So you ever tweak something in IT, and it either caused something awesome, or more likely, something horrible happened? Here is a breakdown on those events.
- Good – Terraform your NetScaler deployment
So after working with a customer that started going down the NetScaler as code with Terraform route, I decided to jump in with creating a template to deploy a basic NetScaler configuration from code. This will allow for standards to be set in your deployments, and also will have the added benefit to making your NetScaler immutable. Zero day attack released? Deploy a new VPX, run your code, and be back where you were with a production setup.
I worked to use the same types of list functions throughout the entire project, so that once you learn one segment that format will be used elsewhere.
https://github.com/jeffriechers/NetScaler_Terraform_Template
- Good – Get past HSTS messages on Chromium for local sites
So Chromium browsers are upping the security, and blocking access to self-signed local sites due to HSTS. How do you get around this? Hit F12 and go to the console and enter the following.
sendCommand(SecurityInterstitialCommandId.CMD_PROCEED) - Bad – Chrome Captcha for large sites
So this has become a big annoyance for me. When I am working at large sites, or through a large utilized VPN Google has decided that that many requests from a single ip MUST be malicious, so every single new tab opened requires people to use their horrible Captcha with multiple challenges to move on.
At least give us the ability to allow – list our ip address. But it just seems to be a black hole of lockdown.
- Bad – Outlook 365 can change system time zone for non-authorized users
I have a deployment where they were setup with using the server time zone for all Citrix Sessions. 1 PVS server suddenly came up on the wrong coast. Digging through the event logs we found that Outlook changed the entire servers time zone from a user session. This is explicitly disabled via policies so that only admins and system could do this. We fired up our test environment, and used our regular test account and look at that, changing time zones in outlook calendar options changed the whole server.
To fix this we enabled client side time zone redirection in GPO for RDS and Citrix Studio Policies. Then when users logged in it picked up the client time zone, and changed the time zone inside of outlook calendar to the other coast, but only for that user session, not for the entire server.
Still digging through why Outlook would be able to override system restrictions to set the server time zone as the user.
- Good – Update Chromebooks outside of AUE
My Acer 14 Chromebook that I got for free from Acer and Chrome years ago entered into AUE. (Auto Update Expiration) This made me the sad, as it is a nice little laptop for carrying around for web surfing. I started going down the rabbit hole of third party firmware. I had used Brunch Framework on Intel laptops, but didn’t see anything specifically for the Acer 14. But then I looked closer at the Auto part of AUE. Could I manually update this? I saw that there was 114 versions for the Loki family brand on the supported site. So I loaded up the Chromebook Recovery Utility Extension on my regular windows machine, created a new media USB for it, installed and look at that fully updated. So you can’t auto update, but you can manually update. So keep using those Chromebooks, and keep them up to date.
- Bad – You can’t unbind Syslog policies from virtual servers via the Gui
Customer tried binding a syslog policy directly to a virtual server, but they selected the wrong server on their NetScaler. When they went to remove the policy from the virtual server we could see a policy was bound, but couldn’t see what policy, and couldn’t unbind it. To remove it we had to drop to the command line on the NetScaler and run “unbind lb vserver -policyname .
Found this on both 13.1 and 14.1 latest versions.
- Good – FSLogix disk type 3 usage
So when using Type 3 for your disk type the system expects the Read Write and the Read Only disks to be open at the same time. If you close the Read Write before the Read Only then consolidation doesn’t work correctly and you get an error message. Also if the Read Write version of the disk can’t acquire an exclusive lock, for any reason, then it thinks it is in use and creates the Read Only. If storage is having an issues creating that lock, you get Read Only.
- Mixed – Storefront autoreconnect
So using a Web Browser to access a Storefront site, disconnected published applications connect automatically. But disconnected Desktops don’t connect until you launch them. Workspace App does reconnect to Desktops correctly.
- Bad – UDP to TCP Audio reboot required
Enabling UDP Audio in Citrix Policies is a one way trip without a reboot. To roll back to TCP only audio requires reboots on systems. And if you need to channel audio into the session for WebEx or DMO, and have UDP ports blocked, user’s won’t be able to use their audio devices.