Shift + F10
start Regedit (and use neaded Bypass)
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\PCHC]
"UpgradeEligibility"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig]
"BypassTPMCheck"=dword:00000001
"BypassSecureBootCheck"=dword:00000001
"BypassRAMCheck"=dword:00000001
"BypassStorageCheck"=dword:00000001
"BypassCPUCheck"=dword:00000001
"BypassDiskCheck"=dword:00000001
Error detection
Find issue
Identify Group Name
Connect-MsolServiceGet-MsolGroup -ObjectId "Value From Log"
Cleanup License Assigment
Tray again
Start-ADSyncSyncCycle -PolicyType Delta
Check
done
Netscaler Theme
/var/netscaler/logon/themes
/var/netscaler/logon/themes/<NAME>/css
body {
background-image : url('../custom_media/Hintergrund.jpg');
background-size: 100% 100%;
background-repeat: no-repeat;
}
mkdir /var/customizations touch /nsconfig/rc.netscaler chmod a+x rc.netscaler echo cp /var/customize/AccessGateway.ico /netscaler/ns_gui/vpn/images/AccessGateway.ico >> /nsconfig/rc.netscaler Rc.netscaler cp /var/customize/AccessGateway.ico /netscaler/ns_gui/vpn/images/AccessGateway.ico
gslbportal.kolbik.de
site1.example.com
site2.example.com
site3.example.com
NS Initial Konfiguration
Lizenz ID MAC
Netzwerk
Hostname vom NetScaler ändern
Hochverfügbarkeit für Netscaler aktivieren
Netscaler Initial Konfiguration
configns
shell lmutil lmhostid
VLAN an Interface und IP Subnetz an VLAN zuweisen
add vlan 48 bind vlan 48 -ifnum 1/1 –tagged bind vlan 48 -ipAddress 10.10.48.0 255.255.255.0
Hostname voon NetScaler ändern
shell cd /nsconfig vi rc.conf cd /etc vi hosts
High Availability Pair on NetScaler
set ha node -hastatus STAYPRIMARY set ha node -hastatus STAYSECONDARY disable interface <interface_num> add node <id> <ipAddress> set ns rpcnode <ipAddress> -password <string> show ns rpcnode show ha node sync ha files all sync HA files ssl set ha node -hastatus ENABLED force HA failover
Zeit Synchtonisation ohne neustrat
add ntp server 10.10.10.10 -minpoll 6 -maxpoll 11 rm /etc/ntp.conf ln -s /nsconfig/ntp.conf /etc/ntp.conf /bin/sh /etc/ntpd_ctl full_start
add ssl vserver <NAME> –HSTS ENABLED –maxage 157680000 –IncludeSubdomain YES add sslProfile <NAME> –HSTS ENABLED –maxage 157680000 –IncludeSubdomain YES oder add rewrite action insert_STS_header insert_http_header Strict-Transport-Security "\"max-age=157680000\"" add rewrite policy enforce_STS true insert_STS_header
SSL-Profile
Deny SSL Renegotation ALL set ssl parameter -denySSLReneg FRONTEND_CLIENT
add ssl cipher SSLLABS-PROF bind ssl cipher SSLLABS-PROF -cipherName TLS1.2-ECDHE-RSA-AES256-GCM-SHA384 bind ssl cipher SSLLABS-PROF -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256 bind ssl cipher SSLLABS-PROF -cipherName TLS1.2-ECDHE-RSA-AES-128-SHA256 bind ssl cipher SSLLABS-PROF -cipherName TLS1-ECDHE-RSA-AES256-SHA bind ssl cipher SSLLABS-PROF -cipherName TLS1-ECDHE-RSA-AES128-SHA bind ssl cipher SSLLABS-PROF -cipherName TLS1.2-DHE-RSA-AES128-GCM-SHA256 bind ssl cipher SSLLABS-PROF -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA bind ssl cipher SSLLABS-PROF -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA bind ssl cipher SSLLABS-PROF -cipherName TLS1-AES-256-CBC-SHA bind ssl cipher SSLLABS-PROF -cipherName TLS1-AES-128-CBC-SHA IOS Geräte bekommen Fehler "Error Number 183", wenn diese Cipher gebunden sind: bind ssl cipher SSLLABS-PROF -cipherName TLS1.2-DHE-RSA-AES256-GCM-SHA384 bind ssl cipher SSLLABS-PROF -cipherName TLS1.2-ECDHE-RSA-AES-256-SHA384
Direct Server Return
netsh interface ipv4 set interface "Your production network adaptor name" weakhostreceive=enabled
netsh interface ipv4 set interface "Your loopback network adaptor name" weakhostreceive=enabled
