hh_techservices
asked on
Adding new AD Domain to Existing XenApp 6 Install
We currently have a XenApp6 farm running that was built when we had a single Domain in the AD Forest. This past weekend we added another AD Domain in the Forest because of an acquisition. My question is how do I get this new domain the ability to log into XenApp? When I look at our deployed applications I can choose the new domain and add the users, but they cannot log in from the web site? I have not tried logging them in on the full blown client yet either where you can specify the domain because I wanted to make sure it works both ways that way they can get in from their corporate computer or home computer. Thanks.
Is there an AD trust between the new domain and the domain the Citrix infra resides in?
ASKER
Yes. It is in the same forest so the trust is automatically there. I've previously used XenApp at another company where you had to put the domain you were logging into on the login page. Ours currently doesn't have that, so I figured it has to be something easy to change. At least I hope.
If the domains are in the same forest there is an implied trust.
When you setup the web interface site(s), did you define a domain restriction? If so, add your new domain to the list.
When you setup the web interface site(s), did you define a domain restriction? If so, add your new domain to the list.
So is the new domain a subdomain of the domain Citrix resides in? If its not a child you would need a shortcut trust
Also review: http://support.citrix.com/article/CTX118657
If the servers(s) your WI is configured to use as XML Brokers are part of the domain, then it should just work. The users from domain2 should just be able to login to the WI, see their apps and run them.
ASKER
CarlWebster,
This system was setup by a consultant with my input but I manage it now. I'd imagine when setup we only had one domain so it might have been restricted. Where would I find that at? Is that in the Citrix Delivery Console or is that more on the Web Front End servers? I'm thinking that is it because the domains are fully trusted. Thanks
This system was setup by a consultant with my input but I manage it now. I'd imagine when setup we only had one domain so it might have been restricted. Where would I find that at? Is that in the Citrix Delivery Console or is that more on the Web Front End servers? I'm thinking that is it because the domains are fully trusted. Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Carl,
Thanks for the info. That is exactly what I was looking for. Just to make sure, is there any other location that needs to change so users from the other domain can login? I'll be adding their new domain to the Explicit area that says allow only these domains. I just didn't know if that is the only location in the Farm that needs to be changed. Thanks again!
Thanks for the info. That is exactly what I was looking for. Just to make sure, is there any other location that needs to change so users from the other domain can login? I'll be adding their new domain to the Explicit area that says allow only these domains. I just didn't know if that is the only location in the Farm that needs to be changed. Thanks again!
For a regular WI Site the domains need to be put in those two places.
For a PNAgent/XenApp Services Site, only the first one exists.
For a PNAgent/XenApp Services Site, only the first one exists.
ASKER
This was exactly what was needed.