ICA Client connections via Secure Gateway & SSL Relay fail due to expired VeriSign Global Server Intermediate Root CA

The VeriSign Global Server Intermediate Root Certificate expires on January 7, 2004. If your Secure Gateway or SSL Relay server is using a VeriSign Global Server ID certificate, you may need to update the intermediate certificate.

Symptoms

All Citrix ICA Clients versions connecting via Secure Gateway or the Citrix SSL Relay Service through NFuse and/or Web Interface using the VeriSign Global Server Intermediate Root Certificate fails.

When you try to connect to a MetaFrame presentation server through Secure Sockets Layer (SSL), you may receive one of the following error messages:

1. The connection was rejected. The SSL certificate is no longer valid. Please contact your Citrix Administrator (SSL error 70)

2. The server sent an expired security certificate. The certificate “O=Verisign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA – Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign” is valid from Thursday, April 17, 1997 to Wednesday, January 7, 2004.

3. Security alert: A security certificate has expired or is not yet valid. The certificate “O=Verisign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA – Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign” is valid from Thursday, 17 April, 1997 to Wednesday, 7 January, 2004.

Cause

This problem occurs because the old VeriSign [128-bit SSL] Global Server Intermediate Root CA expires on January 7, 2004. Servers that are using this public root certificate that have not been updated with the new Global Server Intermediate Root CA may encounter problems when they try to establish SSL sessions after January 7, 2004.

This problem will be observed by all ICA client platforms and versions attempting to connect through an affected Secure Gateway or SSL Relay service.

Citrix Administrators

Verify that all Secure Gateway and SSL Relay servers that are currently running with VeriSign certificates have updated the Intermediate Root Certificate Authorities (CA’s). As of January 7, 2004 they will no longer be able to establish SSL sessions if they haven’t.

The Gateway & SSL Relay Services need to be restarted for the changes to take effect.

More information

For more information about this problem, please visit the following VeriSign Web site:

http://verisign.com/support/vendors/exp-gsid-ssl.html

For information about how to replace the VeriSign Global Server ID Intermediate Root CA, visit the following VeriSign Web site:

https://www.verisign.com/support/site/caReplacement.html

Please read the directions at this site carefully prior to attempting to update your servers Intermediate CA information. The updated certificate must be imported to the Local Computer > Intermediate Certification Authorities > Certificates store using the MMC Certificates snap-in. After updating the certificate, restart the Secure Gateway or SSL Relay service.

You will need to verify that all web servers, Secure Gateway servers and MetaFrame servers running the Citrix SSL Relay Service with VeriSign certificates have updated the Intermediate Root Certificate Authorities (CA’s). After January 7, 2004 they will not be able to establish SSL sessions until the intermediate certificate is updated.

Note: The updated intermediate root certificate has the following properties:

Issued to: www.verisign.com/CPS <http://support.citrix.com/article/CTX103235&searchID=-1

Removing Terminal Server licenses from an RDP client

32 bit RDP clients store their license under the key HKEY_LOCAL_MACHINESoftwareMicrosoftMSLicensing.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To clean the client’s license cache, just delete this key and its subkeys. The next time the client connects to the server, it will obtain another license.

Migrate Content and Approvals from SUS to WSUS

Here is a short description on how to migrate Content and Approvals from SYS to WSUS. First di the following:

1. Install the new WSUS server.
2. Configure it (Proxy, Update types and so on
3. Synchronize the WSUS server with Microsoft

Migrate Content and Approvals from SUS to WSUS

Now that you have configured and synchronized WSUS, you can migrate content and approvals from the SUS server(s) in your environment to your WSUS server. Migrate content and approvals from the local SUS server first. If you have additional SUS computers, you can configure SUS for remote migration and then migrate any remote content and approvals, mapping these approvals to a WSUS target group. This is optional.

Step 5 contains the following procedures:

Migrate local content and approvals.

Create WSUS target groups for mapping remote SUS approvals (optional).

Share remote content on SUS for migration to WSUS (optional).

