any thought on how i can get that info ?

(starting to think you werent joking when you said nope)

Heh. I wasn't. Did you check the policy hit counter?

how do i do that ?

the nsconmsg ?

no... it's standard CLI

use stat

heh, it's either show or stat on the action or policy. (:

"show pol" tabs in to "show policy" but when i hit enter it tells me no such command

seems very odd

yeah, like I said... depends on the policy type

its an advanced auth policy

mkay

the actual thing that is failing is that i want to stop certain named users from logging in. so any user who would have DEV in their name i want them to not be authenticated via ldap and fail

so instead of just having tru for my auth policy i went with AAA.USER.NAME.Contains("DEV").NOT - but it goes through either way

if its of any interest to anyone i solved the above... the aaa.user.name.contains can not be used beofore ldap allready took place. because the aaa.username is not populated with anything

im having an issue where a new machine catalog that was built on a new vlan produces VAS that are stuck on initialising. the event viewer on the VDA says registratoin successful but there is an error saying "connection validation failed for domain for reasons users for reason deny" - i cant find anything useful about that. it seems related to the azure hybrid domain.. but i cant see much - any ideas ?#

(not *VAS - VDAd)

Just throwing this out there on the off chance someone has seen something like this before. I'm currently running a Citrix load balancer on version 14.1 12.35. We have fastly services pointing to content switching VIPs and normal VIPs (this all works fine and uses SSL). I've attempted, initially, to upgrade directly to 14.1 47.46 but this causes

the content switching VIP to stop working. The other VIPs still work fine. No differences between SSL versions and ciphers etc. on any.

I get the same issue regardless of whatever firmware version I use inbetween except version 14.1 17.38 (not working versions I've tried are: 14.1-21.57, 14.1-25.56, 14.1-43.56).

I appreciate this isn't the easiest thing to explain over text. I enabled debug logging and I got errors similar to the below:

Jul  4 110539 <local0.debug> <<redacted IP>>  07/04/20251105:39 GMT  0-PPE-0 : default SSLLOG SSL_HANDSHAKE_FAILURE 40738 0 :  SPCBId 9213814 - ClientIP <<redacted IP>> - ClientPort 13838 - VserverServiceIP <<redacted IP>> - VserverServicePort 443 - ClientVersion TLSv1.2 - CipherSuite "NA" - Session New - Reason "Illegal parameter in the

message"

But, rolling back to the current version or 17.38 allows the content switching VIP to access connections fine.

We have user added session printers (They use a manage printers published app and browse AD and connect to the session printer). I have adobe acrobat unifed installer installed on the VDA (it installs a local Adobe PDF Printer on the VDA). I am finding that even after users set the user added session printer as their default printer it keeps reverting back to the Adobe PDF printer as default. I have checked and i dont have the policy "Let windows manage my default printer" set and printers are being personalized via ivanti personalization server. obviously if i was using client autocreated printers or i defined the session printers via policy i could dictate what to use as default but with user added session printers neither of these are possible

any ideas ?

Script to save default and restore at logon, tricky to set up but it would work.

@guest40 does it work from a different sourceIP?

@Zax1 if it works on other VLAN, maybe FW blocking the registration on this VLAN?