[THIN] web interface launch issue
- From: Angela <angela_smith9@xxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Fri, 20 Dec 2013 15:06:14 +1100
Hi
I have an interesting issue. Users connect to Citrix Web Interface (CWI) in
Australia and open Internet Explorer from Australian Citrix farm. User then
connects to another Citrix Web Interface in New Zealand (NZ) and tries to
launch a Published App from NZ Citrix farm.
Client - AU CWI - AU Internet Explorer - NZ CWI - NZ App
When user clicks on any App, nothing happens. If I change the Connection
Preferences in the AU CWI to "Client for Java" the App launches. The CWI in NZ
is configured as a Trusted site. What IE settings are required for ICA Web
client to work? Understand the configuration is not ideal as users are
connecting to 2 CWI's but they don't have the ability to go straight to NZ CWI,
connection must pass through Australian CWI. I have installed the latest ICA
Web client on the XenApp 4.5 server in Australia that hosts Internet Explorer
Any assistance appreciated
Ang
From: scanjam@xxxxxxxxxxx
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Netscaler Post Auth Session Policy Failure?
Date: Fri, 20 Dec 2013 10:14:17 +1000
yep.
Date: Thu, 19 Dec 2013 17:12:24 -0700
Subject: [THIN] Re: Netscaler Post Auth Session Policy Failure?
From: joe.shonk@xxxxxxxxx
To: thin@xxxxxxxxxxxxx
So basically any user on and internet connected device can type in user names
and passwords? So, a crafty person can launch a DOS attack and lock out
accounts?
Joe
On Thu, Dec 19, 2013 at 4:53 PM, James Scanlon <scanjam@xxxxxxxxxxx> wrote:
nope its configured as a session policy.i argued that its a bit silly as the
user has already authenticated, but the client was advised (at some point) by
citrix that pre auth is more difficult to troubleshoot when clients are logging
in (the fun error codes the netscaler spits out) and they have many multiple
people connecting from many different devices
so they were adament they wanted a scan / reg scan after the user name and
password....bah...
Date: Thu, 19 Dec 2013 16:37:46 -0700
Subject: [THIN] Re: Netscaler Post Auth Session Policy Failure?
From: joe.shonk@xxxxxxxxx
To: thin@xxxxxxxxxxxxx
Correct me if I'm wrong, but wouldn't that be a pre-auth policy?
Joe
On Thu, Dec 19, 2013 at 12:59 PM, James Scanlon <scanjam@xxxxxxxxxxx> wrote:
Greetings thin list legends!long time no email!
Quick one.I have a single Netscaler Access Gateway with one post auth session
policy which points them to storefront.
It runs an single EPA check for a registry key for the domain membership.If it
fails the registry check however its 'defaulting' to a the client choices page
and starts running an SSL VPN!?!
Ive checked all advanced settings and the global settings - and there is
literally nothing set to create this?Any idea how to set a policy so that 'If
your EPA scan fails' the system just denies access? or even another policy
which would direct them to a web server that doesnt exist or really ANYTHING
other than starting a FULL SSL VPN!! :)
I hope everyone is well and looking forward to the holidays!All the best for
xmas and the new year.
scanjam
Other related posts:
