Import .pfx certificate from IIS to NetScaler VPX

If you haven't done so already, you will need to export your SSL certificate from your Windows Server to a .pfx file.  Be sure to review that link, it's important to do the .pfx export step just right.  If you don't own an SSL Certificate yet, I recommend NameCheap, the banner below will usually give you a good discount. Now that we have a good .pfx certificate file, we can begin working on importing the cert into the Citrix NetScaler: Logon to the Netscaler and click SSL Certificates > Read more [...]

How to setup inbound PPTP through a Juniper NS 5 GT (Screen OS)

If you're reading this, you should really select a better VPN solution...  However in my case I needed to keep the status quo.  The customers SonicWall died while being moved during a big cutover, in a pinch I replaced it with a Juniper NS 5GT.  I recreated the configuration on the SonicWall, and everything worked great except inbound PPTP connections to their Windows PPTP server sitting behind the Juniper Netscreen.  I discovered that Juniper blocks GRE connections which are 'port-less' but Read more [...]

Ironport Encryption Provisioning issue: “Unable to provision profile for reason: Cannot find account.”

Background: In order to utilize the IronPort encryption capabilities known as the "Cisco Registered Envelop Service (CRES)", an Encryption Profile must be created and provisioned.  These settings can be found under Security Services > Encryption. Issue: You receive the following error when attempting to provision the Ironport Encryption service: Error — Unable to provision profile "Ironport_Encryption" for reason: Cannot find account. Please make sure that you have correctly Read more [...]

“[WARNING] Failed to query SPN registration on DC” | Domain Controller Stops Replicating Pt. 2

This article is our second part of our three part series, continuing where we left off in our last article: Domain Controller no longer replicating Pt. 1 — “Replication has been explicitly disabled…”.  Our previous steps have brought us closer to resolving the replication issues on our Los Angeles Domain Controller, however issues still remain. Now I will walk you through tackling: DCDIAG / NETDIAG shows Time Service is stopped and Netlogon service is paused "[WARNING] Failed to Read more [...]

How to Setup SSL Cert on IronPort

Issue: You would like to setup a third-party SSL certificate on your Ironport Email Security Appliance to facilitate IronPort TLS encryption of messages and HTTPS encryption for IronPort quarantine and admin pages. Background: The IronPort does include a self-signed certificate, however a self-signed cert is not generated by a Certificate Authority recognized by mail servers and web browsers. You will need to buy an SSL certificate from a recognized third party certificate authority like GoDaddy(25%OFF), or Read more [...]