Manuel Kolloff
-
Posts
6 -
Joined
-
Last visited
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by Manuel Kolloff
-
-
Hi,
we had the same issue on the same hardware - the DL385 G10 has AMD Epyc CPUs - turns out VPX only supports Intel CPUs - look at the fineprint in the datasheet :-(
Regards,
Manuel
-
Hi Faizal,
I never dealt much with DNS on Netscaler, so it's just a guess, but have you had a look into the DNS.* policy tree?
For example: DNS.REQ.QUESTION.TYPE
From the help: "Returns DNS Record type. This object provides Num operations and DnsType Enum operations on the DNS Record Type."
(Or any other thing within the DNS.* tree, theres quite a few more options avaiable there)
Manuel
-
Good question, I guess this would need to be tested.
However, I read the matrix as follows:
- the behaviour only changes if the CRL is optional or missing
- if you have a CRL configured, its online and up to date, then a revoked certificate will always be rejected
-
Hi, did you see the following? (Lower section)
https://docs.citrix.com/en-us/netscaler-gateway/12/authentication-authorization/configure-client-cert-authentication/ng-client-cert-smart-card-tsk.html
on the vserver-sc
- disable mandatory SSL auth
- add a CERT auth policy instead
- allow SSL renegotiation (even though I would prefer the NONSECURE setting instead of NO as described in the article)
...that way the smart-card is only validated during authentication, not with every SSL handshake (i.e. ICA Session start, which causes the second prompt)
---
Another way is the described attempt of using a separate vserver-ICAonly.
You have to set this one up in Storefront as additional gateway and force sessions through it through "Optimal HDX Routing" (under Store-settings).
-
On 5.12.2017 at 4:50 PM, Jonathan Clark1709155079 said:
If you want users who "Fail" device certificate checks to proceed with a secondary factor of authentication, check out nFactor with certificates
That's not quite right, nFactor can (currently) only realize such a scenario with user-certificates!
How to edit RDP Profile user downloads
in Core ADC use cases
Posted
I have a customer with the exact same problem - Case with Citrix is open but progressing slowly and no bug aknowledgement as of now.
Carls section on Bookmarks includes a passage on how you can alter the RDP file https://www.carlstalhood.com/citrix-gateway-rdp-proxy/#createrdpbookmarks
However, with that it didnt replace but added and we ended up having two lines:
Alternate Shell: explorer.exe or empty (our custom value)
Alternate Shell: DefaultAltShell
...and RDP honored the second line - so error persisted.