CloudReady Not Playing Audio from MP4 Video Files

When using CloudReady OS it was noticed that downloaded (files saved directly on the device) mp4 and other video files were not playing audio when using the local ChromeOS player / default video player and the sound icon is greyed out. This also included previewing the same files direct from Google Drive.

(Update, another reader advised this is due to the retirement of Adobe Flash- TBC)


Install the proprietary Media Components now available from CloudReady

Actual solution available from cloudready

You may automatically see this prompt

If you dont see the prompt above simply click the bottom right hand side taskbar and then the settings Cog
Click ‘Install’ next to Proprietary Media Compoments
Read the Licence Agreement then click ‘Accept License’
Reboot your cloudready device

WorkArounds / Alternatives

If for whatever reason the proprietary media components don’t work you could alternatively install VLC as below. Note: This will not work with the native Browser / File integration you would need to browser for and open the video file from within VLC at all times in order for it to work.


Downloaded VLC for Chrome OS HERE
Click ‘add to chrome’ button
Click ‘Add App’
Click Launch App
VLC will prompt for a folder to browse, I selected Downloads directory and clicked open:
VLC will open the directory previously selected (in this example ‘Downloads’ and the video file(s) can be selected and opened inside VLC:
When opening any downloaded videos VLC should be accessed first from the Chrome ‘Start’ Menu. At the time of writing there wasn’t a way to replace the default local video player.
Newly added videos to the downloads directory will automatically appear in the ‘Video’ section of VLC


Migrating an Existing WordPress Site to AWS Lightsail


In this guide we will walk through the steps to to migrate an existing wordpress website to a new AWS Lightsail instance.

Create a New Lightsail Instance

Description Screenshot
Log into the AWS management console
Click Create Instance
Choose the AWS Region, Platform, and Blueprint

As this is a wordpress example we have chosen

London, Linux and an Apps+OS using WordPress

If necessary generate a new SSH key pair and be sure to download the private key PEM file.
Choose your Instance plan
Give your instance a name
Click Create Instance

Setup your Lightsail Instance – Networking

Description Screenshot
In Light sail > Instances > Left click your instance
Here you can connect to the instance via SSH

Click Connect using SSH

If you are keeping this instance then you should generate a Static IP Address for this instance so things like DNS can point to the server.

Click Networking > Create Static IP

Select the Instance to attach this static IP Address to and give your static ip a name
Click Create
Instantly the IP address will be added to the lightsail instance. If you had any ssh sessions opened previously you will need to reconnect

Note that you can have up to 5 static ip addresses for your account and they are free only if attached to running instances.

Setup your Lightsail Instance – Operating System

Description Screenshot
In the Lightsail console home

Click you instance

Click connect using SSH

In the console type to obtain the password of the wordpress ‘user’ account generated by bitnami cat bitnami_application_password

Copy the password locally and keep it safe for later use

Currently bitnami wordpress is limited to 40MB Uploads. You can edit the php.ini file and increase this as per this Bitnami Support doc

Browse to /opt/bitnami/php/etc/php.ini


In php.ini find

And change it to:


In php.ini find

And change it to:

; Maximum size of POST data that PHP will accept.

post_max_size = 512M

; Maximum allowed size for uploaded files.

upload_max_filesize = 512M

Restart Apache


sudo /opt/bitnami/ctlscript.sh restart


Update the WP All in one Plugin to work correctly upload files.

