The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.
One of a set of tools we're offering as a way of saying thank you for being a part of the community.
Citrix access gateway with iphone
Hi all,
we currently run Citrix access gateway with web interface 5.01. we use a default logon point for our users to access the systems remotely via CAG. recently IT was asked to setup Remote access via the IPhone or IPAD.
i have created a new PNagent site - https://cag.domain.com/citrixlogonpoint/iphone.
i have also installed citrix receiver on a test iphone. when i setup a connection from the iphone to the new CAG site https://cag.domain.com/citrixlogonpoint/iphone i get an error message:
"login failed, gateway authentication failed. please check your credentials, address or gateway settings and network connection". needless to say that the credentials are correct.
how ever if i use the public IP address instead - https://x.x.x.x/citrixlogonpoint/iphpone. i get a completely different error: "login failed. the certificate for this server is invalid. you might be connecting to a server that is pretending to be x.x.x.x which could put your credential information at risk.
also browsing to https://localhost/citrixlogonpoint/iphone does show the web ineterface login page locally on the web interface server. so the site seems to be working ok.
can someone advise please?
we currently run Citrix access gateway with web interface 5.01. we use a default logon point for our users to access the systems remotely via CAG. recently IT was asked to setup Remote access via the IPhone or IPAD.
i have created a new PNagent site - https://cag.domain.com/citrixlogonpoint/iphone.
i have also installed citrix receiver on a test iphone. when i setup a connection from the iphone to the new CAG site https://cag.domain.com/citrixlogonpoint/iphone i get an error message:
"login failed, gateway authentication failed. please check your credentials, address or gateway settings and network connection". needless to say that the credentials are correct.
how ever if i use the public IP address instead - https://x.x.x.x/citrixlogonpoint/iphpone. i get a completely different error: "login failed. the certificate for this server is invalid. you might be connecting to a server that is pretending to be x.x.x.x which could put your credential information at risk.
also browsing to https://localhost/citrixlogonpoint/iphone does show the web ineterface login page locally on the web interface server. so the site seems to be working ok.
can someone advise please?
Asked:
-
2
2 Solutions
hi, i have had a look at the links, but still cant get my iphone to connect. i have setup the PNagent sites, but still no luck. incidently do i need a cert on the iphone? if so how and where can i install this on the device?
anyone else have any idea?
anyone else have any idea?
Did you create a new XenApp Website or Services/PNAgent site? Your statement "browsing to https://localhost/citrixlogonpoint/iphone does show the web ineterface login page locally on the web interface server" implies you setup a website.
The Reciever for iPhone uses the PNAgent/Services site. This means the only thing you should get when directly browsing to the site is an XML file.
from http://community.citrix.com/download/attachments/64520320/iphone-receiver-admin-101.pdf
The Citrix Receiver for iPhone uses a XenApp services site (previously known as a
PNAgent site) to gather information and allow it to appear on the Citrix Receiver for
iPhone’s App list.
To create a XenApp Services site for Citrix Receiver for iPhone to use:
a. Citrix recommends using the Citrix default path for this site (http://ServerName/
Citrix/PNAgent). The default path enables your users to specify the FQDN of the
Access Gateway they are connecting to instead of the full path to the
config.xml file that resides on the XenApp Services site (such as http://
iphone.citrix.com/CustomPa
b. Configure the XenApp Services site to support connections from an Access
Gateway connection.
c. In the XenApp Services site, select Manage secure client access > Edit secure
client access settings.
d. Change the Access Method to Gateway Direct.
e. Enter the FQDN of the Access Gateway appliance.
f. Enter the Secure Ticket Authority (STA) information.
Note: The configuration of this site is similar to the Web Interface site.
3. Configure the Access Gateway to allow incoming XenApp connections from the
Citrix Receiver and specify the location of your newly created XenApp Services site.
a. On the Access Policy Manager tab, right-click a user group, select Properties,
and enter the XenApp Services server address in the Web server (IP or FQDN)
field.
Note:
Configuring Access Gateway and Secure Gateway for Citrix Receiver for iPhone
6
w The check box Single sign-on to the Web Interface is specifically for Web
Interface and does not affect connections using Citrix Receiver for iPhone.
If you configured the Access Gateway to use a Web Interface site for other
users, continue to maintain and use it for the Web Interface.
w To enable Citrix XenApp connections on an Access Gateway that has
previously been configured to accept connections using the Access
Gateway Plug-in, select Use the multiple logon option page. For more
information, refer to Configuring a Portal Page with Multiple Logon
Options in the Citrix Access Gateway Standard Edition Administrator’s
Guide. Product documentation is available in the Citrix Knowledge Center
at: http://support.citrix.com/pages/docs/.
w In the Access Gateway Administration Tool, on the Authentication tab,
click the Secure Ticket Authority tab and add the STA details. Make sure
the STA information is the same as the XenApp Services site.
b. On the Global Cluster Policies tab, select Enable logon page authentication.
An important note about the use of certificates:
If the server certificate used on the Access Gateway is part of a certificate chain
(with an intermediate certificate), make sure that the intermediate certificates
are also installed correctly on the Access Gateway. For information about installing
certificates, see Citrix Access Gateway Standard Edition Administrator's Guide.
