[THIN] Re: Netscaler Post Auth Session Policy Failure?

  • From: James Scanlon <scanjam@xxxxxxxxxxx>
  • To: Thin <thin@xxxxxxxxxxxxx>
  • Date: Fri, 20 Dec 2013 09:53:08 +1000

nope its configured as a session policy.i argued that its a bit silly as the 
user has already authenticated, but the client was advised (at some point) by 
citrix that pre auth is more difficult to troubleshoot when clients are logging 
in (the fun error codes the netscaler spits out) and they have many multiple 
people connecting from many different devicesso they were adament they wanted a 
scan / reg scan after the user name and password....bah...

Date: Thu, 19 Dec 2013 16:37:46 -0700
Subject: [THIN] Re: Netscaler Post Auth Session Policy Failure?
From: joe.shonk@xxxxxxxxx
To: thin@xxxxxxxxxxxxx

Correct me if I'm wrong, but wouldn't that be  a pre-auth policy?

On Thu, Dec 19, 2013 at 12:59 PM, James Scanlon <scanjam@xxxxxxxxxxx> wrote:

Greetings thin list legends!long time no email!
Quick one.I have a single Netscaler Access Gateway with one post auth session 
policy which points them to storefront.
It runs an single EPA check for a registry key for the domain membership.If it 
fails the registry check however its 'defaulting' to a the client choices page 
and starts running an SSL VPN!?!

Ive checked all advanced settings and the global settings - and there is 
literally nothing set to create this?Any idea how to set a policy so that 'If 
your EPA scan fails' the system just denies access? or even another policy 
which would direct them to a web server that doesnt exist or really ANYTHING 
other than starting a FULL SSL VPN!! :)

I hope everyone is well and looking forward to the holidays!All the best for 
xmas and the new year.



Other related posts: