Advertisements

Provide Citrix Receiver download link on NetScaler Gateway authentication page based on Client OS

While working on a new StoreFront/NetScaler Gateway implementation, I was asked to provide a Citrix Receiver link on the NetScaler Gateway authentication page, although I thought this was a pretty simple task, I figure we would make this fancier and detect the Client OS then provide the proper Citrix Receiver the company wanted to deploy.

Before you get started, I suggest reading the articles below.  These guides will give you a great understanding on the steps necessary to modify the NetScaler Gateway logon page.

Remember that the changes will be lost if the NetScaler reboots, so please make sure to follow the steps below after you are done.

Apply customization:

Putty in to NS

  • shell
  • mkdir /var/ns_gui_custom
  • cd /netscaler
  • tar -cvzf /var/ns_gui_custom/customtheme.tar.gz ns_gui/*

Now apply the package to your AGEE sites

  • In the configuration utility, under the Configuration tab, expand “NetScaler Gateway” and then click “Global Settings“.
  • In the details pane, under Settings, click Change global settings.
  • In Global NetScaler Gateway Settings, click the Client Experience tab.
  • Next to UI theme, click Custom and then click OK.
  • Save NS config and done!

Read these before getting started:

Environment:

  • Citrix NetsScaler 10.5 Safe Harbor Build 56.22.nc
  • StoreFront 2.6

Lets get started 🙂

Goals:

  • Create Receiver Download link based on OS (Windows, Mac, iOS and Linux)
  • Create Support Contact information
  • Create footer information

The final look (had to blur company info, logos and links)

final_page

Back up the index.html file under /var/netscaler/gui/vpn.  In this case this deployment is already set up with the StoreFront 3.0 look and feel, so I just need to mess with the index.html

Around line 15.  Lets add some CSS so we can then use to display the text.  Your code should look like this

<style type=”text/css”>
body
{
display : none;
visibility: hidden;
}

#auth-footer-disclaimer-wrapper {
width: 100%;
position: absolute;
bottom: 10px;
text-align: center;
}

#auth-footer-disclaimer {
color: white;
width: 80%;
margin: 0px auto;
font-family: tahoma, helvetica, arial;
font-size: 7pt;
}

#auth-footer-help-info {
color: white;
width: 80%;
margin: 0px auto;
font-family: tahoma, helvetica, arial;
font-size: 10pt;
}
#auth-footer-qrc-links {
color: white;
position: relative;
text-align: center;
font-family: source sans pro, segoe ui, arial;
font-size: 10pt;
padding: 10px;
}

#auth-footer-qrc-links a, a:link, a:visited {
color: white;
text-decoration: underline;
}

#auth-footer-qrc-links a:hover {
color: white;
text-decoration: underline;
}

</style>

Now lets create that java script for browser detection script to detect the presentation of ICA client download links

Inset this around line 87 after

function setFocus(obj)
{
if (obj != null) {
obj.focus();
}
}

You will need to insert the javascript here.  However WordPress is not allowing me to display it 😦

Take a look at the index.html file link

Now around line 236, look for

div id=”logonbelt-bottomshadow”

Then inset the code to call the CSS you used as well as the link and text you defined before

<!– Display Citrix Receiver link // –>
<div id=”auth-footer-qrc-links”>

document.write(dlLink);

Here is the entire Index.html file

Disclaimer:

I do not accept any responsibility or liability for the accuracy, content, completeness, legality, or reliability of the information contained on this website.

 

 

Advertisements

NetScaler Gateway front page à la StoreFront 3.0

Below are the steps on how to brand the NetScaler Gateway front page to look similar to the new release of StoreFront 3.0.

If you are enabling the VPN (AKA Client Choices), then I also suggest you read my Citrix NetScaler Gateway Client Choices branding post.  And finaly take a peek at my previous post on Customizing Citrix NetScaler Gateway 10.5 logon page with Dual Factor Authentication,

Please note I tested this on several 10.1 Firmware Releases as well as the 10.5 Safe Harbor Build 56.22.nc release.

Environment 

  • Citrix NetsScaler 10.5 Safe Harbor Build 56.22.nc
  • StoreFront 2.6

Lets take a look at the Default Logon Page to be utilized with Citrix Web Interface 5.x (not 5.4) to match the carbon-black look and feel

ns_gateway_default

Ok now lets make this Green Bubble, once you apply the changes, you will notice the files will change under /var/netscaler/gui/vpn

Head over to your NS management IP:

Go under NetScaler > NetScaler Gateway > Global Settings and click on “Change Global settings”
Now click on the “Client Experience” Tab and change the “UI Theme” from “Default” to “Green Bubble”

This will update the authentication page to the horrendous looking Bubble Green theme

ns_gateway_green

Now lets have some fun 😛

Backup the entire  /var/netscaler/gui/vpn directory

Since I am using second factor authentication for this roll out, we need to modify the login.js file in order to customize the password fields

ns_password

 

Around line 89 you will see the showpwd function, this will need to be manipulated so it does not displays the word “Password: 1” but rather something as simple as “Password:” or whatever you like.  Your code should look this this.

function ns_showpwd_greenbubble()
{
var pwc = ns_getcookie(“pwcount”);
document.write(‘<div class=”field CredentialTypepassword”><div class=”left”><label class=”label plain”><SPAN>’ + _(“Password”));

// Original password settings with Password: 1
// if ( pwc == 2 ) { document.write(‘&nbsp;1’); }
// Removes password value 1 when using dual factor

if ( pwc == 2 ) { document.write(‘&nbsp;’); }
document.write(‘:</SPAN></label></div>’);
document.write(‘<div class=”right”><input class=”prePopulatedCredential” autocomplete=”off” spellcheck=”false” type=”Password” title=”‘ + _(“Enter password”) + ‘” name=”passwd” size=”30″ maxlength=”127″></div></div>’);
if ( pwc == 2 ) {
document.write(‘<div class=”field CredentialTypepassword”><div class=”left”><label class=”label plain”><SPAN>’ + _(“Password2″) + ‘</SPAN></label></div><div class=”right”><input class=”prePopulatedCredential” autocomplete=”off” spellcheck=”false” type=”Password” title=”‘ + _(“Enter password”) + ‘” name=”passwd1″ size=”30″ maxlength=”127″></div></div>’);
}
UnsetCookie(“pwcount”);
}

Now lets modify the “Password 2:” entry by heading over to the “en.xml” under the “resources” folder

Around line 83 change the “Password2″ String to something like “RSA Code”

<String id=”Password2″>RSA Code:</String>

Ok that takes care of the Password fields 🙂

ns_password2

 

Now lets modify some CSS.  Head over to “ctxs.authentication.css” in the “css” folder

Lets add that funky shadow border StoreFront 2.6 has, which by default it is missing

ns_no_shadow_border

 

Around line look for “#logonbelt-topshadow” and “#logonbelt-bottomshadow” and lets add the shadow pics StoreFront uses.

