Categories
Home Lab Synology

Synology DDNS with custom domains

The Synology DSM gives administrators the ability to utilize Dynamic DNS (DDNS) services to access your devices with vanity/custom domains. However, the list of compatible Service Providers is fairly limited. Luckily, we can do a little DNS trickery (CNAME record) to get around the issue for any domain.

Start by opening Control Panel in DSM, External Access, then choose Add on the DDNS tab. Walk through the wizard to create a hostname using the Synology service provider. Check out the the Synology documentation for more details on this process. For this example, let’s use: caroledidit.synology.me.

When complete, you will have the new DDNS hostname listed. This domain name will always point to the dynamic IP address given to your network by your ISP.

Purchase a domain from any registrar that allows you to control basic DNS records. For this example, we’ll use: longlivedonlewis.com. Using the registrars platform, create a new CNAME DNS record for your domain.

The CNAME record values for longlivedonlewis.com would be:

Host = @

Value = caroledidit.synology.me

TTL = 5min

As a CNAME record is an alias, longlivedonlewis.com would always refer to the IP address caroledidit.synology.me is pointed to. The short Time To Live (TTL) ensures that caches expire quickly enough to stay in sync with the dynamic record.

The custom domain will now point to your network. If you haven’t done so already, you’ll need to configure your network allow your device to communicate with the Internet.

Visit Wikipedia to learn more about CNAME records: https://en.wikipedia.org/wiki/CNAME_record

Categories
Home Lab VMware Horizon

Horizon View Administrator Load Balancing

After setting up load balanced Horizon 7 Connection servers, I was immediately stonewalled at the View Administrator login screen (https://connection-server/admin). Nothing but a blank modal window with the date and time – zero error details.

Thinking it was possibly a quirk with the Flash interface, I tried the new Horizon 7 HTML5 console (https://connection-server/newadmin). To my surprise, it threw an equally as helpful error: Login failed due to: [Not found]

The HTML5 login failure only happened in Chrome (v81). Firefox (v75) worked. Edge (v44) worked. Internet Explorer 11 worked.

A little bit of research revealed that for security purposes, the Horizon 7 View Administration console checks the origin URL of the web request and rejects it if doesn’t match:

https://localhost/admin

or

https://URL_used_in_Secure_Tunnel_URL_Field/admin

The later is necessary for environments configured with Unified Access Gateways (UAGs). While the cause of the issue isn’t immediately obvious, the cause makes sense.

The fix is straight forward; tested on v7.8. Perform the following steps on each load balanced Connection Server:

  1. Edit: C:\Program Files\VMware\VMware View\Server\sslgateway\conf\locked.properties
  2. Add the line: checkOrigin=false
  3. Save, close, and restart the VMware Horizon View Connection Server service.

Official VMware KB article: https://kb.vmware.com/s/article/2144768

Categories
Citrix

Citrix “Cannot start app. Please contact your help desk.”

After standing up a new Citrix site from scratch, we found Citrix Receiver/Workspace apps configured on client workstations configured with SSO couldn’t launch applications.

After a few hours of checking event logs and enabling every Receiver/Workspace logging feature, I only found very generic errors. The most “relevant” error found in the Receiver/Workspace app log was:

Monday, January 13, 2020/4:24:30 PM ICA launch failed from delivery service at https://storefront.url/Citrix/Store/resources/v2/WERbunchofjunkBJQdfdBf4tUHdbWUgSGdbHRoIE1h/launch/ica; reason: GeneralAppLaunchError
Monday, January 13, 2020/4:24:30 PM Got Comms Error
Monday, January 13, 2020/4:24:30 PM Request failed: General error

Searching this error lead me to https://support.citrix.com/article/CTX133982

The Citrix article explains how to prepare a site for Pass-Through Authentication. Surprisingly, this parameter could be modified via the GUI in XenApp 6.5, but not newer.

Step two provides a PowerShell command which you can run on a site Delivery Controller:

asnp Citrix*
Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $True

To validate the parameter took, run:

Get-BrokerSite

Validate TrustRequestsSentToTheXmlServicePort is set to True, then refresh Receiver/Workspace app and relaunch your application.