pieter watteeuw Posted October 15, 2017 Share Posted October 15, 2017 Hi, When i logon to the netscaler gateway i keep getting "Please select one of the following" without options. Clientless Access = ON Client choises is disabled. Netscaler version: NetScaler NS12.0: Build 51.24.nc, Date: Jul 15 2017 Link to comment Share on other sites More sharing options...
Paul Blitz Posted October 16, 2017 Share Posted October 16, 2017 No, in your case, clientless is NOT (necessarily) disabled, I'm sorry to say. When a session profile does not have a setting set locally (ie "global override" is TICKED), then whilst you will see the global setting in the profile (greyed-out), that setting can be (and in your case must be...) inherited from another matching policy. For example, here's 3 session policies: 10 IF (it's windows, with corporate AV, and I can find a hidden file) THEN profile 1 20 IF (it's windows, with one of a list of suitable AVs) THEN profile 2 30 IF TRUE THEN profile 3 The first one matches your corporate laptops, the second any decent Windows setup, and the last catches everything. Your corporate laptops actually match all three of those policies. So if Profile 1 doesn't have a setting locally (= "global override" is TICKED) then it will then check, in order, Profile 2 then Profile 3, for that setting. If none of those has the setting locally, finally, you will get the default global settings (= what's shown in a profile, greyed out). So, if a setting is important to you, SET IT LOCALLY!! In your case, just go into that profile, tick the "override global" box, and set choices to UNticked, and you'll be ok. The setting is now set locally in that profile, and noone can take it away from you (then repeat another 100 times for all the other settings in the profile!!!) Link to comment Share on other sites More sharing options...
CarlStalhood Posted October 16, 2017 Share Posted October 16, 2017 Is HSTS enabled in a SSL Profile, or in the vServer’s SSL Parameters? Link to comment Share on other sites More sharing options...
pieter watteeuw Posted October 16, 2017 Author Share Posted October 16, 2017 Is HSTS enabled in a SSL Profile, or in the vServer’s SSL Parameters? Yes it's enabled on the NetScaler Gateway Virtual Server. I have tested this without HSTS and than it works. Is there a way to let this work with HSTS? What is the reason for this? THX! Link to comment Share on other sites More sharing options...
CarlStalhood Posted October 16, 2017 Share Posted October 16, 2017 Bug. You can still implement HSTS by binding a Rewrite Response policy. 1 Link to comment Share on other sites More sharing options...
Rhonda Rowland1709152125 Posted October 16, 2017 Share Posted October 16, 2017 About the client choices option (everything Paul said is true). Global Override: Disabled means you are not asserting a value. Default state is setting is ENABLED. Global Override: Enabled means you are asserting a value. HOWEVER, even if the left-hand checkbox looks "off" when you first enable the control, there is a GUI defect where the "checkbox" is enabled and not shown. Usually click until the left checkbox turns on, then clear. To disable client choices. Or check the policy after enabling global override (by closing and re-opening the profile) and then you will see the value is still "enabled". If client choices is off (and global override on) AND ICA Proxy:ON, then you will default to ICA proxy only mode. If ICA Proxy is OFF, and Client Choices is OFF, then your Clientless Access: ON setting will determine if you are clientless only mode or clientless and vpn mode (without choices). Link to comment Share on other sites More sharing options...
pieter watteeuw Posted October 16, 2017 Author Share Posted October 16, 2017 Inserting HSTS header with a Rewrite Response policy works.Thanks Carl. Link to comment Share on other sites More sharing options...
Mark Brilman Posted May 31, 2022 Share Posted May 31, 2022 Has this bug resurfaced again? I have several NetScalers hanging again and disabling the HSTS checkbox solves the issue. Version 13.0.85.19 (latest 13) 2 Link to comment Share on other sites More sharing options...
Tobias Wende1709163199 Posted August 2, 2022 Share Posted August 2, 2022 Hi Mark, I can confirm, we see the same old bug in 13.0 85.19 (and newer) with one of our customers. 1 Link to comment Share on other sites More sharing options...
Maarten Annema Posted November 16, 2022 Share Posted November 16, 2022 Hi all, this bug is also present in build 13.0 88.14 We came from 13.0 83.27 wich had no problem using HSTS and after upgrade to 88.14 the bug was present. Link to comment Share on other sites More sharing options...
Paul Burden Posted December 7, 2022 Share Posted December 7, 2022 I've been told by citrix support today that the latest version 13.0.88.16 fixes this issue, although i can't see the mention in the release notes. i've asked them to clarify before i upgrade to this . Just in case others want to try and see if it does indeed resolve the issue Link to comment Share on other sites More sharing options...
Brian Gentile Posted December 9, 2022 Share Posted December 9, 2022 I am running 13.1.33.52 and I am seeing this bug as well. Link to comment Share on other sites More sharing options...
Helder Souza1709162900 Posted December 23, 2022 Share Posted December 23, 2022 88.16 the issue happens, I'll try the HSTS rewrite policy. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now