Known Error: Uploading a .wpress file from the local device would

In the console browse to

‘cd /opt/bitnami/wordpress/wp-content/plugins’


‘wget https://import.wp-migration.com/all-in-one-wp-migration-file-extension.zip’

Unzip the file Command:

‘unzip all-in-one-wp-migration-file-extension.zip’

Log out of the console


Setup your Lightsail Instance – WordPress Settings

Description Screenshot
User your internet browser to connect to the static IP address of your instance



User: user

Password: whatever you obtained from the previous step bitnami_application_password file in the console

Perform all wordpress updates – if available
Perform all plugin updates – if available
Update all themes – if available
Active the Wp All In One Migration Plugins
Click the Migration Import option in the left sidebar
Note the upload maximum is 512M (and not 40M)
Upload your .wpress file from a saved copy from your existing wordpress instance

(If you dont have one you can install the same Wp Migration plugin into your existing wordpress instance and ‘export’ it first so you can then import it to this new instance)

Warming: You must ALSO know the existing wordpress instances username and password as these will be overwritten when the import completes.

Click Proceed if happy to continue

Once complete be sure to click the ‘save permalinks structure’ and then click finish
Update your permalinks to your preferred format for your blog posts Choose the format, then click save

Site import complete

Final Steps

Description Screenshot
You should update the lightsail instance(s) with

sudo apt-get update

You should update any additionally imported wordpress themes or plugins and test the website is functioning perfectly.

Especially things like contact us forms, reauthorising plugins (and moving stats for jetpack to this new site)

You may need to import other things like ads.txt file or SSL certificates.

See this article on how to create and import an SSL Cert into your Lightsail instance.

You should go back to the Lightsail console and take snapshots of your instance(s)

Click Create Snapshot

You Should also enable automatic snapshots, where lightsail will store 7 consecutive snapshots of your Lightsail instance, taken every 24 hours at the same time.


You should change your DNS settings to newly point to the static IP address of your new lightsail instance BEFORE you terminate your old website.

DNS time to live settings can be long so sometimes people may have cached the DNS record for your website with the old ip address for hours or even days.






How to configure an AWS IoT Button

Cloud Video Walk Through – AWS IoT Button

In this video series mastersof.cloud walks through the steps of creating your own ‘personal alarm’ button and details how to configure an AWS IoT Button, join it to your wireless network, connect it to an amazon account, assign it to trigger a Lambda function which finally sends a notification to SNS (SMS message in this example).


Important Points to note

  1. Take note of your region when you register your button as not all SNS features are available in all regions (SMS capability is not available in AWS SNS in London eu-west-2 for example)
  2. This configuration differs to the AWS IoT 1-Click system so be sure you have a ‘blue’ AWS IoT Button and not something else.
  3. The button can only use a 2.4g wifi network
  4. there are reports of the buttons having a relatively limited lifetime (~2000 clicks, 90 days) so maybe best to program this for something that doesnt need to be clicked every 2 minutes 🙂

They have more videos here on their youtube channel


Create a NetScaler Gateway Preauthentication Policy

Step Description Screenshot
1 Expand >NetScaler Gateway > Policies > Preauthentication
2 Click Add
3 Name the policy something like PreAuthPol_Notepad-is-running

Click the + next to Request Action

Note: you can call it whatever you want, I like to keep a standard format when creating policies and profiles so they are distinguishable in the various screens and in the ns.conf file as well

 4 Click Create
5 Click Expression Editor

Select Expression Type of: Client Security

Component: Process

Name*: notepad.exe

Operator: EXISTS

Then click Done

 6 Note the expression is automatically created for you now as CLIENT.APPLICATION.PROCESS(notepad.exe) EXISTS


 7 Click Create
 8 Bind the new policy globally

Select NetScaler Gateway > NetScaler Gateway Policy Manager

 9 Click the + on AAA Global
 10 Click Add Binding
11 Click in the Click to Select
12 Select the only PreAuthPolicy available

Click Select

 13 Click Bind
 14 Click Done
15 Click Done
16 Browse to the gateway and check that before you type in any authentication credentials that the EPA scan is invoked

Click Yes

 17 EPA Scan with notepad not running
18 EPA Scan with notepad Running

Your users can now authenticate

 19 Authenticate against the NetScaler page again and then confirm you can access all NetScaler resources

If you want to learn more about Citrix NetScaler check out our online NetScaler course at www.mastersof.cloud

Sign-up to the Mastersof.cloud mailing list below to receive a free 200 page Citrix NetScaler Introduction guide!

