• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 986
  • Last Modified:

XenDesktop 5 Express

Hi

I am trying to install a trial of XenDesktop 5 Express.

The installation is all hosted on Xenser 5.6 and works fine on the LAN.

However, I need to have WAN access too.  So I have installed a virtual Access Gateway VPX.

I am using a UCC SAN SSL certificate, that I have installed on IIS6 on the SBS 2003 DC which I have exported as a .pfx and imported into the CAG.

I have a dedicated external IP that is port forwarded on 443 to the external NIC of the CAG and the internal NIC is configured on the LAN.

I cannot connect from the WAN but a connection is initiated across the router that I can see to the CAG when I try to connect.

The areas I'm not sure about are:

Does XenDesktop 5 Express allow remote access?
The Gateway Direct Secure Access method I have configured for remote access requires an STA and I can't see one installed anywhere so I have it pointing to the DDC server and it doesn't complain.
The UCC SAN SSL certificate I have uploaded on the CAG only seem to reference the top level domain and not the SAN.  Does the CAG VPX allow UCC SAN SSLs?

I suppose I'm looking for any guidance from anyone who has installed this and managed to get it working.

Many Thanks in anticipation

Brian
0
3D2K
Asked:
3D2K
  • 6
  • 4
1 Solution
 
Carl WebsterCommented:
Does XenDesktop 5 Express allow remote access? - Yes

The Gateway Direct Secure Access method I have configured for remote access requires an STA and I can't see one installed anywhere so I have it pointing to the DDC server and it doesn't complain. - The DDC is the STA for XenDesktop

The UCC SAN SSL certificate I have uploaded on the CAG only seem to reference the top level domain and not the SAN.  Does the CAG VPX allow UCC SAN SSLs? - http://forums.citrix.com/thread.jspa?threadID=276995&tstart=15


0
 
3D2KAuthor Commented:
CarlWebster

Thanks. That looks like bad news for the UCC SAN, but before I pitch in with a separate SSL cert I'd like to work out that the other parts are "working".

When I attempt to go to https://MYCO-CAG.MYCO.co.uk from the WAN the only response I get back is "Internet Explorer cannot display the webpage".

Also do you have any comment to make about the STA.  Is it installed with XenDesktop 5 Express or do I need to install manually?

Thanks

Brian
0
 
Carl WebsterCommented:
STA is in intrinsic part of the XenDesktop install.  You can neither install or uninstall it.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
3D2KAuthor Commented:
CarlWebster

I've removed the SAN SSL certificate and have requested a trial server SSL certificate from Globalsign.  This has arrived as a Server certificate and an Intermediate certificate.  I have Imported these into the CAG Certificates.  I have made the Server certificate the Active as shown on the attached image.

I already have a GoDaddy UCC-SAN SSL certificate that references my domain estiohealthcare.co.uk and the new Globalsign SSL certificate that references my CAG ESTIO-CAG.estiohealthcare.co.uk.  This is reached via a Draytek router on a dedicated external IP and is port forwarded on 443 to the WAN facing port on the CAG.

Is it OK to have these two SSL certificates being used at the same time, that is can I use a separate SSL certificate that references a specific FQDN from a different SSL certificate supplier?
I have to say that every time I get involved with SSL certificates it turns into a nightmare so I'm not convinced that the configuration I have is correct.

Brian
CAG-01.JPG
0
 
Carl WebsterCommented:
I am not a CAG person but usually 2 SSL certs, of any kind, do not work together.  You should only have one.
0
 
3D2KAuthor Commented:
CarlWebster

Just an note to apologise for asking about STA again.  I've just re-read your first response and noticed that you had covered it there.

Thanks

Brian
0
 
Carl WebsterCommented:
No apology necessary.
0
 
3D2KAuthor Commented:
CarlWebster

I have purchased a GoDaddy SSL certificate for the CAG (estio-cag.estiohealthcare.co.uk) and installed it on the CAG but still no go.

Thanks for your help anyway.

I am going to close this question without resolution and start a new one pleading for help.

Brian
0
 
3D2KAuthor Commented:
I will open a new generic question looking for help with getting this running.
0
 
3D2KAuthor Commented:
Closing question and starting anew one.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now