The Good, the Bad and the Ugly

  • Notes from the lab: Citrix ADC IP Reputation

    I’ve been playing around with the Citrix ADC IP Reputation feature – https://docs.citrix.com/en-us/citrix-adc/13/reputation/ip-reputation.html in the lab for some time and to be honest it’s such a small but very effective feature which I almost never see active, why is that? If you’ve gotten a premium licensed ADC appliance it’s a simple right click>enable and you…

  • Notes from the lab: VMware Horizon and Microsoft MFA NPS Extension

    In my own lab environment I have a mixture of EUC components and dual factor configured accordingly, but more and more I see that customers also just use the MFA solution of Microsoft to integrate it for their environments. Why not it’s included with your license right. So back to the techie part I’ve configured…

  • Notes from the field: The unexplained Outlook pop-up

    Quite recently I’ve had an interesting troubleshoot at a customer. The problem was at first that there was an issue in the newly build Exchange 2019 environment that Outlook clients would open up and ask for credentials in a domain joined environment, so the SSO part of WIA isn’t working and it “seemed” to work…

  • Notes from the field: Configuring AFAS Online with Azure

    I have a quick win for those who are also in the process of migrating an ADFS configured AFAS Online setup to Azure Active Directory. I’ve already had an support call with them and besides the point they don’t support any troubleshooting IDP setups they did their best which in turn got me to sharing…

  • Notes from the lab: Configuring vCenter 7 with ADFS

    With the release of vCenter 7 you can now integrate it with Microsof Active Directory Federation Services (ADFS) See the following blog article for an overview: https://blogs.vmware.com/vsphere/2020/03/vsphere-7-identity-federation.html See the following configuration articles for a setup overview: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-C5E998B2-1148-46DC-990E-A5DB71F93351.html https://kb.vmware.com/s/article/78029 With this information I’ve configured my lab environment to a working SAML based login with a few…

  • Notes from the lab: Migrating Windows vCenter to VCSA 7

    In my lab environment I was running Windows vCenter 6.7 and with the release of vCenter 7 a migration is needed because there is no Windows vCenter anymore. The following articles will give you enough information on how the process works especially the how-to from Vladan Seget: https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.upgrade.doc/GUID-9A117817-B78D-4BBE-A957-982C734F7C5F.html https://www.starwindsoftware.com/blog/how-to-migrate-vmware-vcenter-from-windows-to-vcsa-6-7-update-1 Basically the process is the same…

  • Notes from the lab: Citrix ADC Native Push OTP not working

    I’ve updated my lab environment with Citrix Gateway push OTP support and had some trouble in configuring the Citrix SSO app on my iPhone. For some reason it couldn’t setup the gateway connection and it wasn’t reachable. (Well that was my bad in checking all my devices but I’ll get to that) Before the push…

  • Notes from the field: Cannot access Citrix ADC or create HA set

    Quite recently I was at a customer where they had an SDX setup with single instances and needed to be upgraded and converted to an HA setup. Well easy does it I created the instances on the second SDX and started creating HA sets. Numerous went fine and then one started giving errors. Could not…

  • Notes from the field: Configuring SentinelOne SSO with VMware Workspace ONE Access

    SentinelOne’s configuration can be achieved after you have a valid account and support login. Afterwards its pretty easy to configure the SSO part. In the cloud console of SentinelOne go to Settings>>Integrations>>SSO Configure the following items for SSO usage: IDP Redirect URL: https://workspaceoneaccessurl:443/SAAS/API/1.0/GET/apps/launch/app/uniqueapplicationid IssuerID: https://workspaceoneaccessurl/SAAS/API/1.0/GET/metadata/idp.xml Configure the rest of the items at your own requirements…

  • Notes from the field: Configuring Autotask PSA with VMware Workspace ONE Access

    Autotask PSA SSO configuration can be found at the following url: https://ww13.autotask.net/help/Content/AdminSetup/1FeaturesSettings/ResourcesUsers/Security/SSSO_OIDC.htm For the configuration part of Workspace ONE Access SSO you can see the available API at this url: https://code.vmware.com/apis/57/idm#/ The problem is that Autotask PSA SSO doesn’t work/supports the setup of VMware Workspace ONE Access. I worked around this issue by having a…