Well, this is where I got stalled yesterday... First, my system is so old that it still says "Presentation Server", and it is 4.5. How does one determine the version of license server?
In my assorted Citrix apps and consoles, I cannot find license server version information. If I go to the Windows control panel, "Add or Remove Programs", it claims Citrix License server is also 4.5 (like the rest of the Citrix pieces). Meanwhile, really soon plans call for nuking this server and setting up a brand new one - and making sure EVERYONE knows how to maintain it. Thanks again! -- richard From: Webster [mailto:webs...@carlwebster.com] Sent: Wednesday, January 11, 2012 9:35 AM To: NT System Admin Issues Subject: Re: IIS 6.0 Security Use either license server 11.6.1 or better 11.9. 11.9 may require you to return, reallocate and re download your license file(s). But that is a 2 minute project at worst. 1.9 is required for XenApp 6.5 and XenDesktop 5.5 (and maybe 5.0) as Citrix has implemented new licensing features. 11.9 will read the old license files with no issues BUT if you need to use XenApp 6.5 or XenDesktop 5.5, you WILL need to redo your license file. The nice thing about Citrix license server 11.6 and higher is that it no longer requires Java or IIS. That removes a couple of security risks for you right there. There is a new 11.10 license server but I have not tested that. Carl Webster Consultant and Citrix Technology Professional http://www.CarlWebster.com<http://www.carlwebster.com/> From: Richard McClary <richard.mccl...@aspca.org<mailto:richard.mccl...@aspca.org>> Reply-To: NT Issues <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Date: Wed, 11 Jan 2012 15:21:44 +0000 To: NT Issues <ntsysadmin@lyris.sunbelt-software.com<mailto:ntsysadmin@lyris.sunbelt-software.com>> Subject: RE: IIS 6.0 Security Thanks! Those docs will be revised soon as TLS 1.0 has also been cracked. (My ancient server does not yet use TLS 1.1, which is currently still "secure".) Now to deal with the TLS Renegotiation... I found a Citrix patch (PSE450R06W2K3030). Now this is where inheriting a Citrix system comes to bite. That hot fix requires a previously release roll-up. That roll-up requires a new version of license server (I seem to remember 11.something). The page goes on to say the roll-up will work with older license server versions, but it will then make the hosted applications unavailable. NICE! From: Webster [mailto:webs...@carlwebster.com] Sent: Tuesday, January 10, 2012 4:58 PM To: NT System Admin Issues Subject: RE: IIS 6.0 Security The Citrix eDocs says if you are using SSL v3 you are not FIPS compliant. You have to use TLS 1.0. SSL/TLS and FIPS Compliance When configured properly, deployments using TLS 1.0 can use FIPS 140-validated cryptographic modules in a manner that is compliant with FIPS 140-2; SSL 3.0 is not FIPS compliant. For more information, refer to the Guidelines for the Selection and Use of the Transport Layer Security (TLS) implementations at http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me by reply email and permanently delete the original and any copy of this e-mail and any printout thereof. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin