?
Solved

XenDesktop 5 Express

Posted on 2011-05-12
10
Medium Priority
?
977 Views
Last Modified: 2012-06-27
Hi

I am trying to install a trial of XenDesktop 5 Express.

The installation is all hosted on Xenser 5.6 and works fine on the LAN.

However, I need to have WAN access too.  So I have installed a virtual Access Gateway VPX.

I am using a UCC SAN SSL certificate, that I have installed on IIS6 on the SBS 2003 DC which I have exported as a .pfx and imported into the CAG.

I have a dedicated external IP that is port forwarded on 443 to the external NIC of the CAG and the internal NIC is configured on the LAN.

I cannot connect from the WAN but a connection is initiated across the router that I can see to the CAG when I try to connect.

The areas I'm not sure about are:

Does XenDesktop 5 Express allow remote access?
The Gateway Direct Secure Access method I have configured for remote access requires an STA and I can't see one installed anywhere so I have it pointing to the DDC server and it doesn't complain.
The UCC SAN SSL certificate I have uploaded on the CAG only seem to reference the top level domain and not the SAN.  Does the CAG VPX allow UCC SAN SSLs?

I suppose I'm looking for any guidance from anyone who has installed this and managed to get it working.

Many Thanks in anticipation

Brian
0
Comment
Question by:3D2K
  • 6
  • 4
10 Comments
 
LVL 37

Expert Comment

by:Carl Webster
ID: 35746479
Does XenDesktop 5 Express allow remote access? - Yes

The Gateway Direct Secure Access method I have configured for remote access requires an STA and I can't see one installed anywhere so I have it pointing to the DDC server and it doesn't complain. - The DDC is the STA for XenDesktop

The UCC SAN SSL certificate I have uploaded on the CAG only seem to reference the top level domain and not the SAN.  Does the CAG VPX allow UCC SAN SSLs? - http://forums.citrix.com/thread.jspa?threadID=276995&tstart=15


0
 

Author Comment

by:3D2K
ID: 35746541
CarlWebster

Thanks. That looks like bad news for the UCC SAN, but before I pitch in with a separate SSL cert I'd like to work out that the other parts are "working".

When I attempt to go to https://MYCO-CAG.MYCO.co.uk from the WAN the only response I get back is "Internet Explorer cannot display the webpage".

Also do you have any comment to make about the STA.  Is it installed with XenDesktop 5 Express or do I need to install manually?

Thanks

Brian
0
 
LVL 37

Expert Comment

by:Carl Webster
ID: 35746567
STA is in intrinsic part of the XenDesktop install.  You can neither install or uninstall it.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 

Author Comment

by:3D2K
ID: 35754269
CarlWebster

I've removed the SAN SSL certificate and have requested a trial server SSL certificate from Globalsign.  This has arrived as a Server certificate and an Intermediate certificate.  I have Imported these into the CAG Certificates.  I have made the Server certificate the Active as shown on the attached image.

I already have a GoDaddy UCC-SAN SSL certificate that references my domain estiohealthcare.co.uk and the new Globalsign SSL certificate that references my CAG ESTIO-CAG.estiohealthcare.co.uk.  This is reached via a Draytek router on a dedicated external IP and is port forwarded on 443 to the WAN facing port on the CAG.

Is it OK to have these two SSL certificates being used at the same time, that is can I use a separate SSL certificate that references a specific FQDN from a different SSL certificate supplier?
I have to say that every time I get involved with SSL certificates it turns into a nightmare so I'm not convinced that the configuration I have is correct.

Brian
CAG-01.JPG
0
 
LVL 37

Expert Comment

by:Carl Webster
ID: 35754339
I am not a CAG person but usually 2 SSL certs, of any kind, do not work together.  You should only have one.
0
 

Author Comment

by:3D2K
ID: 35754341
CarlWebster

Just an note to apologise for asking about STA again.  I've just re-read your first response and noticed that you had covered it there.

Thanks

Brian
0
 
LVL 37

Expert Comment

by:Carl Webster
ID: 35754382
No apology necessary.
0
 

Accepted Solution

by:
3D2K earned 0 total points
ID: 35830091
CarlWebster

I have purchased a GoDaddy SSL certificate for the CAG (estio-cag.estiohealthcare.co.uk) and installed it on the CAG but still no go.

Thanks for your help anyway.

I am going to close this question without resolution and start a new one pleading for help.

Brian
0
 

Author Comment

by:3D2K
ID: 35830093
I will open a new generic question looking for help with getting this running.
0
 

Author Closing Comment

by:3D2K
ID: 35872615
Closing question and starting anew one.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Citrix XenDesktop 7.6 Citrix Policies Disable Peripherals
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question