So a couple of weeks ago I walked into the office in a happy mood with a cup of tea in one hand and a bacon roll in the other. Then it hit. No one can access our Citrix platform! Now, do I run away and hide or jump into the trenches and get it fixed.
So, lets get testing the issue. Try and launch an app… and yup we get an error.
So lets walk backwards:
- No errors on the app server – thats good
- No error on StoreFront – Also Good
- Lets check Federation Services. Yup theres an error around the certificate.
First thing to try is to see if the sergice is issuing certificates. Yup its issueing, so that side of things is ok. The issue here is an issue with the usage of the certificate.
Lets jump into the change schedule to see what may have changed. And yup, we applied the WIndows Update to the last of our Active Directory servers. Right that is a change
Going through this documentation to get the certificate error we see that the error we are having is related to the usage that the certificate is allowed for.
Right lets switch off Federation Services to get people working. In the meantime, we’ll update the Domain policy to allow smartcard and kerberos usage which will mean we can then turn on Federated Services.
After updating the domain certificate policy to include SmartCard and Kerberos usages (required now for the upcoming Feb Patch cycle) we can turn Federation Services back on and watch those certificates work.
Lilys Dad 
Leave a comment