Graph and PowerShell Blog

While there is an option to buy a Citrix reporting add-on my customer did not want the expense of a subscription but still wanted to keep track on connected clients. After Covid19 struck the AlwaysOn VPN solution became even more important than before.

How to report on the usage with PowerShell? Thankfully there is the Nitro API which interacts well with PowerShell. Originally I was pinging a whole subnet to find connected clients, but with Nitro, I could skip this step and see who was connected at a point in time. We now knew who was connected, but we needed to find out what user was logged in to the server. For stability, we enabled remote PowerShell as the older commands can fail without timing out. Running the script every 15 minutes we could see what clients were connecting and disconnecting and log this.

↑ Using stored credentials we can get a list of sessions from the NetScaler.

↑ We can check what ISP the users connect with and if they have MFA enabled.

During the course of the script there were 2 issues:

Mass disconnects of all clients

DNS not updating on clients

For the first issue, I was not involved in troubleshooting but I could report to the Citrix admin of a mass disconnection event within a time range of 15 minutes. This helped the admin isolate the issue more quickly.

For the DNS issue where the VPN clients could not update their A record we found that the fix from Citrix took so long that we had to implement our own temporary fix.

We had the IP's that were connected via Nitro, so this allowed us to use remote PowerShell to query the registry and find the real hostname of the computer connected to the VPN. With this information, we could then update the DNS servers, again with PowerShell. After a few tweaks, the script worked as designed and no issues were reported until we got our final fix from Citrix.

Update May 2024
After a Citrix update we could no longer connect to a single namespace. So if you connected to the passive node you would not get certain details back, like external IP.

The fix for this was to find the MasterServer by querying the management server:

$uri = "https://adminserver/nitro/v2/config/ns"

$i_state = $in.ha_master_state

While the passive and active nodes would not move around that often it does allow for unexpected issues.

Graph and PowerShell Blog	Articles 2024 Advanced Postfix configuration Installing Exchange 2019 in Azure Landing Zone Upgrading PHP on Windows Adding a Postfix server for relay to O365 O365 Integrated Apps troubleshooting Domino and O365 Co-existence Delegate Control in AD App mail relay via HVE Setting up Mail Relay with HVE Getting BIMI certified Orbea Occam SL H30 Installing FreeSat and Saorview Changing broadband provider Replacing a DIN timer on fuseboard Outlook Desktop Notifications stop working Outlook folders keep moving sort order Teams report uploading to SharePoint with Runbooks Teams PowerShell module can't run CS cmd as App 2023 Cannot map new Shared Mailboxes in O365 Renewing an Exchange 2016 certificate Connect to Compliance PowerShell behind a Proxy Sensitivity Label not shown in Outlook Client Room Finder Error in Outlook Teams not showing Rooms Teams unable to open file Unable to review quarantined mails for shared mailbox Set Locale for various Apps Delegate Sent Items placed into external Tenant Overview of Microsoft Support cases When centralized mail sends via O365 Cleaning up your Windows DNS server Set OneDrive for Business Locale O365 Migration Tips Reporting on successful Azure logons IIS Mapi Queue full with NetScaler Secure Office365 reports with a certificate Using Graph to send emails with inline images Visualizing Graph data with Google Charts Keeping a log of NetScaler AlwaysON connections \| About \| Links

Keeping a log of NetScaler AlwaysON connections 02-Mar-23 While there is an option to buy a Citrix reporting add-on my customer did not want the expense of a subscription but still wanted to keep track on connected clients. After Covid19 struck the AlwaysOn VPN solution became even more important than before. How to report on the usage with PowerShell? Thankfully there is the Nitro API which interacts well with PowerShell. Originally I was pinging a whole subnet to find connected clients, but with Nitro, I could skip this step and see who was connected at a point in time. We now knew who was connected, but we needed to find out what user was logged in to the server. For stability, we enabled remote PowerShell as the older commands can fail without timing out. Running the script every 15 minutes we could see what clients were connecting and disconnecting and log this. ↑ Using stored credentials we can get a list of sessions from the NetScaler. ↑ We can check what ISP the users connect with and if they have MFA enabled. During the course of the script there were 2 issues: Mass disconnects of all clients DNS not updating on clients For the first issue, I was not involved in troubleshooting but I could report to the Citrix admin of a mass disconnection event within a time range of 15 minutes. This helped the admin isolate the issue more quickly. For the DNS issue where the VPN clients could not update their A record we found that the fix from Citrix took so long that we had to implement our own temporary fix. We had the IP's that were connected via Nitro, so this allowed us to use remote PowerShell to query the registry and find the real hostname of the computer connected to the VPN. With this information, we could then update the DNS servers, again with PowerShell. After a few tweaks, the script worked as designed and no issues were reported until we got our final fix from Citrix. Update May 2024 After a Citrix update we could no longer connect to a single namespace. So if you connected to the passive node you would not get certain details back, like external IP. The fix for this was to find the MasterServer by querying the management server: $uri = "https://adminserver/nitro/v2/config/ns" $i_state = $in.ha_master_state While the passive and active nodes would not move around that often it does allow for unexpected issues.