How to enable horizonlocaladmin

When you enable and configure Active Directory authentication on Horizon DaaS Tenants, the horizonlocaladmin account gets disabled. In case if AD account is not working, the only option is to enable horizonlocaladmin account. 

We will look at how we can disable horizonlocaladmin account.

NOTE: All the commands are in Bold Italic

Log into the primary tenant appliance through SSH

Connect to the fabric database psql -U admin -d fdb

View the registered domains using select * from domain;

To delete the domains, issue the command delete * from domain;

You also need to need to delete the Identity sources from AVDB database

psql -U avadmin -d avdb

View the registered identity sources using select * from xms_identity_services;

Then, delete the identity sources with Delete * from xms_identity_services;

Again, connect back to the fabric database psql -U admin -d fdb

Finally, enable the horizonlocaladmin account by issuing the below command

update fabric_properties set value=’true’ where name=’local.account.enabled’;

You can safely access the DaaS Service center and Reset the tenant password as per your preference.

Firepower IPSEC VPN tunnel issues with Remote ACL

When you work with Cisco Firepower firewall systems, you may come across issues related to ACLs. What happens is Firepower systems drop any remote traffic even if the correct ACLs are in place. To resolve this issue a workaround can be applied. 

The parameter is sysopt connection permit-vpn can be enabled. On ASA systems, this is enabled by default. But not on firepower systems. We will look at how we can enable this parameter on Firepower Device Manager (FDM).

Go to FDM GUI > Device > Advanced Configuration > View Configuration

Click on FlexConfig Objects and click on the ‘+’ icon to create a new FlexConfig object, give it a name

Click on the ‘+’ icon for the ‘Variables’ section. Give the variable any name, and select ‘string’ as its type. Enter ‘sysopt’ (without quotes) as the value, and click ok.

In the template section, type {{vpnSysVar}} connection permit-vpn

Go to Flexconfig policy and add the newly created Flexconfig object. 

Finally, Save and deploy the changes.