Citrix: CAG 5 Advanced Controller and iPad/iPhone access

Kees Baggerman | September 20, 2011

Citrix Access Gateway 5 Advanced Controller and iPad/iPhone access

And once again I found another great blogpost:

Hi,
what I want to show you here is the configuration of a Citrix Access Gateway 5 with Advanced Controller for an iPhone/iPad Access to your XenApp/XenDesktop environment, because it isn’t documented now.

I got a lot of questions from partners regarding such a config so I did a demo config and you can see it below with all the Screen Shots.

I divided the config into 5 Steps:

Configuration on the WebInterface 5.4

Configuration on the Advanced Controller 5.0.2

Settings on the iPhone

Settings on the iPad

Additional information.

Configuration on the Webinterface 5.4

Step1 First of all configure a XenApp Services Site-for the iPhone Access on your WebInterface Server. The name of the XenApp Services-Site in my example is “iPhone”.

Manage Server Farm Config:

Step 2 Next configure the XML Service. Please enter the Server acting as a XML Service (and Port) of your XenApp Serverfarm or XenDesktop Site here.

Authentication Methods:

Step 3 Set the Authentication Methode to “Prompt”. You can also pre populate and hide your Domain Name. It’s easier for your Users

Secure Access Settings:

Step 4 The Secure Access Method in my environment is set to “Gateway direct”. Define your Access Method (e.g. Gateway translated) here.

Step 5 Enter the FQDN of your Citrix Access Gateway.
This FQDN will your Users use to connect to the Access Gateway.Don’t enable “Session reliability”.
Don’t enable “Request tickets from two STAs where available”.

Step 6 Configure your Secure Ticket Authority URL (STA) next.Keep in mind to configure the same STA URL as you use in your Access Gateway config. When you have changed the default XML Services Port (80) on your XenApp Server(s) acting as STA Server to another Port (e.g. 8080) then you must put the Port Number into the URLe.g: http://Xenapp.citrix.com:8080/scripts/ctxsta.dllSee also in this document the – “ Settings Access Gateway Appliances – Global Properties” – at the end of the document (Step 16).

Configuration on the Advanced Controller 5.0.2

Advanced Controller Web Resource Properties:

Step 1 Please be sure that you use at least the Version 5.0.2 of the Access Gateway 5 Advanced Controller and at least the 5.0.2 Citrix Access Gateway Release.

Step 2 The Name of the Web Resource in my example is “iPhone as WI”.

Step 3 The Web Address is the configured XenApp Services-Site on WI 5.4 and the Application Type is “Citrix Webinterface”.Be sure to set the Web Address correct.Enter in the Web Address your Webinterface Website, without config.xml.
In the Home Page field enter the Webinterface Site with the config.xml

Step 4

Advanced Controller Policy Properties:

Step 5

Step 6 The name of the Policy is “Mobile Access”.

Step 7 The Web Resource “iPhone as WI” is activated.

Step 8 Only the Web Resource Settings is changed to “Basic”.

Step 9 No Filter is configured in my environment.

Step 10 Add your AD Group or Users who should have access.

Advanced Controller Logon Point Properties:

Step 11 Configure a Logon Point for the iPhone/iPad Access. I used the name “iPhone” for the Logon Point.

Step 12 Make the following settings for the Logon Point.

The Name of the Logonpoint is “iPhone”.

The Logonpoint Type is “Basic”.

„Unauthenticated“ is activated

Step 13 The Home Page for the Logonpoint is “iPhone as WI”.

Step 14 Enable the Logon Point.

Access Gateway Appliances – Global Properties:

Step 15 It is important that you configure here the same STA Servers as you have configured on your Webinterface Server.

Step 16 Configure the IP Address Range of your XenApp Servers or XD Desktops in the “ICA Access Control” Property.

Citrix Access Controller Server Configuration Tool:

Step 17 The new created Logon Point “iPhone” must be deployed to the Access Gateway.
Start the Server Configuration Tool – go to Logon Points – mark your new Logon Point “iPhone” and click Deploy.

iPhone Settings:

Citrix Receiver for iPhone VersionAt least Version 4.0.1

Install the Root Certificate of your Issuer on your device.
Obtain the certificate issuer’s root certificate and email it to an account configured on your device. When clicking the attachment, you are asked to import the root certificate.

