Citrix Access Gateway 5 Advanced Controller and iPad/iPhone access

And once again I found another great blogpost:

 Hi,
what I want to show you here is the configuration of a Citrix Access Gateway 5 with Advanced Controller for an iPhone/iPad Access to your XenApp/XenDesktop environment, because it isn’t documented now.

I got a lot of questions from partners regarding such a config so I did a demo config and you can see it below with all the Screen Shots.

I divided the config into 5 Steps:

  • Configuration on the WebInterface 5.4
  • Configuration on the Advanced Controller 5.0.2
  • Settings on the iPhone
  • Settings on the iPad
  • Additional information.

 

 Configuration on the Webinterface 5.4
Step1 First of all configure a XenApp Services Site-for the iPhone Access on your WebInterface Server. The name of the XenApp Services-Site in my example is “iPhone”.   

Manage Server Farm Config:

Step  2 Next configure the XML Service. Please enter the Server acting as a XML Service (and Port) of your XenApp Serverfarm or XenDesktop Site here. 
Authentication Methods:
Step  3 Set the Authentication Methode to “Prompt”. You can also pre populate and hide your Domain Name. It’s easier for your Users :-)  

Secure Access Settings:

Step  4 The Secure Access Method in my environment is set to “Gateway direct”. Define your Access Method (e.g. Gateway translated) here. 
Step  5 Enter the FQDN of your Citrix Access Gateway.
This FQDN will your Users use to connect to the Access Gateway.Don’t enable “Session reliability”.
Don’t enable “Request tickets from two STAs where available”.
Step  6 Configure your Secure Ticket Authority URL (STA) next.Keep in mind to configure the same STA URL as you use in your Access Gateway config. When you have changed the default  XML Services Port (80) on your XenApp Server(s) acting as STA Server to another Port (e.g. 8080) then you must put the Port Number into the URLe.g: http://Xenapp.citrix.com:8080/scripts/ctxsta.dllSee also in this document the – “ Settings  Access Gateway Appliances – Global Properties” – at the end of the document (Step 16).

 

 Configuration on the Advanced Controller 5.0.2 

Advanced Controller Web Resource Properties:

Step 1 Please be sure that you use at least the Version 5.0.2 of the Access Gateway 5 Advanced Controller and at least the 5.0.2 Citrix Access Gateway Release.
Step 2 The Name of the Web Resource in my example is “iPhone as WI”.
 Step 3 The Web Address is the configured XenApp Services-Site on WI 5.4 and the Application Type is “Citrix Webinterface”.Be sure to set the Web Address correct.Enter in the Web Address your Webinterface Website, without config.xml.
In the Home Page field enter the Webinterface Site with the config.xml
Step 4  

Advanced Controller Policy Properties:

Step 5
Step 6 The name of the Policy is “Mobile Access”.
Step 7 The Web Resource “iPhone as WI” is activated.
Step 8 Only the Web Resource Settings is changed to “Basic”.
Step 9 No Filter is configured in my environment.
Step 10 Add your AD Group or Users who should have access.

Advanced Controller Logon Point Properties:
Step 11 Configure a Logon Point for the iPhone/iPad Access. I used the name “iPhone” for the Logon Point.
Step 12  Make the following settings for the Logon Point.

  •  The Name of the Logonpoint is “iPhone”.
  • The  Logonpoint Type is “Basic”.
  • „Unauthenticated“ is activated

Step 13  The Home Page for the Logonpoint is “iPhone as WI”.
Step 14 Enable the Logon Point.

Access Gateway Appliances – Global Properties:


Step 15  It is important that you configure here the same STA Servers as you have configured on your Webinterface Server.
Step 16 Configure the IP Address Range of your XenApp Servers or XD Desktops in the “ICA Access Control” Property.

Citrix Access Controller Server Configuration Tool:

Step 17 The new created Logon Point “iPhone” must be deployed to the Access Gateway.
Start the Server Configuration Tool – go to Logon Points – mark your new Logon Point “iPhone” and click Deploy.
 iPhone Settings:
Citrix Receiver for iPhone VersionAt least Version 4.0.1
Install the Root Certificate of your Issuer on your device.
Obtain the certificate issuer’s root certificate and email it to an account configured on your device. When clicking the attachment, you are asked to import the root certificate.
Address:
https://”FQDN-yourCAG”/http/”FQDN-yourWebinterface”/citrix/”yourWebsite/config.xml
My Example:
https://mobileaccess.demo.de/http/wi.citrus.local/citrix/iphone/config.xml
Username:
Your User
Password:
Your Password
Domain:
Your Domain
Gateway Settings:
No
 iPad Settings:
Citrix Receiver for iPad Version:
At least Version 4.2.3
Install the Root Certificate of your Issuer on your device.
Obtain the certificate issuer’s root certificate and email it to an account configured on your device. When clicking the attachment, you are asked to import the root certificate.
Address:
https://”FQDN-yourCAG”/lp/”iphone-Logonpoint”
My Example:
https://mobileaccess.demo.de/lp/iphone
Username:
Your User
Password:
Your Password
Domain:
Your Domain
 Additional Information:
Session Viewer:You can’t see iPhone or iPad connections in the Advanced Controller Session Viewer.
Logonpoint Test:You can test your Logonpoint with a Webbrowser.
Enter the Website https://”FQDN-yourCAG”/lp/”iphone-Logonpoint” in Internet Explorer and you should redirected to https://”FQDN-yourCAG”/http/”FQDN-yourWebinterface”/citrix/”yourWebsite/config.xml.The Config.xml of your XenApp Services Site  should be displayed in your browser
The following two tabs change content below.

Kees Baggerman

Kees Baggerman is a Staff Solutions Architect for End User Computing at Nutanix. Kees has driven numerous Microsoft and Citrix, and RES infrastructures functional/technical designs, migrations, implementations engagements over the years.

5 comments

  1. tingemoto says:

    Nice stuff, you seem like you are right into xenapp, I have recently completed some deployments with 6.5 but have noticed the following – see my forum post.

    http://forums.citrix.com/thread.jspa?threadID=294254&tstart=0

    It seems like a bug to me, do you see the same issue?

  2. tingemoto says:

    Thanks, I am in the process to log a call with Citrix as well,

  3. tingemoto says:

    Did you get a moment to have a look over this one?
    Cheers

    • k.baggerman says:

      I finally had some time to give this a try but our test environment is currently being rearranged, when I get a chance I will test this for you. Any luck with Citrix support so far?

Leave a Reply