Access Gateway Enterprise – ‘page not found’ due to incorrect certificate type
Posted on February 27th, 2010
I recently came across this problem at a site.
They had an internally generated certificate from their company Root CA. The certificate request was generated and then the cert was applied to the Netscaler 7000 device in the usual way.
When a client device made a connection to the Access Gateway Enterprise site, the browser simply showed a page cannot be displayed message.
Removing the Root CA from the client device was enough to prove that the connection was reaching the Netscaler as it then came up with the certificate warning message, but continuing this also showed page cannot be displayed.
It turns out that an internal documented process for this client was incorrect and the security team had issued an incorrect certificate. Rather than issuing a “webserver” type certificate, they issued an “SSL tunnel terminaltion” certificate. However, because it was still a valid certificate the netscaler showed it as valid – However, it wasn’t valid for the Access Gateway Enterprise connection through and this is why the page cannot be displayed message appeared.
Re-issuing the correct certificate type from the csr request and reapplying to the Netscaler was enough to resolve this.
Note: be careful to double check the cert type being issues by an internal CA.
Tags: Access Gateway, CAG EE, CAG Enterprise, cert, certificate, Citrix Netscaler, enterprise, page cannot be found
Filed under Citrix Access Gateway, Citrix Netscaler | No Comments »
Web Interface 5.2 Client deployment
Posted on February 24th, 2010
Web Interface 5.2 uses a different folder structure for auto client deployment.
During the installation of Web Interface it asks for the clients folder and copies this to the website location however if it copies from the clients folder on an older XenApp CD/DVD the copied structure is wrong and must be changed to work properly. Also if WI is upgraded from a previous version the structure is not changed.
However, If copied from the XenApp 5 Feature Pack 2 CD the structure is correct, but most users would be upgrading from a previous version and therefore have to fix this afterwards.
The new folder structure is as follows:
C:\Program Files (x86)\Citrix\Web Interface\Version\Clients
* \de\Unix
Place the Clients for UNIX installation files (solaris.tar.Z, sol86.tar.Z) with German language support in this folder.* \en\Unix
Place the Clients for UNIX installation files (solaris.tar.Z, sol86.tar.Z) with English language support in this folder.* \es\Unix
Place the Clients for UNIX installation files (solaris.tar.Z, sol86.tar.Z) with Spanish language support in this folder.* \fr\Unix
Place the Clients for UNIX installation files (solaris.tar.Z, sol86.tar.Z) with French language support in this folder.* \ja\Unix
Place the Clients for UNIX installation files (solaris.tar.Z, sol86.tar.Z) with Japanese language support in this folder.* \Java
Place the Client for Java files in this folder.* \Linux
Place the Citrix Receiver for Linux installation file (linuxx86-11.0.140395.tar.gz) in this folder.* \Mac\Web Online Plug-in
Place the Citrix online web plug-in for Macintosh installation file (Citrix online plug-in (web).dmg) in this folder.* \Windows\Offline Plug-in
Place the Citrix offline plug-in installation file (CitrixOfflinePlugin.exe) in this folder.* \Windows\Online Plug-in
Place the Citrix online plug-in web installation file (CitrixOnlinePluginWeb.exe) in this folder.
The following resources are useful:
Citrix Document Library: To copy the client files to the Web Interface on Microsoft IIS
CTX123420: How to Deploy the CitrixOnlinePluginWeb.exe Client 11.2 on Web Interface 5.2
Innitech Blog: Web Interface 5.2 ICA Client Auto Deployment
Citrix Forum posts: Thread: How to auto deploy client from WI 5.2
Tags: 5.2, Client, deployment, plug-in, web interface
Filed under Citrix Web Interface | No Comments »
Web Interface 5.2 will not launch apps from Presentation Server 4.0 Farm
Posted on February 8th, 2010
Web Interface 5.2 is not set up by default to allow the launching of applications from a Presentation Server 4.0 farm.
This is true for Web Interface and PNAgent sites.
The errors shown are:
PNAgent: Citrix XenApp could not contact the server. Please check your network connection
WI: The remote server failed to execute the application launch request. Please contact your administrator for further details
To allow the launching of applications from these legacy farms the following change must be made:
- Edit the webinterface.conf file for that site
- Locate the entry for # RequireLaunchReference=On
- Remove the # and change to RequireLaunchReference=Off
Detailed in ctx123003
Tags: 4.0, 5.2, legacy farm, RequireLaunchReference, RequireLaunchReference=Off, RequireLaunchReference=On, web interface
Filed under Citrix Web Interface | No Comments »
Web Interface 5.2 breaks Citrix Desktop Viewer
Posted on January 29th, 2010
When connecting to XenApp Servers or XenDesktop provisioned Desktops the Citrix Desktop Viewer (part of the 11.x clients) enables the small bar at the top of the session to quickly allow the connection of USB devices or to dynamically change the resolution by adjusting the window size.
Even if you have this later client (11.X), the desktop viewer will not be active for session initiated via Web Interface 5.2
The way to enable this is to manually edit the webinterface.conf file for the WebSite and change the following line:
# ShowDesktopViewer=Off
Change it to the following:
ShowDesktopViewer=On
The Desktop viewer will now be enabled for connections.
Tags: 11.2, 11.x, 5.2, desktop viewer, ShowDesktopViewer, ShowDesktopViewer=Off, ShowDesktopViewer=On, web interface, webinterface.conf
Filed under Citrix Web Interface | No Comments »
XenServer – Management NIC bonding problem
Posted on November 26th, 2009
Have noticed this rather annoying bug with XenServer 5.5
Scenario
If a pool of servers is created, and NIC 0+1 is bonded with the management interface running on this bonded network.
All configuration steps were done from XenCenter
Problem
A new XenServer is added to the pool, the NICs are un-bonded before adding it to the pool (but the same problem exists even if they are bonded)
The new XenServer is added to the pool and it picks up the pool network configuration however the Bond0+1network shows as unknown rather than connected.
Resolution
Remove the Bond0+1 network from the pool (which obviously affects all servers)
Create the bond 0+1 again
Now this bond shows as connected on all XenServers.
how annoying.
Tags: 0+1, 5.5, bond, bond0+1, Citrix XenServer, connected, error, NIC, unknown
Filed under Citrix XenServer | No Comments »