Mike Streetz
@o-p.bsky.social
📤 61
📥 333
📝 94
EUC Leader, Citrix Solutions Engineer, Home Automation Apologist, Coffee Guy
If you want to speak to a human and whatever dumb voice bot you’re calling won’t let you without making you answer a million questions just call it back and when it asks what you want tell it you are “returning a call”. A lot of AVR will put you directly through to a human after that.
4 months ago
0
0
0
reposted by
Mike Streetz
Marc-André Moreau
4 months ago
It's here - a first release of RdpCredProv, a Windows credential provider with autologon capabilities better than the original! 🚀 Yes, it works even with the Hyper-V enhanced session mode! Grab a copy from
github.com/Devolutions/...
and then follow the instructions from the readme 👇
add a skeleton here at some point
0
8
5
Citrix FAS Pro Tip: If you're getting "Incorrect Username or Password" and turn on CAPI2 logs and they complain about not being able to do a revocation check but don't give you a failing URL it's because there's no CRL locations in your cert. You need those. Have fun reissuing certs.
4 months ago
0
0
0
Hi Pacific Northwest EUC friends!
@robryan.com
and I would love you to join us on July 9 for pizza and lively discussion on all things End User Computing. Jack Smith from liquidware will be hosting us at Cascadia Pizza in Bellvue. Space is limited and filling up fast.
worldofeuc.org/event-6193347
loading . . .
World of EUC - Seattle WEUC Meet-up
https://worldofeuc.org/event-6193347
5 months ago
0
2
0
I made a thing! Co-Pilot in Visual Studio helped. Snuefy - A Home Assistant Automation for snoozing multiple Eufy Camera Motion Alerts using the Eufy Security Integration. It's my first real github thingy with something resembling code.
github.com/MikeStreetz/...
loading . . .
GitHub - MikeStreetz/Snuefy: Snooze Multiple Eufy Camera Motion Alerts At Once In Home Assistant with the Eufy Security Integation
Snooze Multiple Eufy Camera Motion Alerts At Once In Home Assistant with the Eufy Security Integation - MikeStreetz/Snuefy
https://github.com/MikeStreetz/Snuefy
6 months ago
0
3
0
reposted by
Mike Streetz
Julian Jakob
6 months ago
🆕 Updated Blogpost about Citrix
#DaaS
Conditional Authentication to use Network Locations as location-based Auth-filter. A great way to be able to offboard some Adaptive Authentication deployments.
www.julianjakob.com/citrix-daas-...
loading . . .
Citrix DaaS - Conditional Authentication
Post about the Conditional Authentication feature of Citrix DaaS, where you're able to pre-filter different authentication Methods in one URL
https://www.julianjakob.com/citrix-daas-conditional-authentication/
0
3
1
do I bother importing old tweets or do I just start again? There were some good technical threads on there...
8 months ago
2
1
0
If copying services from a live
#netscaler
config to test backend communication on a new instance prior to a migration be sure to watch for add service ADNS. It will create the IP address locally and you’ll get an IP address conflict and cause an outage. Ask me how I know…
about 1 year ago
0
0
0
Installing the SCVMM Console to make Citrix DaaS Cloud Connectors talk to Hyper-V is such a monumentally painful thing to have to do. There's no SCVMM console executable, you have to use the 1GB setup.exe of SCVMM itself just to select the 100MB Console option...
about 1 year ago
1
0
0
if you've left it to the last possible second to move off of
#netscaler
13.0 you might hit a bug where the latest versions won't import SSL certs as PFX. Install them as PEM files with a key instead.
https://t.co/VKfc7e05Hf
about 1 year ago
1
0
0
#Citrix
FAS Sites and Services strikes again! If you haven't defined your VDI subnets, you'll hit a random Domain Controller for log in. If not all of your DCs can talk to the Certificate Revocation List you use in FAS Cert templates, then your login will fail.
over 1 year ago
0
0
0
Following on from my session on session hijacking and cookie theft, tune in to see the latest protections on NetScaler Gateway against this:
https://community.citrix.com/events/event/75-netscaler-live-demo-session-hijack-protection-for-netscaler-gatewayaaa-deployments/
over 1 year ago
0
0
0
Have you ever changed a NetScaler Gateway theme and then wondered why nothing seems to be applying? shell nsapimgr_wr.sh -ys call=ns_ic_flush is a magic
#netscaler
script that flushes the integrated cache even if the feature is not enabled. Doing this will usually fix it.