Your code should look like this when you are done, make sure you copy those files from the StoreFront servers under the media directory on your StoreFront site (Ex: c:\inetpub\wwwroot\Citrix\NetScalerGatewayWeb\media\) copy both Screen_shadow_top.png and Screen_shadow_bottom.png to the “media”folder on your NS.

#logonbelt-topshadow {
background: url(“../media/Screen_shadow_top.png”) no-repeat transparent;
position: relative;
top: 205px;
margin: 0 auto;
width: 1009px;
height: 15px;
}

#logonbelt-bottomshadow {
background: url(“../media/Screen_shadow_bottom.png”) no-repeat transparent;
position: relative;
bottom: 0;
margin: 205px auto 0;
width: 1009px;
height: 15px;
}

Now lets change that darn green vertical bar, which is actually a pic that Citrix calls in their code.

ns_greenbar

Look for “#logonbox-container”, you will need to crank up that Photoshop or whatever image utility you use, and paint it the color you like, then point to the new file.  As you can tell Citrix is using a file called “VerticalGreenBarOnly.png” under the media folder.  Make changes and upload the new pic file and make a call to it in the CSS.  Your code should look like this.

#logonbox-container
{
/* background: url(“../media/VerticalGreenBarOnly.png”) repeat-y scroll 0 0 transparent; */
background: url(“../media/VerticalPurpleBarOnly.png“) repeat-y scroll 0 0 transparent; */
min-height: 230px;
margin: auto;
min-width: 654px;
position: relative;
top: 205px;
}

Now lets use that StoreFront 3.0 background file, head over to your X1 installaton and grab the bg_x1.jpg file under your Sites deployment (Ex: C:\inetpub\wwwroot\Citrix\PrivateCloudWeb\media)

Upload bg_x1 to the media folder on your NS and make a call to it under “#authentication”  Your code should look like this when you are done.

#authentication
{
background-image: url(‘../media/bg_x1.jpg’);
background-size: cover;
height: 100%;
width: 100%;
}

Now lets go after that logo.  You will need to mess around with the height and width and top settings based on the size of the log you are using.

Upload your company log to the media folder on NS, then head to the “#logonbox-logoimage” section and make a call to it.  Your code will look something like this when you are done.

#logonbox-logoimage
{
background-image: url(“../media/company_logo.png”);
border: 0 none;
float: right;
height: 43px;
position: absolute;
right: 69%;
top: 92px;
width: 354px;
}

Now lets make this work with IE11, and force the index.html file to render with IE9. Lets also change the default “NetScaler Gateway” Tab to match your company name.  In my case I am also loading a custom ico file when you save the link.

Open the index.html file and modify the code so it looks something like this

<HEAD><TITLE>Name of your Company</TITLE>

<META http-equiv=”X-UA-Compatible” content=”IE=EmulateIE9″ />

<link rel=”SHORTCUT ICON” href=”/vpn/images/company_icon.ico” type=”image/vnd.microsoft.icon”>

Almost done, except that the background picture you used “bg_x1.jpg” is not dynamic, meaning it will display a static size and will not re-size on the screen based on the browser size, and you get this very annoying scroll bar at the bottom right.

ns_non_dynamic_back

The reason is Citrix is using 9px as a margin to allocate that green bar “background: url(“../media/VerticalGreenBarOnly.png”) repeat-y scroll 0 0 transparent;” So lets delete that margin and also make the background image cover the browser screen.  Your code should look like this

#logonbox-innerbox {
background: url(“../media/Screen_SemiTranslucent.png”);
display: table;
height:242px;
position: relative;
width: 100%;
/* margin-left: 9px; Remove margin on the right. Makes the front page scroll 😦 */
}

#authentication
{
background-image: url(‘../media/bg_x1.jpg’);
background-size: cover;
height: 100%;
width: 100%;
}

We are done.  End result will look something like this.  Hope this helps and please remember to do the following or your will lose your work when the Netscaler is rebooted

Open Putty and log in as nsroot, then type (Note the name of the compressed file, this needs to match “customtheme.tar.gz“)

  • shell
  • mkdir /var/ns_gui_custom
  • cd /netscaler
  • tar -cvzf /var/ns_gui_custom/customtheme.tar.gz ns_gui/*

Now apply the package to your AGEE sites

  • In the configuration utility, under the Configuration tab, expand “NetScaler Gateway” and then click “Global Settings“.
  • In the details pane, under Settings, click Change global settings.
  • In Global NetScaler Gateway Settings, click the Client Experience tab.
  • Next to UI theme, click Custom and then click OK.
  • Save NS config and done!

ns_final

 

Disclaimer:

I do not accept any responsibility or liability for the accuracy, content, completeness, legality, or reliability of the information contained on this website.

GSLB services for Citrix NetScaler Gateway – Active/Passive setup

Below is a guide on how to set up GSLB services for the Citrix NetScaler Gateway.

Before we get started, lets understand the flow a bit as well as the NetScaler services you need. I also really suggest you read the GSLB configuration guide by Dave Brett, which walks you trough the process of setting up ADNS, as well as GSLB servers, and finally this training video from John Smith which does an escellent job showing you the GSLB setup.

What is needed on the NetScaler?

