Showing posts from October, 2016

Authentication vserver cannot be bound to a CS server if VPN server is already bound to it

The title is a bit of a mouth full!  Basically with NetScaler 11 onwards, Content Switching is now supported for both web applications and NetScaler Gateway.  This is great news which will allow people to conserve more services behind less IP addresses. I wanted to test this out for myself, so I span up a NetScaler in my lab and started the configuration.  I wanted to enable AAA so that I could pre-authenticate requests into my web applications (Outlook Web Access in my lab).  The below picture shows an overview (check out the Citrix article it is linked from!) Firstly I completed the NetScaler Gateway Wizard and ensured that I could authenticate and launch desktops from my XD7.11 lab. Next I followed Dave Bretty's blog to Content Switch the NetScaler Gateway VS and a newly created VS for OWA. Then I created an Authentication VS, then created a policy which say any requests to the AAA address would go to the authentication

Using PowerShell to update Visio diagrams

Being in IT or architecture generally means using Visio, FACT! I have been completing lots of work in Visio recently as part of document migration into a Enterprise Architecture tool called iServer.  This required me to dust off my knowledge of VBA and creating lots of macros.  I am not a massive fan of macros, they seem really archaic. In the more recently iterations of these scripts, I realised that I could use PowerShell to complete the same tasks.  PowerShell is something I am far more comfortable with and because it sits outside of the application itself, there is more opportunity to run scripts against a larger set of files. Rather than bore you with some of the scripts I created for my business process diagrams, the below example is a script which you can use to update IT related documents. Below I have a rack diagram I created in Visio.  It has four servers and one router with their names added to ShapeData and a Data Graphic which shows this as a bubble. Before

Using a Password Manager

Using a password manager has been something I have toyed with for a number of years.  The more and more that services are being hacked and data is being exposed, my normal approach of just tiering passwords per application importance just wasn't cutting it anymore. You only have to follow haveibeenpwnd on twitter to see how many data breaches have been loaded into the service run by Computer Security legend Troy Hunt. So I decided to give it a go. User Experience Now my biggest concern of using a password manager was the user experience, especially when using it on a machine that I cannot load extensions on e.g. My work XenApp server. I had a quick look through the options and initially tried 1Password as it had a 6 month free trial.  I quickly dismissed this as an option for a couple of reasons. 1.  The login process on the webpage was a bit too complicated then it needed to be.  When going to the web interface, you had to enter my in the below text box and press con

Secure your phone against 2FA skimming

Google recently introduced a new faster method of 2 step verification.  Instead of using Google Authenticator or SMS as a mechanism to enter a verification code, they simply send a push notification to your mobile device. It is simple and if you don't use it, you should turn it on ! But today, for some reason, the push notification didn't arrive.  So I asked Google to try a different method. I chose SMS and a moment later I was sent a text method with a code (partially blanked out below) MFA code is visible when locked Now you can see that my phone is locked, but the whole code is visible.  This got me very paranoid, imagine being away from your phone for 5 minutes and someone guessing your password and then using this to bypass two factor authentication?  Or thinking about it, my bank uses one time passcodes (OTP) before transferring large amounts of cash....scary! No thanks Thankfully, Android has a mechanism to make this more secure.  If you go to Sound &

Gathering MX Records for Office 365 Domains

I have come across the need for a simple output of MX records for each domain in an Office 365. An Office 365 tenant can contain multiple domains in a verified or unverified state. This script simply outputs the MX records for each domain that has been verified into a CSV file named after the tenant ID.  The CSV file is output to the %temp% by default. You will need to run the script inside a PowerShell session connected to Office 365. #This script collects the MX records for all domains which have been verified in an O365 tenant. #Run the script from within an O365 PowerShell session. #Author: Ben Owens #Date: 03/10/2016 $temp = $env:temp $TenantID = Get-MSOLDomain | Where { $_ .IsInitial -eq "TRUE" } | Select Name -ExpandProperty Name $Domains = Get-MSOLDomain | Where { $_ .Status -eq "Verified" } | Select Name $MXRecords = ForEach ( $Domain in $Domains ) { Resolve-DnsName -Name $Domain .Name -Type MX | Where { $_ .QueryType -eq "