netsh interface ipv4 set interface "Your loopback network adaptor name" weakhostsend=enabled
Links:
How to Allocate NetScaler VPX Licenses
How to Associate an IP Subnet with a NetScaler Interface by Using VLANs
Netscaler Upgrade
NetScaler Hardware and Software Compatibility Matrix CTX113357
Backup:
/var/ns_sys_backup/ (Pfad) create system backup -level full restore system backup backup_full_<nsip_address>_<date-timestamp>.tgz
/nsconfig/monitors/*.pl /nsconfig/htmlinjection/* /nsconfig/ns.conf /nsconfig/ZebOS.conf /nsconfig/rc.netscaler /nsconfig/snmpd.conf /nsconfig/nsbefore.sh /nsconfig/nsafter.sh /nsconfig/inetd.conf /nsconfig/ntp.conf /nsconfig/syslog.conf /nsconfig/newsyslog.conf /nsconfig/crontab /nsconfig/host.conf /nsconfig/hosts /nsconfig/ttys /nsconfig/sshd_config /nsconfig/httpd.conf /nsconfig/monitrc /nsconfig/rc.conf /nsconfig/ssh_config /nsconfig/localtime /nsconfig/issue /nsconfig/issue.net /nsconfig/ssl/* /nsconfig/license/* /nsconfig/fips/* /var/custom/* /var/download/* /var/log/wicmd.log /var/wi/tomcat/webapps/* /var/wi/tomcat/logs/* /var/wi/tomcat/conf/catalina/localhost/* /var/nslw.bin/etc/krb.conf /var/nslw.bin/etc/krb.keytab /var/netscaler/locdb/* /var/lib/likewise/db/* /var/vpn/bookmark/* /var/netscaler/crl /var/nstemplates/* /var/learnt_data/*
Upgrade:
mkdir x_xnsinstall cd /var/nsinstall/ns-<build> tar zxvf ns-<build>.tgz ./installns HA Konfiguration: set ha node -hasync disabled cd /var/nsinstall/ns-<build> tar zxvf ns-<build>.tgz ./installns force failover set ha node -hasync enabled
hohe und konstante CPU Nutzung 50% ab ESXi Version 6.0
set ns vpxparam -cpuyield YES With version NetScaler 11.1, VPX was sharing CPU with other VMs. With NetScaler 12.0 version, VPX will not share CPU by default.
Links:
How to Upgrade the Software of the NetScaler Appliances in a High Availability Setup CTX127455
Citrix High Availability Service
Lösung: HighAvailabilityService.exe.config anpassen und Dienst neu starten
C:\Program Files\Citrix\Broker\Service\HighAvailabilityService.exe.config <appSettings> <!--am 28.06.2017 E. Kolbik RAM Begrenzen--> <add key="MaxServerMemoryInMB" value="1024" /> </appSettings>
AD Vertrauensstellung
nltest /sc_query:Domänenname (sollten dabei Fehler gemeldet werden) netdom reset 'Computername' /domain:'Domänenname'
VDA 7.X Update/Uninstall > Port between 0 and 65535
"c:\Program Files`\Citrix\Virtual Desktop Agent\Agent Configuration\AgentConfig.exe" /ExecutionMode:DumpConfiguration /Log:c:\inst\agent.log" "c:\Program Files`\Citrix\Virtual Desktop Agent\Agent Configuration\AgentConfig.exe" /ExecutionMode:Configure /Log:c:\temp\agent.log
Citrix Policy Inconsistencies
Add-PSSnapin Citrix.Common.GroupPolicy New-PSDrive Site –PSProvider CitrixGroupPolicy –Root \ -Controller localhost cd Site:\User ren Policy-Name Policy-Name-New
C:\inetpub\wwwroot\DesktopDirector\LogOn.aspx <asp:TextBox ID="Domain" Text="kolbik.de" readonly="true" runat="server" CssClass="text-box"></asp:TextBox>
Fehler: Retrieving connection failures by type details…
Afrage im SQL, damit Fehler geprüft wird. SELECT * FROM [Kolbik-Datenbank-XA].[MonitorData].[Machine] where [DesktopGroupId] = '00000000-0000-0000-0000-000000000000' Bereinigung: DB > Tables > monitordata.desktopgroup > edit top 200 rows > delete the NULL oder: set @did = '00000000-0000-0000-0000-000000000000' delete from MonitorData.Session where machineid in (Select Id from MonitorData.Machine where DesktopGroupID = @did) delete from MonitorData.Machine where DesktopGroupId = @did delete from MonitorData.DesktopGroup where id = @did
Fehler: Benutzer hat zu viele Gruppen. (HTTP Error 400.The size of the request header is too long. )