Address:
https://”FQDN-yourCAG”/http/”FQDN-yourWebinterface”/citrix/”yourWebsite/config.xml
My Example:
https://mobileaccess.demo.de/http/wi.citrus.local/citrix/iphone/config.xml

Username:
Your User

Password:
Your Password

Domain:
Your Domain

Gateway Settings:
No

iPad Settings:

Citrix Receiver for iPad Version:
At least Version 4.2.3

Install the Root Certificate of your Issuer on your device.
Obtain the certificate issuer’s root certificate and email it to an account configured on your device. When clicking the attachment, you are asked to import the root certificate.

Address:
https://”FQDN-yourCAG”/lp/”iphone-Logonpoint”
My Example:
https://mobileaccess.demo.de/lp/iphone

Username:
Your User

Password:
Your Password

Domain:
Your Domain

Additional Information:

Session Viewer:You can’t see iPhone or iPad connections in the Advanced Controller Session Viewer.

Logonpoint Test:You can test your Logonpoint with a Webbrowser.
Enter the Website https://”FQDN-yourCAG”/lp/”iphone-Logonpoint” in Internet Explorer and you should redirected to https://”FQDN-yourCAG”/http/”FQDN-yourWebinterface”/citrix/”yourWebsite/config.xml.The Config.xml of your XenApp Services Site should be displayed in your browser

Bio
Latest Posts

Kees Baggerman

Kees Baggerman is a Staff Solutions Architect for End User Computing at Nutanix. Kees has driven numerous Microsoft and Citrix, and RES infrastructures functional/technical designs, migrations, implementations engagements over the years.

Latest posts by Kees Baggerman (see all)

Nutanix AHV and Citrix MCS: Adding a persistent disk via Powershell – v2 - November 19, 2019
Recovering a Protection Domain snapshot to a VM - September 13, 2019
Checking power settings on VMs using powershell - September 11, 2019
Updated: VM Reporting Script for Nutanix with Powershell - July 3, 2019
Updated (again!): VM Reporting Script for Nutanix AHV/vSphere with Powershell - June 17, 2019

Category: Access Gateway, Citrix, XenApp, XenDesktop | Tags: Citrix, Ipad, Iphone, Web Interface, XenApp

5 comments

tingemoto says:

September 26, 2011 at 06:22

Nice stuff, you seem like you are right into xenapp, I have recently completed some deployments with 6.5 but have noticed the following – see my forum post.

http://forums.citrix.com/thread.jspa?threadID=294254&tstart=0

It seems like a bug to me, do you see the same issue?

Reply
- k.baggerman says:
  
  September 26, 2011 at 19:02
  
  I’ll give it a try tomorrow when I’m able to connect to our demo environment and get back to you asap.
  
  Reply
tingemoto says:

September 26, 2011 at 22:40

Thanks, I am in the process to log a call with Citrix as well,

Reply
tingemoto says:

September 27, 2011 at 23:24

Did you get a moment to have a look over this one?
Cheers

Reply
- k.baggerman says:
  
  October 3, 2011 at 18:27
  
  I finally had some time to give this a try but our test environment is currently being rearranged, when I get a chance I will test this for you. Any luck with Citrix support so far?
  
  Reply

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

My Virtual Vision

Citrix Access Gateway 5 Advanced Controller and iPad/iPhone access

Manage Server Farm Config:

Secure Access Settings:

Advanced Controller Web Resource Properties:

Advanced Controller Policy Properties:

Access Gateway Appliances – Global Properties:

Citrix Access Controller Server Configuration Tool:

Kees Baggerman

Latest posts by Kees Baggerman (see all)