ADNS – Authoriative DNS Service – This is required on the NetScaler to return the correct IP Address of the currently active NetScaler Gateway – this needs to be in place for GSLB to work correctly.

GSLB Site – This is basically a virtual data centre in its simplest terms.  For Example – Data Center 1 as a primary site and Date Center 2 as a fail over site.

NetScaler Gateway – Basically a secure application/desktop visualization solution to securely deliver access to data center applications/ desktops (virtual or physical).

NetScaler DNS View – Used to  identify various types of clients and provide an appropriate IP address to a group of clients who query for the same GSLB domain.

DNS views are configured by using DNS policies that select the IP addresses sent back to the client.  In the example below when an internal client queries a GSLB CName, the NetScaler will return with an internal DMZ IP of the Gateway and not the public IP.

What is the external DNS query doing?

  • Request name.domain.com
  • Ask Public DNS Servers for IP (Not found so will be passed to next hop i.e. ISP DNS Servers)
  • Public IP Address(s) for ADNS Service NAT’s to Internal ADNS IP present on NetScaler
  • ISP Servers have record for name.domain.com but control is delegated to Public IP Address(s) of ADNS Service for company
  • Public IP Address(s) for ADNS Service NAT’s to Internal ADNS IP present on NetScaler
  • ADNS Service on NetScaler returns the current live external IP Address for NetScaler Gateway

Environment:

  • Citrix NetsScaler 10.5 Safe Harbor Build 56.22.nc
  • StoreFront 2.6

Configuration:

1. Add Gateway Server records with IPs of your NetScaler Gateways

add server remote_gateway_dc1 192.168.150.100
add server remote_gateway_dc2 192.168.250.100

2. Setup your DNS view (Ex. client request comes from subnet 10.10.x.x) will receive an internal IP vs the external public IP.  In the example below I am binding this globally, which means all your GSLB services will have the DNS View enabled, you will just need to enter the internal IP you need to provide to the 10.10.x.x client requests

add dns view internal_dns_view
add dns action internal_dns_action ViewName -viewName internal_dns_view
add dns policy internal_dns_policy “CLIENT.IP.SRC.IN_SUBNET(10.10.0.0/16)” internal_dns_action

bind dns global internal_dns_policy 100 -gotoPriorityExpression END -type REQ_DEFAULT

3. Add GSLB services for Data Center 1 and Data Center 2, provide external IPs and bind to the server gateways created earlier.  Please note I disabled AppFlow as there are still some known issues with 10.5 and I rather not take any changes 😛

add gslb service remote_gateway_dc1_gslbsvc remote_gateway_ny SSL 443 -publicIP external_ip_address -publicPort 443 -maxClient 0 -siteName NY -cltTimeout 180 -svrTimeout 360 -downStateFlush DISABLED -appflowLog DISABLED

add gslb service remote_gateway_dc2_gslbsvc remote_gateway_nj SSL 443 -publicIP external_ip_address-publicPort 443 -maxClient 0 -siteName NJ -cltTimeout 180 -svrTimeout 360 -downStateFlush DISABLED -appflowLog DISABLED

add gslb vserver remote_gateway_dc1_gslbvs HTTP -lbMethod RTT -backupLBMethod ROUNDROBIN -tolerance 0 -EDR ENABLED -MIR ENABLED -appflowLog DISABLED

add gslb vserver remote_gateway_dc2_gslbvs HTTP -lbMethod RTT -backupLBMethod ROUNDROBIN -tolerance 0 -EDR ENABLED -MIR ENABLED -appflowLog DISABLED

4. Bind your services to your GSLB vServers

bind gslb vserver remote_gateway_dc1_gslbvs -domainName gateway.gslb.domain.com -TTL 5

bind gslb vserver remote_gateway_dc2_gslbvs -serviceName remote_gateway_dc2_gslbsvc

5. Bind those DNS View settings with the internal DMZ IP address of your Gateways

bind gslb service remote_gateway_dc1_gslbsvc -viewName internal_dns_view 192.168.150.100

bind gslb service remote_gateway_dc2_gslbsvc -viewName internal_dns_view 192.168.250.100

6. Set up a failover GSLB vServer, in my case Data Center 1 is active, and Data Center 2 will remain passive.  When you do this, the passive node will use the active GSLB vServer as a proxy, which contains the gateway.gslb.domain.com

set gslb vserver remote_gateway_dc1_gslbvs -backupVServer remote_gateway_dc2_gslbvs -lbMethod RTT -backupLBMethod ROUNDROBIN -tolerance 0 -EDR ENABLED -MIR ENABLED -appflowLog DISABLED

Failover node

Won’t go into details, as the fail over node will need the same configuration, just note that the domain name being added, in our case gateway.gslb.domain.com and the backup vServer when setting up the GSLB vServers should be set exactly the same as the primary site.

set gslb vserver remote_gateway_dc2_gslbvs -backupVServer remote_gateway_dc1_gslbvs -lbMethod RTT -backupLBMethod ROUNDROBIN -tolerance 0 -EDR ENABLED -MIR ENABLED -appflowLog DISABLED

Hope this helps and drop a comment if you need any additional help

Disclaimer:

I do not accept any responsibility or liability for the accuracy, content, completeness, legality, or reliability of the information contained on this website.

Citrix NetScaler Gateway Client Choices branding

While working in a production roll out of NetScaler Gateway and StoreFront 2.6, we noticed that NetScaler Gateway customizations do not stick when you set up the client choices for users as part of your session policies.

When enabling “Client Choices” for a session policy, NetScaler will call the choices.html page, which by default has the carbon black theme applied and ignores most of the customizations you applied to the logon page.

You can read read my article on how to customize the NetScaler logon page under Customizing Citrix NetScaler Gateway 10.5 logon page with Dual Factor Authentication, as well as Customizing Citrix StoreFront 2.6 including Pre-Login message page.

