Tuesday, March 6, 2012

How to create public SSL certificate for NetScaler .

Creating public SSL certificate is 3 step process.

Step 1. Create RSA key:  a) Login to NetScaler webpage using 'nsroot' and navigate to SSL section. Highlight 'certificate' and select 'Create RSA key' under SSL keys.

image

                             b)  This will pop up a window asking for various information :

                                         Key Filename: Can be anything and if you doing for first time no need to select browse .

                                          Key Size : Can be anything in multiple of 1024 but most of the public site accept key size beyond 2048

                                          Public Exponent value: Leave it to default F4

                                         Key Format : Should be PEM unless you want DER format

                                         PEM Encoding Algorithm : DES.

                                          PEM/Verify Passphrase : Can be anything which should be remembered for future use.

                                       

                                     image

Step 2. Create SSL Certificate request : a)  Under SSL certificate page ,select  'Create Certificate Request' and this will popup other page

image

                                              b) This will pop up a window asking for various information :

                                                     Request File Name : Can be anything and don't select 'Browse ' or 'View'

                                                     Key File Name: Will be from Step 1 (b) .

                                                      Key Format : Should be same as step 1 (b)

                                                       PEM Passphrase : Should be same as step 1 (b)

                                                      Supply rest of the info  under "Distinguished Name fields"  as required.

                                                     Noting is required for "Attribute Fields "

                                                      image

                                                      c)  Click Create to create the certificate request file.

                                                      d) Click Close to close the Create Certificate Request window.

                                                     e)  Use a program such as WinSCP (http://winscp.net) to copy the CSR to the Local

                                                          computer.    The CSR file is located in the /nsconfig/ssl directory. This file need to send to

                                                        certificate authority like Verizon /Entrust/or Star .

File received from one of the certificate authority as shown below . Select download all the certificate.

image

 

Step 3.  Navigate through certificate tab and select add . This will pop up the box asking for information like

Certificate-Key Pair name: Provide friendly name

Certificate File name : Which you have received from CA provider . This can be PEM format . You can browse and select upload from local

Private Key File name :  This would be from appliance as you have created in Step 1(b) .

Password : Same as step 1 (b) /2(b)

Certificate Format : PEM

You can choose to notify when this certificate is expired .

image

That's all you have to for creating and installing SSL public certificate. In next blog I will discuss about linking with Virtual servers.

SOURCE 1 and 2

Posted by Vikash Kumar Roy at 1:50 AM 1 comments
Labels:

Friday, March 2, 2012

XenServer management not shown under xsconsole

By mistake if you have made changes to management IP address of XenServer while it was in pool , you will land up in weird situation where xsconsole will not show any nic to be configured for management interface as shown below

image

and this

image

Where as ifconfig will list all the NIC listed out

image

Restarting xe-toolstack-restart does not help either and running xe network-list will give message "The host toolstack is still initializing . Please wait "

image

Infcact running any xe command will throw weird error like "htto_client. Http_request_rejected"

image

First  check the out of   xe host-is-in-emergency-mode. If the output is "True" then that is the whole reason of problem. Change this from "True " to "False" by running  "xe pool-emergency-transition-to-master".

Rerun " xe host-is-in-emergency-mode" and make sure out is "False". Restart xe-toolstack-restart and wallah you will see all the NIC is back

image

To me it looks like if you make any changes inside the pool , this my result in .

Following link did provided help.

Posted by Vikash Kumar Roy at 3:24 PM 4 comments
Labels:

Thursday, March 1, 2012

Error "New partition table could be written" while installing XenServer 6.0

I was trying to install XenServer on 1TB disk with RAID configure and it was throwing below error message on Dell Rack mounted server.

image

This can be solved by two way by disabling GPT  :

1. Boot from the XenServers 6.0.0 install CDROM.
2. At the Xen 6.0.0 install prompt type menu.c32 and press enter.
3. When you get the new menu screen press TAB
4. add disable-gpt just before the last --- then press enter.  The system will go through part of the pre-install boot process.           5. At the bash prompt type "exit".

