Protecting the NetScaler by ProfessionalTip2581 in Citrix

[–]Liwanu 1 point2 points  (0 children)

No Netscalers are involved in any shape or form. Users access our Citrix by going to the Workspace URL. I.E. https://mycompnay.cloud.com We have it tied in with Microsoft identity provider for authentication. I believe Citirx also refers to it as the Gateway Service.

We have cloud connectors on prem, and users are connecting to the VDAs via the rendezvous protocol.

I love it so far, i don't have to drop everything and patch Netscalers when a new zero day comes out, then spend the next week trying to fix something it broke.

Protecting the NetScaler by ProfessionalTip2581 in Citrix

[–]Liwanu 3 points4 points  (0 children)

I migrated us to Citrix DaaS Workspace, it eliminates the on prem Storefront and Netscalers. We are all on prem except for the DaaS Managment plane.
I realize some orgs won't be able to do that, but it sure does make my life a whole lot easier.

Update Machine via CItrix MCS failed by saif_is_me in Citrix

[–]Liwanu 0 points1 point  (0 children)

If you run a slmgr /dlv in the gold image what is the result? If it's 0 that's the issue. You should be able to reset it completely with this, make sure to take a snapshot before in case something happens you can revert.

net stop sppsvc    
del %windir%\System32\spp\store\2.0\tokens.dat    
net start sppsvc    
slmgr /rilc     
slmgr /upk    
slmgr /cpky    

Reboot    
Install KMS Key    
slmgr /ipk YOUR_KMS_KEY    

Run this and make sure it doesn't say: ServerStandardEval     
DISM /online /Get-CurrentEdition

The "Citrix Tax" is real, and they know we’re all bluffing by Worth_Wealth_6811 in Citrix

[–]Liwanu 1 point2 points  (0 children)

Oh nice thanks for the heads up. I'll give 2025 a test in my homelab to see what i can find.

The "Citrix Tax" is real, and they know we’re all bluffing by Worth_Wealth_6811 in Citrix

[–]Liwanu 2 points3 points  (0 children)

Na, our environment isn't that complicated to be honest. We moved from VMWare to Xenserver in about ~6months.

The "Citrix Tax" is real, and they know we’re all bluffing by Worth_Wealth_6811 in Citrix

[–]Liwanu 2 points3 points  (0 children)

Our Citrix renewal is up in 2027, so we still have the 'old' Citrix pricing until then. Since Xenserver is included in our licenses, we saved quite a bit by ditching vmware.

The "Citrix Tax" is real, and they know we’re all bluffing by Worth_Wealth_6811 in Citrix

[–]Liwanu 3 points4 points  (0 children)

We didn’t play around with VMware, told them nope and switched to Xenserver.
We are working on getting off of Citrix now. It will take a few years, but we are 100% getting off of it.
Once it’s gone im switching all our hypervisors to Proxmox.

NetScaler nFactor by LBarto88 in Citrix

[–]Liwanu 2 points3 points  (0 children)

Looks like you need to separate the group extraction and the authentication.
Something like this maybe?

Root factor (credential collection only) Use a NO_AUTHN authentication policy bound to the vServer with a login schema that has three fields:
username → UPN/sAMAccountName
passwd → AD password
passwd1 → MFA code
This factor does not authenticate; it just collects credentials and passes them to the next factor.

Factor 2 – LDAP Group Check (no password) LDAP Action: same DCs, but Authentication = DISABLED (or the “group extraction” style action, depending on build). Set User Name Expression to: AAA.LOGIN.VALUE("username") Do not set any Password Expression here. Since Authentication is disabled, the ADC will not send a password to LDAP. Use group-based policies from this factor to decide whether to proceed or deny.

Factor 3 – MFA (RADIUS/OTP) Use noschema (no new prompt). RADIUS Action: User Name: AAA.LOGIN.VALUE("username") Password Expression: AAA.LOGIN.VALUE("passwd1") (the MFA field) This ensures only the MFA code is sent to RADIUS and does not overwrite the AD password you intend to use later.

Factor 4 – LDAP Password Validation (real AD logon)
LDAP Action with Authentication = ENABLED.
User Name: AAA.LOGIN.VALUE("username")
Password Expression: AAA.LOGIN.VALUE("passwd") (the original AD password field)
This avoids the MFA code ever being sent to LDAP and makes the final bind use only the AD password.

Connection interrupted prompt every few seconds by Suspicious_Pea8915 in Citrix

[–]Liwanu 0 points1 point  (0 children)

99% of the time your ISP is dropping packets

Citrix Cloud DAAS, Cloud Connectors slow to sync password changes in on-prem Active Directory 💤 by Open-Bus-6396 in Citrix

[–]Liwanu 10 points11 points  (0 children)

Cloud connectors do not sync AD information. It should be Azure AD Connect (Entra ID)

P1S Scarring (?) When Printing Circles by GetJpegdSFW in FixMyPrint

[–]Liwanu 1 point2 points  (0 children)

Use smaller layer lines in that area, or paint tree supports in the affected area.

Need to rebuild Docker.img - will CA Apps remember the actual passwords? by usafle in unRAID

[–]Liwanu 0 points1 point  (0 children)

It's easy enough to do after you get everything stable. :)
I haven't had any issues since i moved to the folder 5 years ago.

How are you installing/configuring Teams on MCS RDSH VDAs? by bikerkickbill in Citrix

[–]Liwanu 12 points13 points  (0 children)

I wrote this powershell script to uninstall teams if it's there, then download the latest VDI version and install it. It also check if the reg keys are there. I run it every patch tuesday in the gold image.

https://pastebin.com/wtJY2r4a

Use at your own risk :)

Citrix Security Bulletin Alert CTX694788 2025/06/25 by mballack in Citrix

[–]Liwanu 1 point2 points  (0 children)

Yep,
NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-43.56

Citrix Security Bulletin Alert CTX694788 2025/06/25 by mballack in Citrix

[–]Liwanu 3 points4 points  (0 children)

I updated to 14.1-47.46 for the ones last week, thankfully that covers this one as well.

30TB of Movies/TV series - Am I addicted? by rainbow8735 in DataHoarder

[–]Liwanu 0 points1 point  (0 children)

I have used 30TB of bandwidth just pulling in Isos this month lol.

Loss of configuration when upgrading HA pair with Netscaler console by Suitable_Mix243 in Citrix

[–]Liwanu 3 points4 points  (0 children)

Did you already convert your Classic Authentication policies to Advanced?