[mc4wp_form id=”2763″]

Deploy the OVA File to Hypervisor – VMWare ESXi 6

In this section we are going to deploy the downloaded NetScaler firmware onto our hypervisor (VMWare).

Step Description Screenshot
Connect and authenticate to your VMWare ESX web console

Note: In this example we are connecting to VMWare ESXi 6.0 with a private IP of The default URL is

Click Virtual Machines

Click Create / Register VM

Select Deploy a virtual machine from an OVF or OVA File

Click the section labelled ‘Click to select files or drag/drop’

Select both the OVF and the VMDK files from the firmware file downloaded from citrix, then click Next
Select an appropriate storage location for your hypervisor to deploy the NetScaler VM
Choose the network mappings and disk provisioning best for you

Note: Disk provisioning is set to thin in this example only to save on local hypervisor disk space.

Click Finish on summary page
Click on the VM in the VMWare list
Authenticate to the VMWare console prompt with your VMware username and password
Click on the Console button to get access to the VM console

The NetScaler has booted and is operational

If you want to learn more about Citrix NetScaler check out our online NetScaler course at www.mastersof.cloud

Create Authorization Policies for NetScaler Gateway

Step Description Screenshot
1 Expand >NetScaler Gateway > Global Settings > Change Global Settings
2 Click Security tab

Change Default Authorization Action to DENY

Note: This change will affect all Gateways configured on the NetScaler that do not specifically reverse.

3 Expand NetScaler Gateway > Policies > Authorization Policies

Click Add

4 Create a new policy

In this example we will call it AuthPol_VPN_192.168.1.1 as the only ‘destination’ this policy will allow is to

5 Click Switch to Classic Syntax

Click Expression Editor

6 Enter the IP address details into the Expression Editor of the destination IP you want to allow access to
7 Click Create

Note: the Reg Expression has been ‘built for you by the editor’ you can type these manually if you know the commands (or find them online!)

8 Bind this new policy to a NetScaler User

NetScaler Gateway > User Administration >AAA Users

Select the user + Edit

Click + Authorization Policies

Select the Authorization policy

Click Bind

Tip: to bind this to LDAP users you must have username locally that matches

If you want to learn more about Citrix NetScaler check out our online NetScaler course at www.mastersof.cloud

Sign-up to the Mastersof.cloud mailing list below to receive a free 200 page Citrix NetScaler Introduction guide!

[mc4wp_form id=”2763″]

Configure Citrix NetScaler Gateway – ICA Proxy

In this guide we will connect the Citrix NetScaler to our Citrix XA/XD Environment for ICA proxy (Citrix Sessions without VPN).

Here you will see how quickly you can set up, secure and enable remote access to your Citrix environment via the NetScaler Gateway.

NOTE: you must have an active Citrix XenApp/XenDesktop server and a StoreFront server to proceed with the following steps.

Overview Diagram


Item Description
 * DNS is configured on the NetScaler correctly to resolve inside DNS addresses
 * The internal or private IP Address of the VIP assigned to the NetScaler Gateway *
 * Know the details of your Citrix Server STA (our Citrix DDC(s))
 * Firewall ports are open between the NetScaler and the StoreFront server
 * XenAPp / XenDesktop and StoreFront already configured and setup (otherwise retrieve attributes won’t work)
 * A Certificate for your NetScaler Gateway FQDN  is already installed on the NetScaler


Configure the NetScaler Gateway for XA/XD – Wizard

Step Description Screenshot
 1 Log into NetScaler GUI
2 Under Integrate with Citrix Products – Click XenApp and XenDesktop

Click Get Started

3 Ensure StoreFront Is selected and Click Continue on the Prerequisites

NOTE: you must have an active Citrix XenApp/XenDesktop server and a StoreFront server to proceed with the following steps. If not – please just follow along this guide to understand the steps involved.