NetScaler Client Choices     ns_client_choices_enabled_2

Environment:

  • StoreFront 2.6
  • Citrix NetsScaler 10.5: Build 53.9.nc
  • RSA for dual factor

Goal:

  • Make the client choices page mimic the authentication page  (which I made it look like StoreFront 3.0)
  • Include a custom tab displaying the company name
  • Include company logo
  • Do not display “Client Access” and the “Log Off” options, and provide the session policy to only display VPN access as well as StoreFront ICA access

ns_agee_frontpage  ns_agee_client_choices

 

Solution:

Copy and back up the following files from your NS

  • choices.html under /var/netscaler/gui/vpns
  • caxtonstyle.css under /var/netscaler/gui/vpn/images
  • create/upload new company icon file, this will add the company logo under the title bar of the browser
  • create/upload new company logo to replace the “Citrix NetScaler Gateway” default logo

Edit choices.html under /var/netscaler/gui/vpns

Around line 3 modify the ico file in use, upload your ico file under  /var/netscaler/gui/vpn/images then make a call to your file

<link rel=”SHORTCUT ICON” href=”/vpn/images/company_icon.ico” type=”image/vnd.microsoft.icon”>

Around line 106 comment out the “Clientless Access Option”

// Remote Option 3 for “Clientless Access option”
// if(errcookie.indexOf(“cvpn”)!=-1) {
// if (++choicescount == 3){ document.writeln(‘</tr><tr>’);}
// document.writeln(
// ‘<td class=”VPNcell” valign=”top”><span style=”display:none”><img src=”/vpns/images/ClientlessHover_icon.png”/></span>’ +
// ‘<a class=”ClientlessLink” href=”/cgi/setclient?cvpn” onclick=”ns_cleancookie();”>’ +
// ‘<span class=”linkH4″>’ + _(‘Clientless Access’) + ‘</span>’ +
// ‘<span class=”linkP”>’ + _(‘Connect without the Access Gateway Plug-in.’) + ‘</span></a>’ +
// ‘</td>’);
// }

Around line 116 comment out the “Log Off” option

// if (++choicescount == 3){document.writeln(‘</tr><tr>’);}
// document.writeln(
// ‘<td class=”VPNcell” valign=”top”><span style=”display:none”><img src=”/vpns/images/LogoffHover_icon.png”/></span>’ +
// ‘<a class=”LogoffLink” href=”/cgi/logout”>’ +
// ‘<span class=”linkH4″>’ + _(‘Log Off’) + ‘</span>’ +
// ‘<span class=”linkP”>’ + _(‘End your session.’) + ‘</span></a>’ +
// ‘</td>’);

Edit caxtonstyle.css under /var/netscaler/gui/vpn/images

Around line 92, comment out the .header_left code to disable the Citrix NetScaler Gateway logo and create your own logo which you will need to upload to /var/netscaler/gui/vpn/images

/* Logo on left side original VPN page
.header_left
{
width: 285px;
height: 62px;
background-image: url(/vpn/images/ctxHeader01.gif);
background-repeat: no-repeat;
}
*/

/* Company logo on left side */
.header_left
{
float:left;
width: 179px;
height: 60px;
margin: 8px 0 0 22px;
background-image: url(/vpn/images/company_logo.png);
background-repeat:no-repeat;
position:absolute;
background-repeat: no-repeat;
}

Now lets disable the snake pattern header which Citrix uses another image to load

/* Top Header with Snake pattern VPN page
.header_middle
{
height: 62px;
background-image: url(/vpn/images/ctxHeader02.gif);
background-repeat: repeat-x;
}
*/

Now lets disable the Citrix log watermark at the bottom of the screen

/* Citrix logo at bottom VPN page
.watermark
{
width: 192px;
height: 62px;
background-position:bottom center;
background-image: url(/vpn/images/CitrixWatermark.gif);
background-repeat: no-repeat;
}

*/

Disable the gray navigation bar on top

/*
VPN page Gray navigation bar on top
.navbar
{
height: 26px;
background-image: url(/vpn/images/NavBarLink.gif);
background-repeat: repeat-x;
}
*/

Now lets make the background look like StoreFront 3.0 /X1

Around line 236 add the following to change the color background as well as to load the background you want, in my case I used the X1 background Citrix uses for StoreFront 3.0.  You will need to upload the background file to /var/netscaler/gui/vpn/media

body
{
background-color: #00140B;
background-image:url(“/vpn/media/bg_x1.jpg”);
/*
color: white;
background: black repeat-x top left;
*/
margin: 0px;
padding: 0px;
font-family: Segoe UI, Tahoma,Verdana, Helvetica, Arial, sans-serif;
font-size: 70%;
text-align: center;
height: 100%;
}

Now lets disable the blue background and make it look like StoreFront 3.0

Around line 249 under .mainPage

.mainPane
{
margin: 0;
padding: 0;
color: #FFFFFF;
/* Disable blue background VPN page
background: #003C96 url(/vpn/images/CenterBlueBkg.jpg) repeat top left;
*/
background: #4A5A63 repeat top left;
left:0;
right:0;
border-top: 2px #999999 solid;
border-bottom: 2px #999999 solid;
}

Lets now get rid of the snake border on the top around line 290

/*
Snake borders top
div#commonBoxTop
{

background: transparent url(/vpn/images/TitleHeaderCarbon.gif) repeat top left;

height: 5px;
border: solid 1px #999999;
border-top: none;
}
*/

Finally disable the black border at the bottom footer

/*
Border bottom black
div#commonBoxFoot
{
border: solid 1px #999999;
background-color: black;
height: 5px;
}
*/

Now load the modified files and ensure to update the global settings to use the Custom UI

  • choices.html under /var/netscaler/gui/vpns
  • caxtonstyle.css under /var/netscaler/gui/vpn/images

Open Putty and log in as nsroot, then type (Note the name of the compressed file, this needs to match “customtheme.tar.gz“)

  • shell
  • mkdir /var/ns_gui_custom
  • cd /netscaler
  • tar -cvzf /var/ns_gui_custom/customtheme.tar.gz ns_gui/*

Now apply the package to your AGEE sites

  • In the configuration utility, under the Configuration tab, expand “NetScaler Gateway” and then click “Global Settings“.
  • In the details pane, under Settings, click Change global settings.
  • In Global NetScaler Gateway Settings, click the Client Experience tab.
  • Next to UI theme, click Custom and then click OK.

