Blog, Citrix, Exchange, Load Balancing, NetScaler
0

How to configure NetScaler with Exchange 2013 Load Balancing via command line

Here is an example how to configure Microsoft Exchange 2013 Load Balancing on Citrix NetScaler appliance.

This guide assumes that you are already imported certificate on the NetScaler from the Windows Exchange CAS Servers (or any other)

As done in here:

http://janikohonen.com/2014/11/21/how-to-create-export-and-install-ssl-certificate-from-the-windows-server-to-the-netscaler/
Take a full backup of your current NetScaler configuration:

create system backup -level full

Add Exchange Client Access (CAS/SMTP) Servers:

add server EX2013-01 192.168.202.250
add server EX2013-02 192.168.202.251

Create Service Group for SSL:
(Do Not copy-paste “\”None”” commas!)

add serviceGroup service-EXCHANGE-SSL SSL -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appf DISABLED
bind serviceGroup service-EXCHANGE-SSL EX2013-01 443 -CustomServerID “\”None\””
bind serviceGroup service-EXCHANGE-SSL EX2013-02 443 -CustomServerID “\”None\””

Bind default HTTP monitor to Service Group:

bind serviceGroup service-EXCHANGE-SSL -monitorName https

Create and Configure Virtual Server for SSL:

add lb vserver vserver-EXCHANGE-SSL SSL 192.168.202.252 443 -persistenceType SOURCEIP -cltTimeout 180
set ssl vserver vserver-EXCHANGE-SSL -tls11 DISABLED -tls12 DISABLED
bind lb vserver vserver-EXCHANGE-SSL service-EXCHANGE-SSL

Bind certificate to SSL Service Group and Virtual Server:

bind ssl serviceGroup service-EXCHANGE-SSL -certkeyName janikohonen.com
bind ssl vserver vserver-EXCHANGE-SSL -certkeyName janikohonen.com

Save your configuration:

save ns config

++++

Create and modify SMTP monitor:

add lb mon smtp SMTP
set mon smtp SMTP -interval 30 seconds -resptimeout 5 seconds -downtime 120 seconds

Create Service Group for SMTP:
(Do Not copy-paste “\”None”” commas!)

add serviceGroup service-EXCHANGE-SMTP TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO -CMP YES -appf DISABLED
bind serviceGroup service-EXCHANGE-SMTP EX2013-01 25 -CustomServerID “\”None\””
bind serviceGroup service-EXCHANGE-SMTP EX2013-02 25 -CustomServerID “\”None\””

Bind SMTP monitor to Service Group:

bind serviceGroup service-EXCHANGE-SMTP -monitorName smtp

Create and Configure Virtual Server for SMTP:

add lb vserver vserver-EXCHANGE-SMTP TCP 192.168.202.253 25 -persistenceType SOURCEIP -cltTimeout 180
bind lb vserver vserver-EXCHANGE-SMTP service-EXCHANGE-SMTP

Save your configuration:

save ns config

 

[facebook_like_button]

 

Views: 9160

Read More
Blog, certificate, Citrix, NetScaler, Windows
1

How to create, export and install SSL certificate from the Windows Server to the NetScaler

 

This is an example how to create, export and install Windows Server Root CA signed certificate to the NetScaler appliance.

Create Certificate Request on Windows Server:

 

Choose Request a certificate on your Windows CA:

Choose advanced certificate request:

Choose Submit a certificate…:

Copy-Paste your Certification Request and choose Certificate Template Web Server:

Download and save your certificate:

Complete your Certificate Request:

Open Certificates MMC Snap-in, choose certificate and and export:

Log in to your NetScaler 10.1 and install certificate (for NetScaler 10.5 same method works, GUIs look is just a bit different)

Choose Import PKCS#12:

Choose Output file name whatever you want, browse PKCS#12 certificate file we just exported and type Password we created in certificate export phase:

Choose Manage Certificates / Keys / CSRs:

Download certificate .key file, change filetype association from .key to the .cer and upload it back to the NetScaler:

Choose Install…

Install certificate:

And that’s it! Now you have properly exported and installed certificate on your NetScaler.

 

[facebook_like_button]

 

 

Views: 3110

Read More
Citrix, XenApp, XenDesktop
0

XenApp and XenDesktop 7.6 now available for download

Citrix announced that XenDesktop/XenApp 7.6, which includes new enhancements in the areas of faster access to virtual apps with higher connection resiliency, improved graphics rendering, and new app-usage reporting and monitoring tools is now available for download..

More info:

http://www.citrix.com/products/xendesktop/whats-new.html

 

[facebook_like_button]

 

Views: 861

Read More
Citrix, XenMobile
0

XenMobile MDX Toolkit Documentation

Citrix has made a good MDX Toolkit Documentation which is used to prepare iOS and Android applications for deployment with Citrix XenMobile. Download and take a look from this link:

http://support.citrix.com/servlet/KbServlet/download/37555-102-711237/MDXToolkit%20Documentation%20v1.0.pdf

 

[facebook_like_button]

 

 

Views: 957

Read More
Blog, Citrix, StoreFront, Web Interface
0

Web Interface and StoreFront password change problem

In Citrix Web interface and StoreFront web portals users can normally change their expired passwords if feature is enabled. WI and SF can be also configured to allow users to change their password at anytime they want. There is a short steps how to enable it on both WI and SF.

Web interface:

1. Open Citrix Web Interface Management console.

2. Select XenApp Web Site.

3. Select Authentication Methods and Properties.

4. Choose Password Settings and Allow users to change passwords At any time.

5. Optionally you can also set Remind users before their passwords expire setting.

 

StoreFront:

1. Open Citrix StoreFront console.

2. Select Authentication and choose Authentication Method.

4. Choose Manage Password Options and Allow users to change passwords At any time.

5. If you want also to set Remind users before their passwords expire setting. Then edit the file in: C:\intetpub\wwwroot\Citrix\Authentication\web.config

Search line: ” <…> showPasswordExpiryWarning=”Custom” <…> ” and change setting to the “Custom”

 

However recently I came across situation that password reminder worked but users got an error message when tried to change their expired passwords. Self-password reset didn’t worked either and you can see following errors on the Citrix Delivery Services event logs.

sf_error

 

 

 

 

 

 

 

 

 

Event Properties – Event ID:1 Citrix Receiver for Web

 

Reason to this could be that Web Interface or StoreFront servers are on the different network subnets e.g. DMZ and proper firewall rules are not in place. Changing password from the WI and SF requires:

Kerberos Change/Set password ports TCP/UDP 464

To be open in both ways between WI/SF servers and the Domain Controllers. After we had impelemented proper firewall rules to allow that, password change worked properly for the users.

 

[facebook_like_button]

 

 

Views: 5902

Read More
1 2 3 4 5 6 7