4 Provide the details that are relevant to your StoreFront and Citrix XenApp setup

Gateway FQDN: gateway.jsconsulting.services

Gateway IP Address: Inside private IP address for the Virtual Server. (aka VIP)

Port: 443 (SSL)

Redirect: Tick this option if you are also forwarding http traffic to this VIP so the NetScaler will redirect the users to https.

Then click Continue

Note: In this guide we are using the following specific details as working examples – you should use the appropriate settings for your environment

 5 Because we enabled port 80 redirection the wizard will enable the LoadBalancing Feature on the NetScaler – Click Yes
 6 Select the certificate you have previously installed on the NetScaler.

Note: you should have the complete certificate chain installed on the NetScaler – a later video will go through these steps to ensure the complete Certificate chain is installed.

Click Continue

7 Keep Authentication as Domain

Select Use Existing Server

Select the server that has the ‘NSUsers’ profile associated (will be listed in order of creation so usually the second server in the list if you have followed our other guides)

8 Click Continue
 9 Enter the details of your StoreFront server

The retrieve stores button will not work if the StoreFront server is not configured. You will not be able to proceed with this wizard if you can’t ‘retrieve store’ as the wizard will not let you proceed manually


In this example our StoreFront and Citrix XenApp are installed on the same box so the URLs can point to the same server

 10 Click Continue
 11 On the summary pages, now all the basic settings have been entered you can click Done

If you want to learn more about Citrix NetScaler check out our online NetScaler course at www.mastersof.cloud

Signup below to receive a free 200 page Citrix NetScaler Introduction guide!

[mc4wp_form id=”2763″]

Configure NetScaler Gateway SSL VPN


Item Description
 * NetScaler configured with IP Address, Certificates and accessible from the clients either internally or remotely over the internet.
 * Ensure Split Tunnelling is Off
 * Port 443 forwarded from firewall / router to the NetScaler VIP
 * Ensure the Default Authorization on the global configuration is set to allow

Step Description Screenshot
1 Check NetScaler gateway feature is enabled System > Settings > Configure Basic Features

 2 Ensure Global settings for NS Gateway is set to Allow
3 Expand NetScaler Gateway

Click NetScaler Gateway Wizard

4 A Separate Wizard page will open

Click Get Started

5 Provide the details of your new gateway

Note: my details are provided as an example only

6 Select the existing Certificate already installed on your NetScaler

Click Continue

7 Select the default authentication of Local and Don’t select a secondary auth method

Once the wizard has completed create a user called nsgw-localuser

password: <yourpassword>

User Administration> AAA Users > Add Button

Click Continue

 8 You may close the dashboard that is opened by default after creation of the new Gateway
 9 Ensure your newly created gateway is added to DNS internally or externally (wherever you are connecting to it from)

Open a web browser to the NetScaler VIP


 10 Success!

If you want to learn more about Citrix NetScaler check out our online NetScaler course at www.mastersof.cloud

Sign-up to the Mastersof.cloud mailing list below to receive a free 200 page Citrix NetScaler Introduction guide!

[mc4wp_form id=”2763″]

Modify Default Storefront website for Citrix NetScaler Access

In newer versions of Citrix XenApp and XenDesktop (7.6+) if you selected to install Storefront, then the website will be preconfigured by the XA/XD Setup wizard. In order for this to function for Citrix NetScaler access there are some settings we need to set up in order for NetScaler to be able to connect to the StoreFront server and launch sessions.


Item Description
 * You will need to know the FQDN of your NetScaler Gateway
* The internal or private IP Address of the VIP assigned to the NetScaler Gateway*
 * Know the details of your Citrix Server STA (your Citrix DDC(s))

* The StoreFront server must be able directly communicate with the VIP of the NetScaler Gateway, otherwise when the StoreFront server resolves the FQDN it will resolve the internet IP address and potentially will not work.