01_custom_agee

That should do it, if you do the above and use the “Clientless Access Option”, it will look as StoreFront 3.0 as well and the page will be formatted nicely on the screen 🙂

Disclaimer:

I do not accept any responsibility or liability for the accuracy, content, completeness, legality, or reliability of the information contained on this website.

Exchange 2013 Layer 7 single namespace loadbalancing with Citrix NetScaler

** Updated with custom Ciphers, SSLv3 disabled on Content Switch and LBs, and SSL certificate bindings to the vServers***

I recently had to engage on a very complex deployment, where one of the goals was to utilize the Citrix NetScaler for Exchange 2013 services for a single namespace with Layer 7 and no session affinity.

In this scenario, a single namespace is deployed for all the HTTP protocol clients (mail.yourdomain.com). The load balancer is configured to utilize Layer 7, meaning SSL termination occurs and the load balancer and it knows about the target URLs. The NetScaler is also configured to check the health of the target services in the load balancing pool which requires a health probe to be configured on each Exchange virtual directory.

With this, as long as the health probes response is healthy, the NetScaler will keep the traffic in the load balancing pool. However, if lets say OWA health probe fails for any reason, the NetScaler will remove the target server(s) from the load balancing pool for future requests.

The key to this deployment is to set up Content Switching which enables the NetScaler appliance to direct requests sent to the same Web host to different servers with different content. For example, you can configure the appliance to direct requests for dynamic content (such as URLs with a suffix of .asp, .dll, or .exe) to one server and requests for static content to another server. You can configure the appliance to perform content switching based on TCP/IP headers and payload.

Environment:

  • Windows 2012
  • Citrix NetsScaler NS10.1: Build 129.22.nc
  • Exchange 2013
  • Layer 7 Loadbalancing (no session affinity)

NetScaler Prerequisites:

  • Content switching
  • Load balancing
  • Health monitoring
  • SSL offload

Lets start with a visual of what we are trying to accomplish

L7_exchange_lb

Now lets work on the config

1. Add Content Switch and Load Balancing VIPs

add cs vserver exch_cs_vserver SSL YOUR_IP_ADDRESS 443 -cltTimeout 180 -caseSensitive OFF

add lb vserver exch_owa_lb_vserver SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_ecp_lb_vserver SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_ews_lb_vserver SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_eas_lb_vserver SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_oab_lb_vserver SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_rpc_lb_vserver SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_mapi_lb_vserver SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_autodiscover_lb_vserver SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180
add lb vserver exch_fqdn_autodiscover_lb_vserver SSL 0.0.0.0 0 -persistenceType NONE -cltTimeout 180

2. Add Content Switch actions and bind to you load balancing VIPs

add cs action exch_owa_cs_action -targetLBVserver exch_owa_lb_vserver
add cs action exch_ecp_cs_action -targetLBVserver exch_ecp_lb_vserver
add cs action exch_ews_cs_action -targetLBVserver exch_ews_lb_vserver
add cs action exch_eas_cs_action -targetLBVserver exch_eas_lb_vserver
add cs action exch_oab_cs_action -targetLBVserver exch_oab_lb_vserver
add cs action exch_rpc_cs_action -targetLBVserver exch_rpc_lb_vserver
add cs action exch_mapi_cs_action -targetLBVserver exch_mapi_lb_vserver
add cs action exch_autodiscover_cs_action -targetLBVserver exch_autodiscover_lb_vserver
add cs action exch_fqdn_autodiscover_cs_action -targetLBVserver exch_fqdn_autodiscover_lb_vserver

3. Add your Content Switch Policies and bind to the previous Content Switch actions you just created.  This is where the magic is, notice the Expressions which will tell NS to direct requests based on the URLs ( Ex: “HTTP.REQ.URL.CONTAINS(\”/owa\”)”)

add cs policy exch_owa_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/owa\”)” -action exch_owa_cs_action
add cs policy exch_autodiscover_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/autodiscover\”)” -action exch_autodiscover_cs_action
add cs policy exch_eas_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/Microsoft-Server-ActiveSync\”)” -action exch_eas_cs_action
add cs policy exch_ecp_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/ecp\”)” -action exch_ecp_cs_action
add cs policy exch_ews_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/ews\”)” -action exch_ews_cs_action
add cs policy exch_mapi_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/mapi\”)” -action exch_mapi_cs_action
add cs policy exch_oab_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/oab\”)” -action exch_oab_cs_action
add cs policy exch_rpc_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/rpc\”)” -action exch_rpc_cs_action
add cs policy exch_fqdn_autodiscover_cs_pol -rule “HTTP.REQ.HOSTNAME.CONTAINS(\”autodiscover\”)” -action exch_fqdn_autodiscover_cs_action
Do not add cs policy exch_eas_cs_pol -rule “HTTP.REQ.URL.CONTAINS(\”/eas\”)” -action exch_eas_cs_action

4. Bind your Content Switch Vserver to policies and provide priorities

bind cs vserver exch_cs_vserver -policyName exch_owa_cs_pol -priority 100
bind cs vserver exch_cs_vserver -policyName exch_autodiscover_cs_pol -priority 110
bind cs vserver exch_cs_vserver -policyName exch_eas_cs_pol -priority 120
bind cs vserver exch_cs_vserver -policyName exch_ecp_cs_pol -priority 130
bind cs vserver exch_cs_vserver -policyName exch_ews_cs_pol -priority 140
bind cs vserver exch_cs_vserver -policyName exch_mapi_cs_pol -priority 150
bind cs vserver exch_cs_vserver -policyName exch_oab_cs_pol -priority 160
bind cs vserver exch_cs_vserver -policyName exch_rpc_cs_pol -priority 170
bind cs vserver exch_cs_vserver -policyName exch_fqdn_autodiscover_cs_pol -priority 180