The Reciever for iPhone uses the PNAgent/Services site. This means the only thing you should get when directly browsing to the site is an XML file.
from http://community.citrix.com/download/attachments/64520320/iphone-receiver-admin-101.pdf
The Citrix Receiver for iPhone uses a XenApp services site (previously known as a
PNAgent site) to gather information and allow it to appear on the Citrix Receiver for
iPhone’s App list.
To create a XenApp Services site for Citrix Receiver for iPhone to use:
a. Citrix recommends using the Citrix default path for this site (http://ServerName/
Citrix/PNAgent). The default path enables your users to specify the FQDN of the
Access Gateway they are connecting to instead of the full path to the
config.xml file that resides on the XenApp Services site (such as http://
iphone.citrix.com/CustomPa
b. Configure the XenApp Services site to support connections from an Access
Gateway connection.
c. In the XenApp Services site, select Manage secure client access > Edit secure
client access settings.
d. Change the Access Method to Gateway Direct.
e. Enter the FQDN of the Access Gateway appliance.
f. Enter the Secure Ticket Authority (STA) information.
Note: The configuration of this site is similar to the Web Interface site.
3. Configure the Access Gateway to allow incoming XenApp connections from the
Citrix Receiver and specify the location of your newly created XenApp Services site.
a. On the Access Policy Manager tab, right-click a user group, select Properties,
and enter the XenApp Services server address in the Web server (IP or FQDN)
field.
Note:
Configuring Access Gateway and Secure Gateway for Citrix Receiver for iPhone
6
w The check box Single sign-on to the Web Interface is specifically for Web
Interface and does not affect connections using Citrix Receiver for iPhone.
If you configured the Access Gateway to use a Web Interface site for other
users, continue to maintain and use it for the Web Interface.
w To enable Citrix XenApp connections on an Access Gateway that has
previously been configured to accept connections using the Access
Gateway Plug-in, select Use the multiple logon option page. For more
information, refer to Configuring a Portal Page with Multiple Logon
Options in the Citrix Access Gateway Standard Edition Administrator’s
Guide. Product documentation is available in the Citrix Knowledge Center
at: http://support.citrix.com/pages/docs/.
w In the Access Gateway Administration Tool, on the Authentication tab,
click the Secure Ticket Authority tab and add the STA details. Make sure
the STA information is the same as the XenApp Services site.
b. On the Global Cluster Policies tab, select Enable logon page authentication.
An important note about the use of certificates:
If the server certificate used on the Access Gateway is part of a certificate chain
(with an intermediate certificate), make sure that the intermediate certificates
are also installed correctly on the Access Gateway. For information about installing
certificates, see Citrix Access Gateway Standard Edition Administrator's Guide.
deptr000
yes i have created the PNagent site as i followed the wizard. My issue is exactly that. when i browse to the site locally i should be getting the xml config file to display but instaed i get the logon and hence when i log in, no apps are displayed.
There is obviously an issue with CAG trying to pick up the xml file.
the other thing i forgot to mention is that we are using CAG with advanced access controls. our web interface is 5.3. are there any issues with using Advanced access controls with receiver?
one other issue is i noticed is when i follow the guide below to configure the gateway all the tabs are greyed out such as Authentication, global cluster policies etc. im logging into the appliance via the root credentials.
"In the Access Gateway Administration Tool, on the Authentication tab,
click the Secure Ticket Authority tab and add the STA details. Make sure
the STA information is the same as the XenApp Services site.
b. On the Global Cluster Policies tab, select Enable logon page authentication.
An important note about the use of certificates:
If the server certificate used on the Access Gateway is part of a certificate chain
(with an intermediate certificate), make sure that the intermediate certificates
are also installed correctly on the Access Gateway. For information about installing
certificates, see Citrix Access Gateway Standard Edition Administrator's Guide."
yes i have created the PNagent site as i followed the wizard. My issue is exactly that. when i browse to the site locally i should be getting the xml config file to display but instaed i get the logon and hence when i log in, no apps are displayed.
There is obviously an issue with CAG trying to pick up the xml file.
the other thing i forgot to mention is that we are using CAG with advanced access controls. our web interface is 5.3. are there any issues with using Advanced access controls with receiver?
one other issue is i noticed is when i follow the guide below to configure the gateway all the tabs are greyed out such as Authentication, global cluster policies etc. im logging into the appliance via the root credentials.
"In the Access Gateway Administration Tool, on the Authentication tab,
click the Secure Ticket Authority tab and add the STA details. Make sure
the STA information is the same as the XenApp Services site.
b. On the Global Cluster Policies tab, select Enable logon page authentication.
An important note about the use of certificates:
If the server certificate used on the Access Gateway is part of a certificate chain
(with an intermediate certificate), make sure that the intermediate certificates
are also installed correctly on the Access Gateway. For information about installing
certificates, see Citrix Access Gateway Standard Edition Administrator's Guide."
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/Citrix/Q_26196930.html
http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/Citrix/Q_26229674.html