Modify the Default Store

Step Description Screenshot
1 Log into Citrix Studio

Expand Citrix StoreFront

Select the Existing Store ‘Store Service’

Click Manage NetScaler Gateways

2 Click Add

Enter the Display name and the FQDN of the external Gateway URL

(In this example my gateway FQDN is called ‘gateway.jsconsulting.services’

Click Next

 3 Click Add

Enter the Name of your DDC

In our example we only have one server – which is the http://citrixserver.home.local/scripts/ctxsta.dll

Click Next

4 Enter the callback URL of the NetScaler Gateway ensuring your StoreFront server is able to resolve the FQDN to an internal/private ip address.

Click Create

 5 Close the Manage NetScaler gateways screen
6 Ensure the StoreFront / Citrix server can resolve the FQDN to the inside IP Address of the NetScaler Gateway

Use locally managed DNS if you have the Zone configured on your local DNS server(s)

Or use the Windows host file to add a private entry.

Remember if you have multiple storefront servers and multiple sites, host file management can quickly become time consuming and error prone. Ideally use internal DNS.

Note: Windows host file is located in c:\windows\system32\drivers\etc\hosts and has no extension. You may need to copy it to the users desktop first, manipulate the file, and copy it back due to Windows User Account Control (UAC)

7 Ensure the StoreFront server resolves the FQDN to the NetScaler inside VIP address

Note: In production environments ping may not be allowed between the NetScaler network and the StoreFront network(s) – you need to ensure that 443 TCP is opened and allowed through the Firewall from the StoreFront servers to the NetScaler VIP

8 Back in the Studio expand Manage Authentication Methods
9 Ensure Pass-through from NetScaler Gateway is ticked
10 Back in Studio Select your store and click Configure Remote Access Settings

Ensure you Enable remote access

Select No VPN Tunnel

Tick the NetScaler Gateway appliance listed

Click OK

If you want to learn more about Citrix NetScaler check out our online NetScaler course at www.mastersof.cloud

Signup below to receive a free 200 page Citrix NetScaler Introduction guide!

[mc4wp_form id=”2763″]

Citrix NetScaler Certificates – Certificate Linking

Sometimes there can be some certificates that exist between the newly created NetScaler cert and the Root CA Certificate. These certificates ‘in the middle’ are known as intermediary or subordinate certificates and form a link or ‘chain’ between the root CA certificate and our newly created NetScaler certificate.

For example:

When some operating systems don’t have the full chain of intermediary certificates installed (and trusted) they will display a ‘certificate invalid’ message even when the certificate itself is valid. This is because the operating system is unable to verify your server certificate all the way up the certificate chain to the root certificate. These certificates can be installed and provide to the end users to greater enhance the user’s ability to connect to the NetScalers regardless of their endpoint or client device.

Step Description Screenshot
1 Example: Connecting to a service or VIP on the NetScaler interface where we have bound the new Certificate shows an error in Chrome on Mac OSX

Note: This will vary between operating system and between CA certificate providers

2 Log into the NetScaler web interface

 3 Expand SSL > SSL Files

Click SSL > Certificates > CA Certificates

Click Install

 4 Upload the bundled certificate from your 3rd party CA

Click Install

 5 Expand SSL > SSL Files

Click SSL > Certificates > Server Certificates

Tick your newly created server certificate

Select Action – ‘Link’

6 Select the CA Certificate uploaded in step 3

Tip: The NetScaler will automatically select the correct / valid certificate (if it is installed correctly and exists)

 7 Repeat this step for every certificate in the certificate chain including the root certificate

If you want to learn more about Citrix NetScaler check out our online NetScaler course at www.mastersof.cloud

Signup below to receive a free 200 page Citrix NetScaler Introduction guide!

[mc4wp_form id=”2763″]