Citrix ADC 13.0-64-35 and Storefront “Cannot complete your request” (CVE-2020-8245, CVE-2020-8246 or CVE-2020-8247)

Starting with Citrix ADC feature release 13.0 build 64.35, some weak SSO types are dishonored globally. This affects Citrix XenDesktop Site and the Citrix Storefront authentication mechanism between Citrix Gateway and SF directly. These SSO types will be now disabled by default: Basic authentication Digest Access authentication NTLM without Negotiate NTLM2 Key or Negotiate Sign This means Single Sign-On (SSO) configuration in Citrix ADC and Citrix Gateway has to be…

Read More

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance Security Update

On Sep 17, Citrix released CTX281474 article with three vulnerabilities which are fixed by new firmware releases on all supported version tracks. The following vulnerabilities are addressed here: CVE-2020-8245: An html injection attack against SSL VPN portal, CVE-2020-8246: A Denial-of-Service attack originating from the management network CVE-2020-8247: A escalation of privileges on the management interface. 8246 & 8287 are attacks on the management interfaces which should NOT be directly reachable from unauthorized…

Read More

Citrix Synergy 2019 – my thoughts and my personal review

Right back from Citrix Synergy 2019 in Atlanta I was thinking about a personal conclusion of the great event and the days with a lot of insights into the strategy and Citrix‘ ideas for the future of work. First of all, I try to list the great announcements and product upgrades Citrix gave at the keynote. David Hanshall (CEO) and PJ Hough presented a very good overview and gave a…

Read More

Netscaler – AD Group permission check on vserver level

In a Netscaler project I came to a requirement, to check if an user is member of an specific Active Directory group before the request is forwarded to the load balancing vServer. The customer has multiple lb vservers, which are protected by an simple AAA authentication server. The authentication domain was set to the top level domain, e.g. fabric.com.  The following subdomains are representing the other applications: sharepoint.fabric.com jira.fabric.com documentcenter.fabric.com …

Read More

Microsoft Surface: CTX236170 HDX session stops responding when using two-finger scroll on a touchpad

Something I observed since a very long time on my Mircosoft Surface Book 2 is now confirmed by Citrix Support: Citrix HDX session may stop responding and hang when using the two-finger scroll on a touchpad. This was observed in certain machines running Windows 8 or 10 with receiver 4.10 or higher. There is currently no solution, but the workaround to press a system keys like Alt-tab or windows key…

Read More

Insert your Password Policy notification in Netscaler Gateway 11.1

  I am often asked to customize the Netscaler logon pages with the company corporate design, logos and other stuff. Another very common requirement is, to have the opportunity to set a hint what is the compony’s LDAP password complexity policy, when the user have to change their passwords in a remote scenario. Netscaler does not offer any functionality to do this in the GUI. The second challenge is, Citrix…

Read More

Citrix Director: Cannot retrieve the data. Data source unresponsive or reported an error. View Director server event logs for further information.

After upgrading VDA to the latest version, a customer was faced to an issue that no performance and configuration data for the machines was displayed in Director. The machine itself was running fine and the this errors seems to have no impact to any user.                    While analysing this I found an error in the event log at an effected VM.   …

Read More

XenDesktop: The supplied address for the compute resource is invalid

  In a customer environment we upgraded to XenDesktop 7.9 and added two new Desktop Controller in order to change the OS from Windows Server 2008R2 to Windows Server 2012R2. After some weeks the customer removed the old Controller from the site and after this we saw several issues regrading the hypervisor connections, for example when we tried to add VMs to catalog:             If…

Read More

PoC: Sharefile StorageZone with ADFS 3.0 on premise – Part 2

  In my first Sharefile post I showed how to install and prepare the internal systems for use with Citrix Sharefile storage Zone (on premise). In this post we will have a look on publishing these services via Netscaler to authenticate users through a on-premise ADFS service. Architecture     Requirements on the Sharefile Control Plane Create a custom logon page as descripted in: http://support.citrixonline.com/en_US/sharefile/all_files/SF090016 You will need to edit the login.htm…

Read More

HDX 3D Pro option missing while VDA installation

Today I quickly wanna share an installation issue, seen while updating a customer environment with XenDesktop 7.6 HDX3D Pro to 7.8 with the latest PVS target device driver. After a successfull installation of the new PVS target device software, we would like to install VDA 7.7. Now the installation wizard doesn’t show the HDX3D Pro option anymore, so we are not able to activate the feature.        …

Read More