Related

5 comments

Leave a ReplyCancel reply

Categories

Blogroll

	*Configuration on the Webinterface 5.4*
Step1	First of all configure a XenApp Services Site-for the iPhone Access on your WebInterface Server. The name of the XenApp Services-Site in my example is “iPhone”.
	Manage Server Farm Config:
Step 2	Next configure the XML Service. Please enter the Server acting as a XML Service (and Port) of your XenApp Serverfarm or XenDesktop Site here.
	Authentication Methods:
Step 3	Set the Authentication Methode to “Prompt”. You can also pre populate and hide your Domain Name. It’s easier for your Users
	Secure Access Settings:
Step 4	The Secure Access Method in my environment is set to “Gateway direct”. Define your Access Method (e.g. Gateway translated) here.
Step 5	Enter the FQDN of your Citrix Access Gateway. This FQDN will your Users use to connect to the Access Gateway.Don’t enable “Session reliability”. Don’t enable “Request tickets from two STAs where available”.
Step 6	Configure your Secure Ticket Authority URL (STA) next.Keep in mind to configure the same STA URL as you use in your Access Gateway config. When you have changed the default XML Services Port (80) on your XenApp Server(s) acting as STA Server to another Port (e.g. 8080) then you must put the Port Number into the URLe.g: http://Xenapp.citrix.com:8080/scripts/ctxsta.dllSee also in this document the – “ Settings Access Gateway Appliances – Global Properties” – at the end of the document (Step 16).

	Configuration on the Advanced Controller 5.0.2
	Advanced Controller Web Resource Properties:
Step 1	Please be sure that you use at least the Version 5.0.2 of the Access Gateway 5 Advanced Controller and at least the 5.0.2 Citrix Access Gateway Release.
Step 2	The Name of the Web Resource in my example is “iPhone as WI”.
Step 3	The Web Address is the configured XenApp Services-Site on WI 5.4 and the Application Type is “Citrix Webinterface”.Be sure to set the Web Address correct.Enter in the Web Address your Webinterface Website, without config.xml. In the Home Page field enter the Webinterface Site with the config.xml
Step 4
	Advanced Controller Policy Properties:
Step 5
Step 6	The name of the Policy is “Mobile Access”.
Step 7	The Web Resource “iPhone as WI” is activated.
Step 8	Only the Web Resource Settings is changed to “Basic”.
Step 9	No Filter is configured in my environment.
Step 10	Add your AD Group or Users who should have access.
	Advanced Controller Logon Point Properties:
Step 11	Configure a Logon Point for the iPhone/iPad Access. I used the name “iPhone” for the Logon Point.
Step 12	Make the following settings for the Logon Point. The Name of the Logonpoint is “iPhone”. The Logonpoint Type is “Basic”. „Unauthenticated“ is activated
Step 13	The Home Page for the Logonpoint is “iPhone as WI”.
Step 14	Enable the Logon Point.

	Access Gateway Appliances – Global Properties:

Step 15	It is important that you configure here the same STA Servers as you have configured on your Webinterface Server.
Step 16	Configure the IP Address Range of your XenApp Servers or XD Desktops in the “ICA Access Control” Property.

	Citrix Access Controller Server Configuration Tool:
Step 17	The new created Logon Point “iPhone” must be deployed to the Access Gateway. Start the Server Configuration Tool – go to Logon Points – mark your new Logon Point “iPhone” and click Deploy.

	iPhone Settings:
	Citrix Receiver for iPhone VersionAt least Version 4.0.1
	Install the Root Certificate of your Issuer on your device. Obtain the certificate issuer’s root certificate and email it to an account configured on your device. When clicking the attachment, you are asked to import the root certificate.
	Address: https://”FQDN-yourCAG”/http/”FQDN-yourWebinterface”/citrix/”yourWebsite/config.xml My Example: https://mobileaccess.demo.de/http/wi.citrus.local/citrix/iphone/config.xml
	Username: Your User
	Password: Your Password
	Domain: Your Domain
	Gateway Settings: No

	*iPad Settings:*
	Citrix Receiver for iPad Version: At least Version 4.2.3
	Install the Root Certificate of your Issuer on your device. Obtain the certificate issuer’s root certificate and email it to an account configured on your device. When clicking the attachment, you are asked to import the root certificate.


	Address: https://”FQDN-yourCAG”/lp/”iphone-Logonpoint” My Example: https://mobileaccess.demo.de/lp/iphone
	Username: Your User
	Password: Your Password
	Domain: Your Domain

	*Additional Information:*
	Session Viewer:You can’t see iPhone or iPad connections in the Advanced Controller Session Viewer.
	Logonpoint Test:You can test your Logonpoint with a Webbrowser. Enter the Website https://”FQDN-yourCAG”/lp/”iphone-Logonpoint” in Internet Explorer and you should redirected to https://”FQDN-yourCAG”/http/”FQDN-yourWebinterface”/citrix/”yourWebsite/config.xml.The Config.xml of your XenApp Services Site should be displayed in your browser