over 1 year ago
1
0
0
When troubleshooting FAS trying to log events all the way from NetScaler, to Entra, to Storefront, to FAS, to Certificate servers to the VDA is such a monumental pain in the ass. There has to be a better way to do this...
over 1 year ago
1
0
0
Going to have to try this out and see how/if the cookie protection works on the gateway now.
https://x.com/cstalhood/status/1778382567143588288
over 1 year ago
0
0
0
I’ll be talking about netscaler authentication cookies and how “logging out” might not be doing what you think it is.
https://x.com/xenappblog/status/1772629418122317982
over 1 year ago
0
0
0
Not new but I have to dig this up every time I set up a new computer. NetScaler Notepad++ Language File 2.0 for Syntax Highlighting
https://www.vsqloud.de/2023/04/19/netscaler-notepad-language-file-2-0-for-syntax-highlighting/
over 1 year ago
0
0
0
Finally saw my first stolen
#netscaler
authentication cookie in the wild. Attacker got in immediately after a legitimate session did MFA. There’s no inbuilt protections against it. You can’t really use WAF because of the process order of the packet engine.
almost 2 years ago
1
0
0
I'd love to be able to use the metadata URL for SAML setup on netscaler with Entra but the number of times it picks the wrong cert from the ones presented is way too high. Anyone know what's going on there? Manually uploading the cert works 100% of the time.
almost 2 years ago
0
0
0
I've seen this a couple of time and the error isn't super helpful, but if you see FailedPasswordComplexity errors in storefront after connecting via the gateway it's because you're not sending through a password. I see it most often with SAML or RADIUS MFA
almost 2 years ago
0
0
0
My Amazon Echo Show recently stopped showing artwork while playing music which caused my toddler to have a huge meltdown. This was weeks ago and I've only just now figured out what caused it. Let me take you on a wild ride. THREAD
about 2 years ago
1
0
0
#CVE20233519
working POC via @rapid7
https://attackerkb.com/topics/si09VNJhHh/cve-2023-3519/rapid7-analysis
Execute arbitrary code on the stack without crashing nsppe! There's some cool tricks in here, check it out. Won't be long now before this is on metasploit.
about 2 years ago
1
0
0
How to wipe an
#SDX
plug in the drive to another machine, fire up fdisk and mark the 1st partition as active. When it boots, it'll automatically wipe everything and go back to defaults. Thanks to (Ex)CTXMike from World of EUC for saving me from the console cable
about 2 years ago
0
0
0
Part 2 of the Assetnote netscaler CVE analysis for
#CVE20233519
is out, the URL that accepts the input is /gwtest/formssso. I can't imagine it's going to be long before we see a public exploit available.
https://blog.assetnote.io/2023/07/24/citrix-rce-part-2-cve-2023-3519/
about 2 years ago
0
0
0
another
#CVE20233519
analysis that found an overflow that doesn't require SAML at all.
https://bishopfox.com/blog/citrix-adc-gateway-rce-cve-2023-3519
via @_POPPELGAARD
about 2 years ago
0
0
0
2 analysis of
#CVE20233519
point to a buffer overflow in the Canonicalization Methods of a SAML Assertion.
https://blog.assetnote.io/2023/07/21/citrix-CVE-2023-3519-analysis/
and
https://attackerkb.com/topics/si09VNJhHh/cve-2023-3519
So many questions still...
about 2 years ago
0
0
0
pro tip: If you keep getting Event ID 10 from FAS after enabling SAML on your Citrix Gateway, don't forget to add the callback URL to your gateway in Storefront. It's a requirement for SAML
about 2 years ago
1
0
0
anyone @citrix know what the citrixlocalusersgroup is? It's different from the Direct Access Group but seems to do the same thing in regards to allowing access to the desktop.
https://discussions.citrix.com/topic/405037-citrixlocalusergroup/
about 2 years ago
1
0
0
This Citrix Cloud "Critical" notification is only critical if you sign your authentication requests. Using Azure Ad? Picked no? (per MS doc), you don't need to do anything. Picked yes (per citrix doc) you need to disconnect/reconnect the app from what I can tell.