Migrate remote content and approvals, mapping approvals to WSUS target groups (optional).

Use WSUSutil.exe to migrate local SUS content and approvals. By default, WSUSutil.exe appears in the following location:

WSUSInstallationDrive:Program FilesUpdate ServicesTools

You must be a member of the local Administrators group on the WSUS server to import approvals or content from SUS. These operations can only be run from the WSUS server itself. You can only run WSUSutil.exe on a 32-bit platform.

Although SUS does not have to be running in order for you to move updates or approvals, you do have to make sure that SUS is not synchronizing before you migrate content or approvals. Although WSUSutil.exe allows you to move both approvals and updates, you are not required to migrate one, the other, or both.

To migrate local content and approvals from SUS and map approvals to the All Computers target group on WSUS

1.

At the command prompt, navigate to the directory that contains WSUSutil.exe.

2.

Type the following:

wsusutil.exe migratesus /content PathToLocalSUSContent /approvals SUSServerName /log filename

For example:

wsusutil.exe migratesus /content c:suscontentcabs /approvals sus1 /log local_migration.log

Mapping remote approvals to a WSUS computer group is optional. It is helpful if you have multiple SUS servers in a single location and want to consolidate the SUS servers onto one WSUS server. If you intend to map remote SUS approvals to a WSUS computer group, first create the group on WSUS.

To create a computer group

1.

In the WSUS console toolbar, click Computers.

2.

Under Tasks, click Create a computer group.

3.

In the Group name box, type a name for your new computer group, and then click OK.

Once you have created the WSUS target group, you can migrate remote approvals and content by using WSUSutil.exe. This command-line utility uses HTTP to get approvals and SMB to copy updates from a remote SUS installation. To copy updates from a remote computer, this tool requires Read share permissions on the remote SUS Content folder and all its subfolders.

To share remote content on SUS for migration to WSUS

1.

On the remote SUS computer, locate the SUS content store in the file system. By default, SUS content is stored in C:SUSContent.

2.

Right-click the Content folder, and then click Sharing and Security (or Sharing, on computers running Windows 2000).

3.

In the Properties dialog box for the Content folder, click Share this folder.

4.

Click the Security tab, and ensure that the Everyone group has Read NTFS permissions for the Content folder.

5.

Click OK.

6.

Repeat this step on each SUS server you intend to migrate.

To migrate remote content and approvals from SUS and map approvals to a custom computer group on WSUS

1.

At the command prompt, navigate to the folder that contains WSUSutil.exe.

2.

Type the following:

wsusutil.exe migratesus /content LocationOfRemoteSUSContent /approvals SUSServerName  WSUSTargetGroupName” /log filename

For example:

wsusutil.exe migratesus /content \sus1contentcabs /approvals sus1 “all desktops” /log remote_migration.log

 

Source: Microsoft

Kokospanerag Lax i Saffranssås

4 Personer

500 g Laxfilé, skinn och benfri
1 Ägg
2 dl Kokosflingor
3/4 dl Hackad bladperlilja
1 tsk Salt
1 krm Cayennepeppar
2 msk Smör
2 dl Creme Fraiche Saffran & Tomat (alt 2 dl Creme Fraiche, 0,5 g saffran och 1/2 msk Tomatpuré)
1 dl Vatten
2 msk koncentrerad kycklingfond

Till Servering:

Pasta eller ris
400g djupfrysta grillade pränsaker
20 g Ruccola

Gör så här:

  1. Skär laxen i portionsbitar om det inte redan är gjort
  2. Vispa upp ägget. Blanda kokosflingorna och hackad persilja på ett fat. Salta och peppra laxbitarna. Doppa dem i ägget och sedan i kokosflingorna.
  3. Stek fisken i smör ca 1-5 minuter per sida på svag värme. Salta och peppra.
  4. Blanda Creme Fraiche, vatten och fond, häll blandningen runt om fisken. Låt sjuda några minuter.
  5. Servera med färsk pasta, t.ex fjärilar och grillade eller wokade grönsakerblandade med rucola.

