Ferroque Systems News

Citrix ADC Security: Securing ns.conf with KEK Keys

August 22nd, 2019

This guide is intended to shed a little light on an interesting security mechanism in Citrix ADCs which seldom gets much attention. Mentioned in the Citrix Secure Deployment Guide for ADCs, is a line item about creating a system master key for “data protection”. In the context of ADCs this means passwords of local accounts, certificate key pair passphrases, LDAP passwords, RPC passwords, RADIUS secret … read more

Citrix Virtual Desktops: Launching Multiple Sessions From The Same User Account

July 30th, 2019

I’ve seen a lot of discussions online regarding the topic of launching two or more of the same Citrix resource (app, pooled VDI, HSD, etc.) on different machines using a single user account with no definitive answer. Today I was requested to implement this feature for a 1903 CR environment and it had taken a little bit of trial and error to get this to … read more

Integrating PingID with Citrix Gateway via RADIUS

July 29th, 2019

More adventures in RADIUS! PingID provides one of the most prevalent multi-factor authentication (MFA) solutions on the market today and as with many of them such as Azure MFA (which I touch on in a previous article), Okta, Duo, etc. can handle one-time passwords (OTP) via SMS, mobile app, or email, as well as “pushes” to a their mobile app (preferred method) which tends to … read more

Issue: Black or frozen screen when you share your screen in Skype for Business 2016

June 18th, 2019

Issue: Skype for Business Windows client displays a black screen (or a black screen with a mouse cursor) during screen sharing and/or crashes during a screen share.   Details: Since Skype for Business 2015 Cumulative Update KB3061064. Video-based Screen Sharing (VbSS) was introduced to replace the legacy RDP screen sharing method. VbSS also referred to as P2P sharing makes use of the UDP protocol. Although … read more

DUDE! Where’s My Auth Request? Adventures in RADIUS Load Balancing

June 16th, 2019

Environment: Greenfield multi-tiered Citrix ADC deployment, Citrix Gateways on processing tier configured with multi-factor authentication with RADIUS. Products: Citrix ADC (NetScaler) MPX 8905 running 12.1 b52.15 PingID via RADIUS Issue: So this particular issue has come up a few times now in my configs across various RADIUS-capable authentication products. Essentially, when setting up RADIUS configurations on the ADC, authentication servers configured to authenticate directly to … read more