Authentication vserver cannot be bound to a CS server if VPN server is already bound to it

The title is a bit of a mouth full!  Basically with NetScaler 11 onwards, Content Switching is now supported for both web applications and NetScaler Gateway.  This is great news which will allow people to conserve more services behind less IP addresses.

I wanted to test this out for myself, so I span up a NetScaler in my lab and started the configuration.  I wanted to enable AAA so that I could pre-authenticate requests into my web applications (Outlook Web Access in my lab).  The below picture shows an overview (check out the Citrix article it is linked from!)

http://support.citrix.com/article/CTX201949

Firstly I completed the NetScaler Gateway Wizard and ensured that I could authenticate and launch desktops from my XD7.11 lab.

Next I followed Dave Bretty's blog to Content Switch the NetScaler Gateway VS and a newly created VS for OWA.

Then I created an Authentication VS, then created a policy which say any requests to the AAA address would go to the authentication VS.  Lastly I went to bind the policy to my Content Switch VS.  I received the titled error message.


This left me scratching my head for a while.  The VPN server that is mentioned is the NetScaler Gateway VS.  Then it struck me, the NetScaler Gateway is completing pre-authentication, I should just be able to use this VS.

I went into the LB VS for OWA and under authentication I chose Form Based Authentication, Authentication FQDN needs to be the NS gateway address.  Lastly ensure that the NetScaler Gateway VS is the one that is being used for NS gateway.


After saving this, when trying to go to email URL (email.domain.com) the NetScaler should redirect this to the NS Gateway URL (xendesktop.domain.com).  After successfully authenticating, the NetScaler should redirect to the email URL (email.domain.com) and if you have IWA enabled on your exchange server, you should be presented with your inbox!

Sam

Comments

Post a Comment

Popular posts from this blog

Assigning Windows 10/11 Enterprise Subscription Activation Licences to Hybrid Azure AD Joined Devices

Autopilot Hybrid Azure AD Join with Customised First Login Status

Exchange Hybrid Mailbox Move - Corruption Due To Missing Security Principals (ACL issues) - TooManyBadItemsPermanentException