Veeam is a VMworld 2017 US & Europe Platinum Sponsor. Enter the raffle to get the full conference pass. Pass includes the admission to all general and breakout sessions, VMware Hands-On Labs, Solutions Exchange, exclusive giveaways and the great VMworld Customer Appreciation Part
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Citrix access gateway with iphone
Posted on 2010-08-31
Hi all,
we currently run Citrix access gateway with web interface 5.01. we use a default logon point for our users to access the systems remotely via CAG. recently IT was asked to setup Remote access via the IPhone or IPAD.
i have created a new PNagent site - https://cag.domain.com/citrixlogonpoint/iphone.
i have also installed citrix receiver on a test iphone. when i setup a connection from the iphone to the new CAG site https://cag.domain.com/citrixlogonpoint/iphone i get an error message:
"login failed, gateway authentication failed. please check your credentials, address or gateway settings and network connection". needless to say that the credentials are correct.
how ever if i use the public IP address instead - https://x.x.x.x/citrixlogonpoint/iphpone. i get a completely different error: "login failed. the certificate for this server is invalid. you might be connecting to a server that is pretending to be x.x.x.x which could put your credential information at risk.
also browsing to https://localhost/citrixlogonpoint/iphone does show the web ineterface login page locally on the web interface server. so the site seems to be working ok.
can someone advise please?
we currently run Citrix access gateway with web interface 5.01. we use a default logon point for our users to access the systems remotely via CAG. recently IT was asked to setup Remote access via the IPhone or IPAD.
i have created a new PNagent site - https://cag.domain.com/citrixlogonpoint/iphone.
i have also installed citrix receiver on a test iphone. when i setup a connection from the iphone to the new CAG site https://cag.domain.com/citrixlogonpoint/iphone i get an error message:
"login failed, gateway authentication failed. please check your credentials, address or gateway settings and network connection". needless to say that the credentials are correct.
how ever if i use the public IP address instead - https://x.x.x.x/citrixlogonpoint/iphpone. i get a completely different error: "login failed. the certificate for this server is invalid. you might be connecting to a server that is pretending to be x.x.x.x which could put your credential information at risk.
also browsing to https://localhost/citrixlogonpoint/iphone does show the web ineterface login page locally on the web interface server. so the site seems to be working ok.
can someone advise please?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
2
4 Comments
Please go through the following links to find if you get any clues:
http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/Citrix/Q_26196930.html
http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/Citrix/Q_26229674.html
http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/Citrix/Q_26196930.html
http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/Citrix/Q_26229674.html
hi, i have had a look at the links, but still cant get my iphone to connect. i have setup the PNagent sites, but still no luck. incidently do i need a cert on the iphone? if so how and where can i install this on the device?
anyone else have any idea?
anyone else have any idea?
Did you create a new XenApp Website or Services/PNAgent site? Your statement "browsing to https://localhost/citrixlogonpoint/iphone does show the web ineterface login page locally on the web interface server" implies you setup a website.
The Reciever for iPhone uses the PNAgent/Services site. This means the only thing you should get when directly browsing to the site is an XML file.
from http://community.citrix.com/download/attachments/64520320/iphone-receiver-admin-101.pdf
The Citrix Receiver for iPhone uses a XenApp services site (previously known as a
PNAgent site) to gather information and allow it to appear on the Citrix Receiver for
iPhone’s App list.
To create a XenApp Services site for Citrix Receiver for iPhone to use:
a. Citrix recommends using the Citrix default path for this site (http://ServerName/
Citrix/PNAgent). The default path enables your users to specify the FQDN of the
Access Gateway they are connecting to instead of the full path to the
config.xml file that resides on the XenApp Services site (such as http://
iphone.citrix.com/CustomPa
b. Configure the XenApp Services site to support connections from an Access
Gateway connection.
c. In the XenApp Services site, select Manage secure client access > Edit secure
client access settings.
d. Change the Access Method to Gateway Direct.
e. Enter the FQDN of the Access Gateway appliance.
f. Enter the Secure Ticket Authority (STA) information.
Note: The configuration of this site is similar to the Web Interface site.
3. Configure the Access Gateway to allow incoming XenApp connections from the
Citrix Receiver and specify the location of your newly created XenApp Services site.
a. On the Access Policy Manager tab, right-click a user group, select Properties,
and enter the XenApp Services server address in the Web server (IP or FQDN)
field.
Note:
Configuring Access Gateway and Secure Gateway for Citrix Receiver for iPhone
6
w The check box Single sign-on to the Web Interface is specifically for Web
Interface and does not affect connections using Citrix Receiver for iPhone.
If you configured the Access Gateway to use a Web Interface site for other
users, continue to maintain and use it for the Web Interface.
w To enable Citrix XenApp connections on an Access Gateway that has
previously been configured to accept connections using the Access
Gateway Plug-in, select Use the multiple logon option page. For more
information, refer to Configuring a Portal Page with Multiple Logon
Options in the Citrix Access Gateway Standard Edition Administrator’s
Guide. Product documentation is available in the Citrix Knowledge Center
at: http://support.citrix.com/pages/docs/.
w In the Access Gateway Administration Tool, on the Authentication tab,
click the Secure Ticket Authority tab and add the STA details. Make sure
the STA information is the same as the XenApp Services site.
b. On the Global Cluster Policies tab, select Enable logon page authentication.
