Solved

Citrix access gateway with iphone

Posted on 2010-08-31
4
6,081 Views
Last Modified: 2012-05-10
Hi all,
we currently run Citrix access gateway with web interface 5.01. we use a default logon point for our users to access the systems remotely via CAG. recently IT was asked to setup Remote access via the IPhone or IPAD.

i have created a new PNagent site - https://cag.domain.com/citrixlogonpoint/iphone.

i have also installed citrix receiver on a test iphone. when i setup a connection from the iphone to the new CAG site  https://cag.domain.com/citrixlogonpoint/iphone i get an error message:

"login failed, gateway authentication failed. please check your credentials, address or gateway settings and network connection". needless to say that the credentials are correct.

how ever if i use the public IP address instead - https://x.x.x.x/citrixlogonpoint/iphpone. i get a completely different error: "login failed. the certificate for this server is invalid. you might be connecting to a server that is pretending to be x.x.x.x which could put your credential information at risk.

also browsing to https://localhost/citrixlogonpoint/iphone does show the web ineterface login page locally on the web interface server. so the site seems to be working ok.

can someone advise please?
0
Comment
Question by:bmsdev
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
basraj earned 250 total points
ID: 33566400
0
 

Author Comment

by:bmsdev
ID: 33567267
hi, i have had a look at the links, but still cant get my iphone to connect. i have setup the PNagent sites, but still no luck. incidently do i need a cert on the iphone? if so how and where can i install this on the device?

anyone else have any idea?
0
 
LVL 4

Assisted Solution

by:dpetr000
dpetr000 earned 250 total points
ID: 33572603
Did you create a new XenApp Website or Services/PNAgent site?  Your statement "browsing to https://localhost/citrixlogonpoint/iphone does show the web ineterface login page locally on the web interface server" implies you setup a website.

The Reciever for iPhone uses the PNAgent/Services site.  This means the only thing you should get when directly browsing to the site is an XML file.

from http://community.citrix.com/download/attachments/64520320/iphone-receiver-admin-101.pdf

The Citrix Receiver for iPhone uses a XenApp services site (previously known as a
PNAgent site) to gather information and allow it to appear on the Citrix Receiver for
iPhone’s App list.

To create a XenApp Services site for Citrix Receiver for iPhone to use:
a. Citrix recommends using the Citrix default path for this site (http://ServerName/
Citrix/PNAgent). The default path enables your users to specify the FQDN of the
Access Gateway they are connecting to instead of the full path to the
config.xml file that resides on the XenApp Services site (such as http://
iphone.citrix.com/CustomPath/config.xml).
b. Configure the XenApp Services site to support connections from an Access
Gateway connection.
c. In the XenApp Services site, select Manage secure client access > Edit secure
client access settings.
d. Change the Access Method to Gateway Direct.
e. Enter the FQDN of the Access Gateway appliance.
f. Enter the Secure Ticket Authority (STA) information.
Note: The configuration of this site is similar to the Web Interface site.
3. Configure the Access Gateway to allow incoming XenApp connections from the
Citrix Receiver and specify the location of your newly created XenApp Services site.
a. On the Access Policy Manager tab, right-click a user group, select Properties,
and enter the XenApp Services server address in the Web server (IP or FQDN)
field.
Note:
Configuring Access Gateway and Secure Gateway for Citrix Receiver for iPhone
6
w The check box Single sign-on to the Web Interface is specifically for Web
Interface and does not affect connections using Citrix Receiver for iPhone.
If you configured the Access Gateway to use a Web Interface site for other
users, continue to maintain and use it for the Web Interface.
w To enable Citrix XenApp connections on an Access Gateway that has
previously been configured to accept connections using the Access
Gateway Plug-in, select Use the multiple logon option page. For more
information, refer to Configuring a Portal Page with Multiple Logon
Options in the Citrix Access Gateway Standard Edition Administrator’s
Guide. Product documentation is available in the Citrix Knowledge Center
at: http://support.citrix.com/pages/docs/.
w In the Access Gateway Administration Tool, on the Authentication tab,
click the Secure Ticket Authority tab and add the STA details. Make sure
the STA information is the same as the XenApp Services site.
b. On the Global Cluster Policies tab, select Enable logon page authentication.
An important note about the use of certificates:
If the server certificate used on the Access Gateway is part of a certificate chain
(with an intermediate certificate), make sure that the intermediate certificates
are also installed correctly on the Access Gateway. For information about installing
certificates, see Citrix Access Gateway Standard Edition Administrator's Guide.
0
 

Author Comment

by:bmsdev
ID: 33574930
deptr000

yes i have created the PNagent site as i followed the wizard. My issue is exactly that. when i browse to the site locally i should be getting the xml config file to display but instaed i get the logon and hence when i log in, no apps are displayed.

There is obviously an issue with CAG trying to pick up the xml file.

the other thing i forgot to mention is that we are using CAG with advanced access controls. our web interface is 5.3. are there any issues with using Advanced access controls with receiver?

one other issue is i noticed is when i follow the guide below to configure the gateway all the tabs are greyed out such as Authentication, global cluster policies  etc. im logging into the appliance via the root credentials.

"In the Access Gateway Administration Tool, on the Authentication tab,
click the Secure Ticket Authority tab and add the STA details. Make sure
the STA information is the same as the XenApp Services site.
b. On the Global Cluster Policies tab, select Enable logon page authentication.
An important note about the use of certificates:
If the server certificate used on the Access Gateway is part of a certificate chain
(with an intermediate certificate), make sure that the intermediate certificates
are also installed correctly on the Access Gateway. For information about installing
certificates, see Citrix Access Gateway Standard Edition Administrator's Guide."
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Citrix XenDesktop, gold image, VMware, vSphere.
#Citrix #XenApp #Citrix Scout #Citrix Insight Services #Microsoft VMMAP #Microsoft ADEXPLORE #Microsoft RAMMAP #Microsoft TCPVIEW #Microsoft AUTORUNS #Microsoft PROCESS EXPLORER #Microsoft PROCESS MONITOR
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now