Friday, September 16, 2016

A specified logon session does not exist. It may already have been terminated

I have a NetGear wireless router with a neat feature called ReadyShare.  NetGear ReadyShare let's me connect a USB drive to my router and create a network share.  It's been working great but I recently reloaded my Windows 10 desktop and started getting the following error.

"\\readyshare is not accessible.  You might not have permission to use this network resource.  Contact the administrator of this server to find out if you have access permissions.  A specified logon session does not exist.  It may already have been terminated."

I suspect a security settings was causing an error so I checked the Windows firewall and found my desktop's Wi-Fi connection had the public "profile" applied (Windows Key + S then search for "windows firewall")...

I prefer for this to be set to private for my home network so I went into settings (Windows Key + I), clicked Network & Internet, clicked Wi-Fi, clicked my Wi-Fi connection, and enabled "Make this PC discoverable".

My "ReadyShare" is now accessible after the profile change!

Thursday, September 15, 2016

Parsing NetScaler 'show icaconnections' with Powershell and NetCmdlets

There's probably a gigabillion ways to do this - Nitro, syslogs, etc; but if you're using NetCmdlets with Powershell you can easily parse through your ICA connections...

Now we have the ICA connections in $sessions; we can do some simple analysis with Powershell.

Here are some ideas...

Is there a server with a high number of ICA connections?
 #Number of ICA connections per destination IP  
 $sessions.Traffic | group-object -Property destip | sort-object count  
Do you have any users with a high number of ICA connections?
 #Source IPs with multiple ICA sessions  
 $sessions | Group-Object -Property UserName | ?{$_.count -gt 1} | Sort-Object Count  
This one is helpful if you want to know the ports being used by the ICA connections.
 #Sessions by destination port - 2598 and/or 1494  
 $sessions.traffic | Group-Object -Property DestPort  
Maybe you're expecting sessions to be using session reliability?
 #sessions not running session reliability  
 $sessions.traffic | ?{-not $_.DestPort -eq 2598}  

Citrix Publishes Supported Architectures Between NetScaler and XenMobile Server

Citrix published a new article detailing the supported architectures between NetScaler and XenMobile server on Aug. 16th 2016.  The article can be found here: CTX215980

Basically, if you're running an SSL offload with end to end encryption (re-encrypting) for MDM using port 8443 ...

 client <-8443-> NetScaler <-8443-> XenMobile  

... then this is not supported by Citrix.

The supported architecture is to use an SSL bridge or SSL offload (without encryption - Boooo!) for MDM.

NetScaler SSO Behavior with Split Tunnel Reverse/On

If you're using NetScaler be aware enabling split tunnel or reverse split tunnel for your users will change how SSO is handled with web applications.

It turns out that the NetScaler does consider split tunnel settings when deciding to do SSO.
  • If SplitTunnel is OFF, SSO is done only for Private IP addresses
  • If SplitTunnel is ON/REVERSE, SSO is done for all IP addresses

LACP channel fails between NetScaler and Cisco switch

I recently ran into an issue setting up LACP.  No matter what I did, I couldn't get the channel to come up.  I reviewed several Citrix articles for setting up LACP as I was convinced I had a setting wrong somewhere.  That's when I came across this little tidbit from CTX109843...
In some versions of the Cicso IOS, running the switchport trunk native vlan <VLAN_ID> command causes the Cisco switch to tag LACP PDUs. This causes the LACP channel between the Cisco switch and NetScaler appliance to fail. However, this issue does not apply to static link aggregation channels, as described in the preceding procedure.
I asked the network team to drop the native VLAN from their config and voila!  Channel came up.

Friday, September 9, 2016

Get a list of ShareFile employees using the ShareFile Powershell snapin

The ShareFile Powershell snap-in is great!  Here's a script I wrote using the snap-in to get a list of all ShareFile employees with a little extra login information. I take the output of this script and write it to a SQL database for reporting.  Enjoy!