5. Now lets create the Service Groups

add serviceGroup exch_owa_service_group SSL
add serviceGroup exch_ecp_service_group SSL
add serviceGroup exch_eas_service_group SSL
add serviceGroup exch_ews_service_group SSL
add serviceGroup exch_rpc_service_group SSL
add serviceGroup exch_autodiscover_service_group SSL
add serviceGroup exch_oab_service_group SSL
add serviceGroup exch_mapi_service_group SSL
add serviceGroup exch_fqdn_autodiscover_service_group SSL

6. Create your custom monitors

add lb monitor exch_ecp_monitor HTTP-ECV -send “GET /ecp/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES
add lb monitor exch_ews_monitor HTTP-ECV -send “GET /ews/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES
add lb monitor exch_eas_monitor HTTP-ECV -send “GET /eas/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES
add lb monitor exch_oab_monitor HTTP-ECV -send “GET /oab/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES
add lb monitor exch_rpc_monitor HTTP-ECV -send “GET /rpc/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES
add lb monitor exch_mapi_monitor HTTP-ECV -send “GET /mapi/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES
add lb monitor exch_autodiscover_monitor HTTP-ECV -send “GET /autodiscover/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES
add lb monitor exch_owa_monitor HTTP-ECV -send “GET /owa/healthcheck.htm” -recv “200 OK” -LRTM ENABLED -secure YES

7. Now lets bind the member servers to the new Service Groups and bind the custom monitors

bind serviceGroup exch_owa_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_owa_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_owa_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_owa_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_owa_service_group -monitorName exch_owa_monitor

bind serviceGroup exch_ecp_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_ecp_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_ecp_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_ecp_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_ecp_service_group -monitorName exch_ecp_monitor

bind serviceGroup exch_eas_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_eas_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_eas_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_eas_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_eas_service_group -monitorName exch_eas_monitor

bind serviceGroup exch_ews_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_ews_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_ews_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_ews_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_ews_service_group -monitorName exch_ews_monitor

bind serviceGroup exch_rpc_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_rpc_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_rpc_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_rpc_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_rpc_service_group -monitorName exch_rpc_monitor

bind serviceGroup exch_autodiscover_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_autodiscover_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_autodiscover_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_autodiscover_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_autodiscover_service_group -monitorName exch_autodiscover_monitor

bind serviceGroup exch_oab_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_oab_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_oab_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_oab_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_oab_service_group -monitorName exch_oab_monitor

bind serviceGroup exch_mapi_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_mapi_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_mapi_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_mapi_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_mapi_service_group -monitorName exch_mapi_monitor

bind serviceGroup exch_fqdn_autodiscover_service_group exch03 443 -CustomServerID “\”None\””
bind serviceGroup exch_fqdn_autodiscover_service_group exch04 443 -CustomServerID “\”None\””
bind serviceGroup exch_fqdn_autodiscover_service_group exch01 443 -CustomServerID “\”None\””
bind serviceGroup exch_fqdn_autodiscover_service_group exch02 443 -CustomServerID “\”None\””
bind serviceGroup exch_fqdn_autodiscover_service_group -monitorName exch_autodiscover_monitor

8. Finally lets bind the Service Groups to load balance vServers

bind lb vserver exch_owa_lb_vserver exch_owa_service_group

bind lb vserver exch_ecp_lb_vserver exch_ecp_service_group

bind lb vserver exch_eas_lb_vserver exch_eas_service_group

bind lb vserver exch_ews_lb_vserver exch_ews_service_group

bind lb vserver exch_rpc_lb_vserver exch_rpc_service_group

bind lb vserver exch_autodiscover_lb_vserver exch_autodiscover_service_group

bind lb vserver exch_oab_lb_vserver exch_oab_service_group

bind lb vserver exch_mapi_lb_vserver exch_mapi_service_group

bind lb vserver exch_fqdn_autodiscover_lb_vserver exch_fqdn_autodiscover_service_group

9. Create custom cipher which will get you an A- based on Qualys SSL test and FW and HW version on the NS I am using.

add ssl cipher my_cipher
bind ssl cipher my_cipher -cipherName SSL3-DES-CBC3-SHA
bind ssl cipher my_cipher -cipherName TLS1-AES-256-CBC-SHA
bind ssl cipher my_cipher -cipherName TLS1-AES-128-CBC-SHA
bind ssl cipher my_cipher -cipherName SSL3-EDH-DSS-DES-CBC3-SHA
bind ssl cipher my_cipher -cipherName TLS1-DHE-DSS-AES-256-CBC-SHA
bind ssl cipher my_cipher -cipherName TLS1-DHE-DSS-AES-128-CBC-SHA
bind ssl cipher my_cipher -cipherName SSL3-EDH-RSA-DES-CBC3-SHA
bind ssl cipher my_cipher -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA
bind ssl cipher my_cipher -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA

10. Bind your custom cipher to your vServers

bind ssl vserver exch_ecp_lb_vserver -cipherName my_cipher
bind ssl vserver exch_eas_lb_vserver -cipherName my_cipher
bind ssl vserver exch_oab_lb_vserver -cipherName my_cipher
bind ssl vserver exch_rpc_lb_vserver -cipherName my_cipher
bind ssl vserver exch_mapi_lb_vserver -cipherName my_cipher
bind ssl vserver exch_autodiscover_lb_vserver -cipherName my_cipher
bind ssl vserver exch_fqdn_autodiscover_lb_vserver -cipherName my_cipher
bind ssl vserver exch_owa_lb_vserver -cipherName my_cipher
bind ssl vserver ctx_wi_lb_vserver -cipherName my_cipher
bind ssl vserver exch_cs_vserver -cipherName my_cipher
bind ssl vserver exch_cs_vserver_int -cipherName my_cipher
bind ssl vserver ctx_csg_vserver -cipherName my_cipher

11. Bind SSL cert to your vservers

bind ssl vserver exch_ecp_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_ews_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_eas_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_oab_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_rpc_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_mapi_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_autodiscover_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_fqdn_autodiscover_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_owa_lb_vserver -certkeyName exch_ssl_cert
bind ssl vserver ctx_wi_lb_vserver -certkeyName wa_com_ssl_cert
bind ssl vserver exch_cs_vserver -certkeyName exch_ssl_cert
bind ssl vserver exch_cs_vserver_int -certkeyName exch_ssl_cert