over 2 years ago
0
0
0
wohoo! 10k users per share if doing profile container, 5k if doing profile and office containers.
https://x.com/JimMoyle/status/1664233725205381120
over 2 years ago
0
0
0
Bye bye
#FSlogix
, we had a good run.
https://x.com/cstalhood/status/1637931048536535040
over 2 years ago
0
0
0
If you've been having issues with Citrix Cloud access in the last few weeks and you run a pihole or an ad blocker, make sure to whitelist
https://js-agent.newrelic.com/
.
over 2 years ago
0
0
0
Citrix build number to release number tables. Because I always have to look this up and like text files more than html. Feel free to fix any errors that you find.
https://github.com/MikeStreetz/CitrixVersions
over 2 years ago
0
0
0
This Prime Day, before you think about giving your VDI users a Win10 Desktop with 2 cores and 4GB of RAM, go out and buy the cheapest Win10 Pro 4GB laptop you can find. Use it exclusively for a week. If you’re happy with it then by all means, go ahead and deploy it for everyone.
about 3 years ago
0
0
0
If you want to delete locally cached profiles with Win10 MU at logoff, DO NOT ENABLE the ability to save settings to the cloud in Outlook. It doesn't work in Multi User. You get a lock on AppData\Local\Microsoft\WINMSIPC\Logs
https://t.co/T5fFJQQDrO
over 3 years ago
0
0
0
For anyone who missed my Top 10 Citrix Optimizations Revisited talk, it’s now available on YouTube. I know people want the slide deck but please watch the replay instead, the slides on their own are not much use.
https://youtu.be/wDDs_bw3FCg
over 3 years ago
0
0
0
so @RayDavis83 just reminded me of another
#FSLogix
tip, "Set Outlook cached mode on successful container attach". This only works if you set the following registry value. HKLM\SOFTWARE\Policies\Microsoft\Office\16.0\Outlook\OST Value noost Type REG_DWORD Enabled Value 2
over 3 years ago
1
0
0
Dropping some FSLogix truth bombs at
#EUCMastersRetreat
Azure Files has a 2000 handle limit which means a max of 1000 concurrent logons if you want to live dangerously. Scale out, not up. You need more handles for more users, not more iops.
over 3 years ago
2
0
0
I’m at a conference and so far my peephole camera protype is working pretty well. Captures anyone who walks past my room, and sends an alert to my phone. Runs off a glinet shadow travel router connecting to the hotel wifi and then providing its own wifi from that. @Viss
over 3 years ago
0
0
0
EUC vendors really need to work on their documentation, you can't expect @cstalhood to do all of it for you for free... Looking at you @VMware, the documentation on how to input the SSL thumbprint for load balanced UAG is poor. FYI its thumbprint1,thumbprint2
over 3 years ago
0
0
0
Back to FSLogix for a second, because this setting bugs the hell out of me. ConcurrentUserSessions. It is NOT a requirement to set this to 1 in RDSH/Citrix environments. This setting doesn't even exist in the latest versions.
https://t.co/n8QujGHspk
https://t.co/Uq57wsP4bJ
almost 4 years ago
0
0
0
My top tips for
#FSLogix
implementations with
#CVAD
. VHDX (better resizing) ReFS (faster resizing) Dedupe Machine accounts (avoids user password lockouts from locking up the profile disk) Shrink Script from @JimMoyle run as a scheduled task (
https://github.com/FSLogix/Invoke-FslShrinkDisk
)
over 4 years ago
0
0
0
Fun fact. You can eat exactly 4 Ferrero Rocher before anyone will notice/ask you why you are at their Christmas party.
almost 5 years ago
0
0
0
because I'm always having to look this up, this is how to get which VM snapshot a Citrix MCS machine catalog is on through powershell. Get-ProvScheme -adminaddress DDC-machine-name | select ProvisioningSchemeName, masterimagevm
over 5 years ago
0
0
0
My
#CitrixSynergy
talk on log forwarding got accepted! Look out for SYN144: You miss 100% of the events you don’t log. You can’t act on what you can’t see. Persistent logging in non persistent VDI. Covers windows event log forwarding and Syslog with ADM (formerly MAS)
over 5 years ago
0
0
0
you reached the end!!
feeds!
log in