Installation will continue without any issue

OR

1. Type "shell"  at the boot menu

image

2. Edit the file constants.py under installer location using VI editor image

3. Edit the file and change the value highlighted from True to False and 4096  to 20480 and then exit

image

4. After existing the vim and boot menu , installation will continue .

image

Source : 1 and 2

Posted by Vikash Kumar Roy at 10:50 PM 6 comments
Labels:

Integration of Headset (Jabra 1900 USB) with XenDesktop 5.5

USB Headset like Jabra 1900 is quite popularly used by most of the call center because of  its lower cost and limited feature which is required by call center agent. The challenge with such headset is to map some of the feature of headset to the virtual desktop like mute and unmute button as shown below.
image 
The challenge start when it does not work as expected. We need to find out way to troubleshoot it. These button is heavily used by the callcenter agent while talking to the end customer over the soft phone. This is how volume is controlled




First step to trouble shoot is to use sound recorder . This sound recorder allow you to record and play back at the sametime. If mute and unmute works then you are good or else it will never work with softphone.

image
These button are mapped  via XenDesktop HDX policy via USB device redirection.
image
Once the Virtual Desktop is launch , USB can be mapped  it using desktop viewer as shown below
image
While using windows receiver , we need to make sure following setting is done under preference.
image 
Other way also is to use HDX monitor which can be downloaded from here. HDX monitor help to troubleshoot various issue related to ICA setting. This monitor clearly show what USB is mapped
image
Posted by Vikash Kumar Roy at 12:46 AM 0 comments
Labels:

Thursday, February 16, 2012

Integrating IBM Tivoli Access Manager for Enterprise Single Sign-On 8.0 on XenDesktop 5.5

IBM TAM-ESSO use its own GINA called engine.dll. When a new user logs on from the AccessAgent GINA, the private desktop first verifies that the user is a valid user, and then creates a Windows desktop for that user. It then loads the user's Windows profile, and creates the user's shell (starting Windows Explorer, and so on) for the user to interact with the desktop. When we install XD 5.5 VDA , it has its own GINA picagina.dll which works along with Microsoft GINA which is MSGINA. It is very important to understand how this authentication will take place as you want WI to perform AD based authentication for the VDA.

In order to integrate we should follow the order of installation of SSO and VDA. First AM-SSO is installed on Virtual Desktop.

To install use executable and it will walk you through installation wizard

  1. Double click and run the wizard

image

2.  This TAM E-SSO agent create a folder called Encentuate which was acquired by IBM.

image 

3. This is will ask for TAM SSO server

image

4.  Configuration of TAM SSO server will prompt to reboot.

image

5. After reboot  following screen will come which says GINA is modified . Login to windows logon

image

6. Check the following registry location and note down the change in GINA location . This Gina is from AM-ESSO which is "engine.dll"

image

7.  Now install the VDA 5.5 and reboot the machine check the same winlogon key  and verify the GINA. Now there is two GINA . One GINA modified by VDA and other had been added by Microsoft.

image

8. In order to work with SSO the sequence of GINA should be in the following order PICAGINA >> TAM-ESSO GINA >> MSGINA. Reboot this machine into safe mode and point both the registry key to following location.

image

9. After that VD is boot and assigned to the desktop group which I am not going to show here. Once the desktop launch it will be prompt for the AM-ESSO user name and password.

image

10. Once it is authenticated it will pass Active directory authentication . First time it will prompt to save the password

image

If you try to install the VDA first and SSO second then this is what the error message will come

image

Thanks to my friend Sandip for providing  CTX119665

Also Red book from IBM helped to give fair idea about AM-SSO GINA

Posted by Vikash Kumar Roy at 11:59 PM 0 comments
Labels:
Subscribe to: Comments (Atom)