Azure Point to Site Error: A certificate could not be found that can be used with this Extensible Authentication Protocol.

While configuring Azure point to site VPN, you might get this error at the client side:

A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798) For customised troubleshooting information for this connection

while connecting, this error basically means that:

  • Either you are missing a EAP certificate in your personal store.
  • If you have installed the certificate already, it might not be ready for EAP usage, this can happen for different reasons, I have seen for example that you can’t use powershell to generate client certificates to use with Azure VPN, only makecert.exe works.

so calm down and focus on fixing the EAP certificate at the client side on the personal store, this is the source of the problem, make sure that you have the private key and that the certificate is issued by the same Root CA certificate installed on Azure Gateway and use Makecert to create the client certificate, a sample command would be:

makecert.exe -n “CN=SureskillzClient” -pe -sky exchange -m 96 -ss My -in “sureskillzRoot” -is my -a sha1

How to publish Citrix Xenapp/Xendesktop online without Netscaler using HTTP for workgroup computers

How to publish Citrix Xenapp/Xendesktop online without Netscaler using HTTP for workgroup computers

I always get this weired stuff, I am not sure if it is a curse or something, but I have got this request to publish Citrix XenApp 7.6 online without NetScaler and using HTTP for workgroup computers.


Previously, this was an easy task, but due to the changes Citrix has made to StoreFront and Citrix Receiver, it became a tedious task, so here are the simple guide that will give you the exact configuration to publish Citrix online, and allow workgroup computers to connect to it.


I will not walk you thought the Citrix Installation, I assume that Citrix installation and Configuration is done.


So let us go:

  • Modify the Citrix Storefront URL to match the External URL.

Because how Citrix Xenapp’s logic, you need to set the URL to match the External URL, you can do that from from the studio console:

Configure Base URL without Netscaler

Make sure that Delivery controller resolves the external name to its own internal IP, you can use hosts file to achieve this

  • Modify the global ICA settings file to include the external server name, the file is located at (C:\inetpub\wwwroot\Citrix\Store\App_Data\default.ica)







WinStationDriver=ICA 3.0




By now you are done with the server configuration, now you need to install the Citrix Receiver, you need to allow HTTP stores, add the PNA site, and configure the receiver NOT to use usernames and password (because these are workgroup computers), so let us go:


Install the receiver client usign the following command line:

CitrixReceiver.exe /ALLOWADDSTORE=A /ALLOWSAVEPWD=A /STORE0=”http://ExternalFQDN/Citrix/Store/PNAgent/config.xml;on;storename”


This will add the store and configure the receive to accept HTTP stores.


Now import the Receive ADM Files into the local group policy, and the authentication section and disable the username and password.

Configure Citrix Receiver password settings

By that time, you will be able to open your receiver and access your PNA store if the stars are alligned.



Installing Percona XtraDB my SQL Cluster on RHEL6.0 and Windows azure – notes from the field-1

I have been trying to install Percona MySQL Cluster on Linux Azure VM, I finally managed to do it after little struggle, I have sum’d my notes here because I believe that Percona needs to work on their documentation:

– Linux Preparation:

If you don’t have Linux subscription, then add Centos Rep using the following steps:

rpm -ivh epel-release-6-8.noarch.rpm


vi /etc/yum.repos.d/centos.repo

name=CentOS $releasever – $basearch

After completing these steps, you need to add Percona Repo:

yum install

Then you can proceed with the installation:

yum install Percona-Server-client-56 Percona-Server-server-56

Now you need to prepare MySQL configuration file, the configuration is different for the first node, a sample file is:

# Path to Galera library
# Cluster connection URL
# In order for Galera to work correctly binlog format should be ROW
# MyISAM storage engine has only experimental support
# This changes how |InnoDB| autoincrement locks are managed and is a requirement for Galera
wsrep_sst_method = rsync
wsrep_sst_auth = sstuser:secret

if you defined the wsrep_cluster_address , you need to bootstrap the cluster using the following command:

/etc/init.d/myslqd bootstrap-pxc –wsrep-cluster-address=”gcomm://”

This will instruct the first node to start without any other cluster node, later cluster nodes can be started using:

/etc/init.d/mysql start

before starting the second nodes, you need to do the following steps:

Grant Replication permission:


disable SELinux:

sudo setenforce 0

and configure the firewall to allow the required ports communications, once done you are fine and ready to go.