Ferroque Systems News

Issue: PVS App Layering Agent Install Error – Bad Data

January 14th, 2019

Environment: Greenfield platform build. Products: PVS 1811 App Layering 1812 Windows Server 2016 Issue: Randomly got bit by this twice in one week with a customer, and haven’t seen much online about it. Upon installing PVS and installing the App Layering agent, it fails toward the end with this lovely message: Snippets of the log contain the following: InstallShield 17:57:28: Invoking script function AddCertificate 1: … read more

HowTo: Enable SSL on Citrix Delivery Controllers – Easy Method

December 19th, 2018

One of the cardinal sins of anyone implementing a Citrix virtualization platform is not securing XML and STA services on the Delivery Controllers (aka brokers). Although passwords are hashed in transit over HTTP, the encoding is very weak and easily decrypted through basic tools. Beyond that, user names, app entitlements, and group memberships can all go cleartext if left to the default HTTP\TCP 80 configuration. … read more

HowTo: One vDisk, Multiple Environments and Force GPUPDATE at Startup

November 2nd, 2018

This post is intended to solve two challenges: I have a vDisk I need to use in multiple Citrix environments (different Delivery Controllers) and do not require customization of apps between environments (apps configured to go to different backends, etc.). I do not want to have to maintain one vDisk per environment just to change VDA registration params. I want to ensure that on startup, … read more

HowTo: Remove the System Reserved Partition from Windows

October 22nd, 2018

By default, a Windows OS will install itself creating a system reserved partition. When dealing with PVS and vDisk images, this may eventually bite you in the rear end either causing problems performing an initial vDisk creation, or through the inevitable reverse imaging process when one needs to update VM tools drivers for the NIC (unless you’re sneaky and do a cusotm install of the … read more

HowTo: Secure NetScaler NSROOT

October 22nd, 2018

This post is primarily related to a small oversight on Citrix ADC (formerly NetScaler), which continues to persist through more current 12.x firmwares. By default, the nsroot account is set to allow external authentication. That is to say, if a global authentication policy, commonly LDAP(S), is bound to the NetScaler, when logging in via nsroot it will first check the external authentication source for a … read more