An important note about the use of certificates:
If the server certificate used on the Access Gateway is part of a certificate chain
(with an intermediate certificate), make sure that the intermediate certificates
are also installed correctly on the Access Gateway. For information about installing
certificates, see Citrix Access Gateway Standard Edition Administrator's Guide.
The Reciever for iPhone uses the PNAgent/Services site. This means the only thing you should get when directly browsing to the site is an XML file.
from http://community.citrix.com/download/attachments/64520320/iphone-receiver-admin-101.pdf
The Citrix Receiver for iPhone uses a XenApp services site (previously known as a
PNAgent site) to gather information and allow it to appear on the Citrix Receiver for
iPhone’s App list.
To create a XenApp Services site for Citrix Receiver for iPhone to use:
a. Citrix recommends using the Citrix default path for this site (http://ServerName/
Citrix/PNAgent). The default path enables your users to specify the FQDN of the
Access Gateway they are connecting to instead of the full path to the
config.xml file that resides on the XenApp Services site (such as http://
iphone.citrix.com/CustomPa
b. Configure the XenApp Services site to support connections from an Access
Gateway connection.
c. In the XenApp Services site, select Manage secure client access > Edit secure
client access settings.
d. Change the Access Method to Gateway Direct.
e. Enter the FQDN of the Access Gateway appliance.
f. Enter the Secure Ticket Authority (STA) information.
Note: The configuration of this site is similar to the Web Interface site.
3. Configure the Access Gateway to allow incoming XenApp connections from the
Citrix Receiver and specify the location of your newly created XenApp Services site.
a. On the Access Policy Manager tab, right-click a user group, select Properties,
and enter the XenApp Services server address in the Web server (IP or FQDN)
field.
Note:
Configuring Access Gateway and Secure Gateway for Citrix Receiver for iPhone
6
w The check box Single sign-on to the Web Interface is specifically for Web
Interface and does not affect connections using Citrix Receiver for iPhone.
If you configured the Access Gateway to use a Web Interface site for other
users, continue to maintain and use it for the Web Interface.
w To enable Citrix XenApp connections on an Access Gateway that has
previously been configured to accept connections using the Access
Gateway Plug-in, select Use the multiple logon option page. For more
information, refer to Configuring a Portal Page with Multiple Logon
Options in the Citrix Access Gateway Standard Edition Administrator’s
Guide. Product documentation is available in the Citrix Knowledge Center
at: http://support.citrix.com/pages/docs/.
w In the Access Gateway Administration Tool, on the Authentication tab,
click the Secure Ticket Authority tab and add the STA details. Make sure
the STA information is the same as the XenApp Services site.
b. On the Global Cluster Policies tab, select Enable logon page authentication.
An important note about the use of certificates:
If the server certificate used on the Access Gateway is part of a certificate chain
(with an intermediate certificate), make sure that the intermediate certificates
are also installed correctly on the Access Gateway. For information about installing
certificates, see Citrix Access Gateway Standard Edition Administrator's Guide.
deptr000
yes i have created the PNagent site as i followed the wizard. My issue is exactly that. when i browse to the site locally i should be getting the xml config file to display but instaed i get the logon and hence when i log in, no apps are displayed.
There is obviously an issue with CAG trying to pick up the xml file.
the other thing i forgot to mention is that we are using CAG with advanced access controls. our web interface is 5.3. are there any issues with using Advanced access controls with receiver?
one other issue is i noticed is when i follow the guide below to configure the gateway all the tabs are greyed out such as Authentication, global cluster policies etc. im logging into the appliance via the root credentials.
"In the Access Gateway Administration Tool, on the Authentication tab,
click the Secure Ticket Authority tab and add the STA details. Make sure
the STA information is the same as the XenApp Services site.
b. On the Global Cluster Policies tab, select Enable logon page authentication.
An important note about the use of certificates:
If the server certificate used on the Access Gateway is part of a certificate chain
(with an intermediate certificate), make sure that the intermediate certificates
are also installed correctly on the Access Gateway. For information about installing
certificates, see Citrix Access Gateway Standard Edition Administrator's Guide."
yes i have created the PNagent site as i followed the wizard. My issue is exactly that. when i browse to the site locally i should be getting the xml config file to display but instaed i get the logon and hence when i log in, no apps are displayed.
There is obviously an issue with CAG trying to pick up the xml file.
the other thing i forgot to mention is that we are using CAG with advanced access controls. our web interface is 5.3. are there any issues with using Advanced access controls with receiver?
one other issue is i noticed is when i follow the guide below to configure the gateway all the tabs are greyed out such as Authentication, global cluster policies etc. im logging into the appliance via the root credentials.
"In the Access Gateway Administration Tool, on the Authentication tab,
click the Secure Ticket Authority tab and add the STA details. Make sure
the STA information is the same as the XenApp Services site.
b. On the Global Cluster Policies tab, select Enable logon page authentication.
An important note about the use of certificates:
If the server certificate used on the Access Gateway is part of a certificate chain
(with an intermediate certificate), make sure that the intermediate certificates
are also installed correctly on the Access Gateway. For information about installing
certificates, see Citrix Access Gateway Standard Edition Administrator's Guide."
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
After several days of searching and hunting for limited documentation, I wanted to share this guide to hopefully save someone the hassle of trying to figure this out on their own.
I have tested this on Xendesktop 7.1 and PS 4.5 running simultaneous…
Citrix XenDesktop 7.6 Citrix Policies Disable Peripherals
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video.
We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month6 days, 7 hours left to enroll
634 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.