Källa: Vardagsfavoriter

Nyårsmeny

LÄCKRA MUMSBITAR PÅ RÖKT HJORT

http://www.svenskhjortavel.com/templates/recept.asp?artid=23589

200 g rökt hjortkött, 6 msk creme fraiche, ca 2 msk riven pepparot, tunna kavringsskivor,
gärna uttagna till rundlar, smör. Garnering 50 g löjrom.

Hacka det rökta köttet el. kör det i matberedare, blanda med creme fraiche och pepparot
Bred smör på brödet och en rejäl klick av röran och garnera med lite löjrom. Ca 12 mumsbitar

Lammfilé med citronpesto
8 personer

1200 g putsad lammfilé (kycklingfilé eller fläskfilé)
2 tsk grovmald svartpeppar
2 msk olja
4 msk smör
2 tsk salt

citronpesto:

2-4 vitlöksklyftor
2 krukor basilika
2 dl pinjenötter (skållad skalad mandel går lika bra)
1 msk pressad citron
2 krm sambal oelek (vi har mycket hemma – säg till om det ska med)
3 dl jungfruolja, rumstempererad
1 tsk salt

Italiensk grönsakskaka

2 + 4 msk olivolja
2 zucchini
½ finstrimlad purjolök
16 potatisar
2 tomater
2 tsk salt

Gör så här:
Peston:
1/ Pressa vitlök och kör i mixer med basilikablad, nötter/mandel citron och
sambal.
2/ Tillsätt oljan i en tunn stråle under gång och smaka av med salt.

Köttet
1/ Peppra och bryn köttet över god värme runt om i olja och smör till nätt
och jämt genomstekt (lamm). Salta under tiden. (Alternativt bryn och baka
sedan klart i ugnen med köttermometer.)
2/ Svep köttet i folie och låt vila några minuter innan det skärs upp och
serveras med peston.

Potatisen
1/ Värm ugnen till 225°.
2/ Olja en långpanna och förvärm den i ugnen.
3/ Skiva zucchini riktigt tunt, finstrimla purjo. Stek snabbt i resten av
oljan.
4/ Skala och torka potatisen.
5/ Skiva den tunt i matberedare (gärna) och skiva sen tomaterna för hand.
6/ Blanda potatis, tomat, zucchini och puroj med salt i den förvärmda
formen/plåten.
7/ Grädda tills grönsakerna är mjuka med knapriga i kanten. Ca 40 minuter
mitt i ugnen (kan ta längre tid.)

Semifreddo med punsch och varm kolasås
http://svt.se/svt/jsp/Crosslink.jsp?d=6265&a=511848

Beräknat för 4 portioner

2 dl maränger
250 g ricottaost
450 g mascarponeost
3 msk florsocker
2 msk punsch
skal och saft från 1 apelsin

Kolasås:
2 dl grädde
1 dl socker
1 dl ljus sirap
2 msk smör

1/2 färsk ananas till servering

Gör så här:
Den här rätten går bra att förbereda dagen innan den skall serveras.

Dagen innan
Krossa marängerna grovt och blanda med ricottaost, mascarponeost,
florsocker, punsch samt rivet apelsinskal och -saft. Rör försiktigt
så inte osten får en för lös konsistens.

Lägg i portionsformar och jämna till ytan. Ställ in i frysen dagen
innan, eller i minst 2-3 timmar.

Serveringsdagen
Ta ut semifreddon ur frysen och ställ i kylen i ca 10-15 minuter
innan servering.

Blanda alla ingredienserna till kolasåsen i en kastrull, koka i ca
15 minuter. Såsen ska få en seg och rinnig konsistens.

Skala och kärna ur ananasen, skiva den tunt. Lägg 5-6 skivor ananas
omlott på varje assiett.

Stjälp upp en semifreddo på varje tallrik. Doppa formarna i varmt
vatten så lossnar de lätt. Lägg en ananasskiva på toppen av varje
semifreddo och slå till sist över lite av den varma kolasåsen.