.
-
Hi all,
I was testing the SAML feature (both SP and IdP) and found out that I cannot use certs created with ECC private key as it's causing a kernel crash (ADC kernel restart, not the BSD one).
Back on RSA key certs and all is running fine.
Anyone had the same experience?
ADC release 13.0-36.27 and 12.1-52.15 Developer edition
Here is the openssl conf file I use to create the certificates:
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
default_md = sha256[req_distinguished_name]
C = IT
L = Rome
O = CompanyName
OU = IT
CN = sp.test.it[v3_req]
basicConstraints = CA:TRUE
keyUsage = keyEncipherment, dataEncipherment, keyCertSign
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
DNS.1 = test1.test.it
And the batch file to create the certificate:
..\openssl ecparam -name secp384r1 -genkey -noout -out sso.test.it.key
..\openssl req -new -nodes -out sso.test.it.csr -key sso.test.it.key -config sso.conf
..\openssl req -text -noout -verify -in sso.test.it.csr
certreq -submit -attrib "CertificateTemplate:WebServer" sso.test.it.csr sso.test.it.cer
Internal domain Microsoft CA.
Thanks
Stefano
-
Thanks Benjamin, it worked!
-
18 hours ago, Benjamin Grimm1709152660 said:
Hi Stefano,
you do have a cache feature in standard edition because you have NetScaler Gateway. Citrix has a "hidden" feature for caching data for Gateway vServer which uses the Integrated Cache feature in the background, also if this is not licensed. It is called Static Page Caching and you can disable it with
set aaa parameter -enableStaticPageCaching NO
So I think, give that a try. I will try it on Monday. Thanks for the info.
Thanks Benjamin,
I'll give that a try.
Ste
-
1
-
-
Citrix support just gave me the following CTX support doc:
https://support.citrix.com/article/CTX244520
It seems not working with the Standard license (no cache feature)
Ste
-
Tried to delete and recreate again the custom theme (checking that all the files where deleted from file system) and the problem si still there.
If I copy the custom theme files from a working ADC, it works properly. As soon as I edit the custom theme from the UI, the problem starts again.
Opened a ticket in Citrix.
Ste
-
Thanks Carl and Nishith,
I'm using just the Gateway feature on a Standard licensed MPX 5550.
I've already deleted the custom theme form the GUI and recreated from scratch. I'll try it again and check that the files will be deleted form file system.
I will update this thread tomorrow.
Thanks
Stefano
-
Hi,
I'm struggling with an issue related to the gateway Theme. It shows the "Cannot complete your request" just at home page, before prompting for authentication.
I'm sure that is related to the Theme I'm using as with the RfWebUi it works properly.
The issue started after upgrading the ADC to the latest firmware NS12.1 50.31.nc, coming from the NS12.1 49.37.nc.
Any help appreciated.
Thanks
Stefano
-
I got it working by setting "Clientless Access URL Encoding" to "Encrypt" in the gateway session profile. Now the OWA content is loading properly (given the traffic policy above from Tinello).
Ste
-
-
Can't find WEM download page any more, anyone can help?
Thanks
Stefano
Web Studio load balancing error
in Core ADC use cases
Posted
Hi all,
I'm trying to load balance two Delivery Controllers with Web Studio installed, but I receive an error when I try to access it.
As a workaround I can insert the URL FQDN in the "Alternative Delivery Controller" field to get the login form and authenticate.
I tried different Persistence (source ip, cookie insert), but it does not solve the problem.
It is a simple load balancing configuration as the one you would do to load balance StoreFront.
Any help is welcome.
thank you
Stefano