12. Disable SSLv3 on CS vserver and LB vservers

set ssl vserver exch_ecp_lb_vserver -ssl3 DISABLED
set ssl vserver exch_ews_lb_vserver -ssl3 DISABLED
set ssl vserver exch_eas_lb_vserver -ssl3 DISABLED
set ssl vserver exch_oab_lb_vserver -ssl3 DISABLED
set ssl vserver exch_rpc_lb_vserver -ssl3 DISABLED
set ssl vserver exch_mapi_lb_vserver -ssl3 DISABLED
set ssl vserver exch_autodiscover_lb_vserver -ssl3 DISABLED
set ssl vserver exch_fqdn_autodiscover_lb_vserver -ssl3 DISABLED
set ssl vserver exch_owa_lb_vserver -ssl3 DISABLED
set ssl vserver ctx_wi_lb_vserver -ssl3 DISABLED
set ssl vserver exch_cs_vserver -ssl3 DISABLED
set ssl vserver ctx_csg_vserver -ssl3 DISABLED

Hope this helps and feel free to drop me a note if you need additional pointers 🙂

Customizing Citrix NetScaler Gateway 10.5 logon page with Dual Factor Authentication

Following up on my instructions on how to Customize the new version of Citrix StoreFront 2.6.  Below is how you can create your own Citrix NetScaler Gateway customization package , and ensure your changes are not lost when the appliance is rebooted.

Environment:

  • Windows 2008 R2
  • Citrix XenApp 6.5 Hotfix Rollup Pack 2
  • PVS 6.1.16
  • StoreFront 2.6
  • Citrix NetsScaler 10.5: Build 53.9.nc
  • RSA for dual factor

Now in my case, we are utilizing RADIUS for secondary authentication.  After creating the AGEE site, make sure the site is set to “Green Bubble” under “NetScaler” “Global Settings” Change Global Settings” , then head over to the “Client Experience” Tab, and select “Green Bubble” under the “UI Theme”

Once complete, your site will look something similar to the picture below.

01_green_bubble

01_logon_page

Now lets customize the following

  • Logo
  • First Authentication box
  • Second Authentication box
  • Fix Compatibility issues with Internet Explorer 11

Solution: (Connect to your NetScaler via WinSCP)

1. Copy the vpn folder from /var/netscaler/gui/ to your local desktop

2.  Edit “login.js” under /var/netscaler/gui/vpn to fix the “Password 1” entry

Around line 93

Replace

if ( pwc == 2 ) { document.write(‘&nbsp;1’); }

With

if ( pwc == 2 ) { document.write(‘&nbsp;’); }

3. Upload your company logo under under /var/netscaler/gui/vpn/media

4. Update “ctxs.authentication.css” under /var/netscaler/gui/vpn/css to update your logo and height and width where the logo will be placed

In my case, our company logo was bigger than the logo provided by Citrix. So I needed to modify the height and the width.

Around line 210

#logonbox-logoimage
{
background-image: url(“../media/company_logo.png”);
border: 0 none;
float: right;
height: 48px;
position: absolute;
right: 71%;
top: 80px;
width: 273px;
}

5. Update “en.xml” under /var/netscaler/gui/vpn/resources  to change “Password 2:” for the secondary authentication box

Around line 83:

Replace

<String id=”Password2″>Password 2:</String>

With

<String id=”Password2″>RSA Code:</String>

6. Fix the Internet Explorer 11 compatibility issue, the quick fix is to tell IE11 to use  compatibility mode, however you can force the NetScaler page to emulate IE v.9, you can read more about this under http://stackoverflow.com/questions/6771258/whats-the-difference-if-meta-http-equiv-x-ua-compatible-content-ie-edge-e

01_logon_page_ie11

Edit index.html under /var/netscaler/gui/vpn

Under line 4 place

<META http-equiv=”X-UA-Compatible” content=”IE=EmulateIE9″ />

01_logon_page_ie11_fix

7. Upload your modified files and logo

01_upload

8. Head over to your site and make any corrections.  once you are happy with the results, create your custom package

Open Putty and log in as nsroot, then type (Note the name of the compressed file, this needs to match “customtheme.tar.gz“)

  • shell
  • mkdir /var/ns_gui_custom
  • cd /netscaler
  • tar -cvzf /var/ns_gui_custom/customtheme.tar.gz ns_gui/*

9. Now apply the package to your AGEE sites

  • In the configuration utility, under the Configuration tab, expand “NetScaler Gateway” and then click “Global Settings“.
  • In the details pane, under Settings, click Change global settings.
  • In Global NetScaler Gateway Settings, click the Client Experience tab.
  • Next to UI theme, click Custom and then click OK.

01_custom_agee

 

10. Reboot the NetScaler and you will notice your changes are intact.

01_fina_agee

 

Customizing Citrix StoreFront 2.6 including Pre-Login message page

Here are my StoreFront customizations for Citrix StoreFront 2.6.  Many are similar to previous version of SF, however some of the syntax changed.

There are some good improvements/features SF 2.6 brings, one that I like and works best where I currently work is the Web Folder View, which in the past had to be done by running StoreFront in lock down mode.  This new view can certainly help your users feel more comfortable when moving from Web Interface.

Fist take a look at the new features of StoreFront which are listed under this link from Citrix.