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\system\CurrentControlCet\control\Lsa\Kerberos\Parameters] "MaxTokenSize"=dword:48000 [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters] "MaxFieldLength"=dword:48000 "MaxRequestBytes"=dword:12288000
Director License error
C:\inetpub\wwwroot\Director\Tools\DirectorConfig.exe /upgrade
Links:
Citrix Director Licensing Status shows „Cannot Retrieve the Data“ CTX200309
/* Meine ANPASSUNG */
/* Hintergrund Bild */
.web-screen {
background-image: url('Mein-Hintergrund-Bild.jpg');
//background-image:none;
}
/* Querbalken Login */
.web-screen .content-area {
/* Decimal Code (R,G,B) rgb(250,250,210) */
background-color: rgb(0,141,88);
}
/* Hintergrund Bild Obere Leiste */
.theme-header-bgcolor {
background-color: rgb(0,141,88);
// background-image: url('Mein-Hintergrund-Bild.jpg');
}
/* Hintergrund Bild Anwendungen */
.storeViewSection {
background-color: rgb(0,141,88);
// background-image: url('Mein-Hintergrund-Bild.jpg');
}
/* Hintergrund Bild for Suchfeld*/
.toolbar {
background-color: rgb(0,141,88);
//background-image: url('Mein-Hintergrund-Bild.jpg');
/* background-color: #cccccc; */
}
/* Hintergrund Bild während Aktualisierung*/
.loading-screen {
background-color: rgb(0,141,88);
//background-image: url('Mein-Hintergrund-Bild.jpg');
}
/* Abmeldeseite Login Logo */
.is-hdpi .logon-logo-container{
background-image: url('Mein-Hintergrund-Bild.png');
background-size: scale;
}
.logon-logo-container{
background-image: url('Mein-Hintergrund-Bild.png');
//background-size: 100%;
}
/* Logo nach Anmeldung */
.logo-container {
background-image:url('Mein-Hintergrund-Bild.png');
background-size: 100%;
}
/* Farbe für Schrift Desktop/Username*/
.theme-header-color{
color:black;
}
/* Logo während Anmeldung */
.loading-logo {
background-image: url('Mein-Hintergrund-Bild.png');
background-repeat:no-repeat;
background-size: 100%;
}
/* Text unterm Login Butten */
.customAuthBottom {
font-size:12px;
color:black;
text-align:center;
}
/* Text über Login */
.customAuthTop {
font-size:16px;
font-weight:bold;
color:rgb(0,141,88);
text-align:center;
}
/* Text Farbe Benutzer */
.credentialform .plain {
color: black;
}
/* Text Benutzername Kennwort*/
.credentialform .plain{
color:rgb(0,141,88);
}
/* Text Farbe Nach Abmeldung */
.web-screen .main-text {
color: black;
}
/* Logo Receiver Info */
.citrixReceiverLogoAboutBox {
background-image: url('Mein-Hintergrund-Bild.png');
background-size: 100%;
}
/* Hintergrund Receiver Info */
.aboutBox, .about-view {
color:rgb(0,141,88);
// background-image: url(Mein-Hintergrund-Bild.jpg);
}
/* Button Farbe */
.button.default {
background-color: rgb(0,141,88);
color: #FFFFFF;
}
/* Meine ANPASSUNG */
/* WebSite Favicon */
$('link[rel="icon"]').attr('href','custom/Mein-favicon.ico');
/* Text unter Login Buton */
$('.customAuthBottom').html("<br/>Bei Fragen oder Problemen bei der Anmeldung wenden Sie sich bitte an die EDV Organisation<br/>Tel. 0123-456-789 EDV@kolbik.de");
/* Text Über Login */
$('.customAuthTop').html("Bitte melden Sie sich an<br /><br />");
/* Text Info Receiver Web*/
(function ($) {
$.localization.customStringBundle("de", {
ThirdPartyNotices: "Meine Firma",
ThirdPartyNoticesWeb: "Third Party Notices",
CitrixCopyright: "\u00a9 2017 kolbik.de",
AllRightsReserved: "Go to visit citrix.com",
YouHaveLoggedOff: "Sie haben sich erfolgreich abgemeldet.<br>Um sich mit einem anderen Benutzernamen anzumelden klicken Sie auf Anmelden.",
});
})(jQuery);
Mehrfaches starten von Anwendungen durch Doppelklick anpassen
custom.script.js -> unter "contrib" Ordner anpassen
$(document).ready(function() {
CTXS.Resources.multiClickTimeout = 10;
});
Links:
Multiple launch prevention Citrix Receiver for web
How to Apply Advance Customizations to StoreFront Web Page CTX215016