NetScaler, WI and the Citrix Receiver 5.7.. “The gateway settings are incorrect”

For one of my projects I was configuring a NetScaler HA Pair and after configuring the SSL VPN for laptops I wanted to configure a session profile to reroute mobile users (iOS devices running the Citrix Receiver 5.7) based on their User-Agent in the HTTP Header to a ICA Proxy enabled WI Services site. The SSL VPN was working including 2fact auth and SSO so I knew the start was good ;-)

So I created the following session policy based on this manual:

Return to the NetScaler VPX configuration utility click Access Gateway > Policy Manager > Change group settings and user permissions.

Citrix Receiver 5.7

Select Session Policies and Create new session policy.

Citrix Receiver 5.7

The Create Access Gateway Session Policy window appears. Enter MobileAccess for the policy name and click New.

Citrix Receiver 5.7

Name the Session Profile MobileDevices, on the Published Applications tab Override Global for ICA Proxy, Web Interface Address, Web Interface Portal Mode and Single Sign-On Domain.

Enter the following:

ICA Proxy: ON

Web Interface Address: http://XA.demo.local/Citrix/MobileAccess/config.xml

Web Interface Portal Mode: NORMAL

Single Sign-on Domain: ctxdemo

In the Configure Access Gateway Session Policy window, next to Match Any Expression, click Add…

Expression  Type: General

Flow Type: REQ

Protocol: HTTP

Qualifier: HEADER

Operator: CONTAINS

Value: CitrixReceiver

Header Name: User-Agent

Select OKCreate and Close. The Access Gateway Session policy appears as an icon in the Access Gateway Policy Manager.

Under Configured Policies / Resources, expand the Virtual Servers > SmartAccess node and then drag the MobileAccessicon onto the SmartAccess > Session Policies icon.

Modify the priority of the policy so the MobileAccess policy has a high priority than the Remote Access policy.  This is done by assigning a lower policy number.

Close the Access Gateway Policy Manger and Save the configuration

After the configuration I tested it with my Ipad with the Citrix Receiver 5.7 and got an error “the gateway settings are incorrect”. After an extensive search on google I found  this post on the Citrix forums.

Apparently the Citrix Receiver 5.7 has a changed client header:

“CitrixReceiver/com.citrix.ReceiveriPad iOS/5.7 (build 170) CitrixReceiver-iPad CFNetwork Darwin VpnCapable

Which isn’t the problem but I am curious about the VpnCapable description that was added. The real problem was “Due to some new strings contained within the Citrix 5.7 Receiver“… So the Citrix Receiver 5.7 has some new strings that causes an error “The address given did not provide a valid App list. Please check the address, gateway settings, and your network connection”.

I changed the AG profile according to John War’s post:

On your AG session profile, ensure the following is set:

Clientless Access: Allow
Clientless Access URL encoding: Clear
Plugin Type: Java

 

The The gateway settings are incorrect error was resolved but I got new error that the app list couldn’t be retrieved, the solution was pretty easy. For the SSL VPN I had configured Client Clean Up and I had to overrule these settings in my Session Profile for the mobile clients in order to make this work.

After configuring the client clean up I could connect with both my ipad, iphone and galaxy SII.

The following two tabs change content below.

Kees Baggerman

Kees works for Nutanix as Senior Performance and Solution Engineer. His main areas of work are migrations and implementations of Microsoft and Citrix infrastructures and writing functional/technical designs.

2 comments

  1. […] my recent blogpost on “NetScaler, WI and the Citrix Receiver 5.7.. “The gateway settings are incorrect” you could read how I configured the Citrix NetScaler for mobile devices (ICA Proxy) and laptops […]

  2. […] NetScaler, WI and the Citrix Receiver 5.7.. “The gateway settings are incorrect” […]

Leave a Reply