Secondly I would like to thank Sam Jacobs which provided some of his code he presented at Citrix Synergy 2014.  You can view the presentation here 

Environment:

  • Windows 2008 R2
  • Citrix XenApp 6.5 Hotfix Rollup Pack 2
  • PVS 6.1.16
  • StoreFront 2.6
  • Citrix NetScaler 10.1 build 122.17

Customizations: (All custom files will need to be created under the contrib folder is located under the SF site in the file system (typical location is C:inetpubwwwrootsitesCitrixStoreWebNamecontrib

The following customizations include the following

  • Pre-Login message page
  • Front Page with custom logo and title header
  • App/Desktop page with custom logo, user client IP (For NetScaler load balancing make sure to use X-Forwarded-For to load balance your StoreFront servers, utilizing CLIENT-IP for your VIP will return the SNIP of your NetScaler as the source IP for the user client IP module :P)
  • Apps/Desktop Tab on top with Disable user multiclick
  • Page footer

03-pre_login_screen

01-front_page_logo

02-apps_page_logo

Back up the original files under C:inetpubwwwrootsitesCitrixStoreWebNamecontrib

Steps:

1. Overwrite the following files

  • custom.wrstrings.en.js
  • custom.script.js
  • custom.style.css

2. Create new files

  • GetServerData.aspx
  • companylogo_whiteTrans.png
  • companylogo_whitetrans_small.png

Code:

custom.wrstrings.en.js

(function ($) {
$.localization.customStringBundle(‘en’, {
Disclaimer: ‘Authorized Use Only’,
DisclaimerStatement: ‘You must be assigned an account to access this system.’
+ ‘ The information on this system and network is the property of this organization and is protected by intellectual property rights.’
+ ‘ By clicking the button below, you are consenting to the monitoring of your activities on the system’,
Continue: ‘Continue’
});
})(jQuery);

custom.script.js (You can certainly change the way I am working with $(document).ready(function() { and clean it up a bit

// StoreFront customizations

// Replace title
document.title = ‘Remote Access’;

// Place Apps/Desktop Tab on top
$(document).ready(function() {
$(“#resources-switcher” ).detach().appendTo(“#resources-header” );
});

// Disable User Multi Click 😛
$(document).ready(function() {
CTXS.Resources.multiClickTimeout = 10;
});

// Display client IP and StoreFront server
$.ajax({
url: ‘contrib/GetServerData.aspx?serverData=clientIPandServerName’,
success: function(data) {
var $markup = $(‘<div id=”server-info”>’ + data + ‘</div>’);
$markup.insertBefore(‘#header-userinfo’);
}
});

// Logon page footer text

// $(document).ready(function() {
// var $footercontent = $(‘<div id=”authentication-footer”><div id=”authentication-copyrightfooter”> <p id=”authentication-copyrightFooterText”></p></div></div>’);
// $footercontent.insertAfter(‘#logonbelt-bottomshadow’);
// });

// $(document).ready(function() {
// $(‘#authentication-copyrightfooter’)[0].innerHTML =
// ‘<p>&copy;2014&nbsp; Access restricted to authorized users.</p>’;
// });

// application page footer text

$(document).ready(function() {
$(‘#copyrightfooter’)[0].innerHTML = ‘<p>&copy;2014&nbsp; Name of your company</p>’;
});

// Prelogin page

$(document).ready(function() {
CTXS.Application.preLoginHook = function () {
var _dialogTitle = ‘<h1’
+ ‘ class=”messagebox-title _ctxstxt_Disclaimer”></h1>’;
var _dialogBody = ‘<div class=”messagebox-body”>’ +
‘<p class=”_ctxstxt_DisclaimerStatement”></p></div>’;
var _dialogButton = ‘<div class=”messagebox-buttons”>’ +
‘<a href=”#” class=”button _ctxstxt_Continue”></a></div>’;
var dialog = _dialogTitle + _dialogBody + _dialogButton;
var $messagePane = CTXS.displayMessagePane(dialog).ctxsLocalize();
var $button = $messagePane.find(‘.button’);
$button.click(function () {
CTXS.Events.publish(CTXS.Events.preLogin.done);
return false;
}).ctxsHandleEscapeKeyInDialog().ctxsPlaceFocusOnFirstElement(
).ctxsBindFocusWithin();
};
});

 

custom.style.css

/*
StoreFront customizations
*/

#credentialupdate-logonimage, #logonbox-logoimage {
background-image: url(“companylogo_whiteTrans.png”);
height: 50px;
width: 283px;
}

#header-logo {
background-image: url(“companylogo_whitetrans_small.png”);
height: 31px;
margin: 8px 0 0 22px;
width: 179px;
}

#resources-header {
height: 84px;
}

#resources-switcher {
padding-top: 48px;
text-align: center;
}

/* Help Desk info */

/* Logon labels */
#logonbox-logonform label{
color:white;
display:table-cell;
font-size:14px;
height:20px;
vertical-align:bottom;
}

/* welcome message and username */
#resources-header #header-userinfo {
float:left;
margin-top:12px;
margin-right:100px;
vertical-align:middle;
color:white;
}

#header-username,
#header-userinfo A {
color:white;
font-size:12px;
}

/* for added server info */
#server-info {
color: white;
font-size:12px;
float: left;
margin-right: 40px;
margin-top: 12px;
position: relative;
vertical-align: middle;
}

/* EOF Help Desk info */

/* Logon page footer text
#copyrightfooter p,
#copyrightfooter a,
#authentication-copyrightfooter p,
#authentication-copyrightfooter a
{color:white;}

*/
/* turn off searchbox
#resources-searcharea {
display: none;
}
*/

GetServerData.aspx

<%@ Page Language=”C#” %>

<script runat=”server” language=”C#”>

private string GetClientIP()
{
string ips = Request.ServerVariables[“HTTP_X_FORWARDED_FOR”];

if (!string.IsNullOrEmpty(ips))
{
return ips.Split(‘,’)[0];
}

return Request.ServerVariables[“REMOTE_ADDR”];
}

private string GetServerName()
{
// for security purposes, only return the last 2 chars
string server = Environment.MachineName;
return server.Substring(server.Length-2);
}
</script>

<%
// what server data are we looking for?
string sData = Request[“serverData”]+””;

switch (sData)
{
case “clientIP”:
Response.Write(GetClientIP());
break;

case “serverName”:
Response.Write(GetServerName());
break;

case “clientIPandServerName”:
Response.Write(“Client IP: ” + GetClientIP() +
“&nbsp;&nbsp;&nbsp;&nbsp; Server: ” + GetServerName());
break;

default:
break;
}
%>

 

Hope this helps you 🙂