Posted on February 21st, 2012
Came across this interesting problem today.
Users connecting to a XenApp deployment via a Netscaler 9.3 & CAG Enterprise Edition using the Citrix receiver for iPad and Android. Web Interface for Netscaler was used to provide the XenApp services site.
The Android receiver worked as expected but the iPhone/iPad receiver did not enumerate the apps. On the creation of a new connection, the following errors were shown:
- iPhone: There are no applications available at this time
- iPad: Error
After much messing about, it seems that when creating a XenApp service site on the Netscaler, a checkbox is provided stating “enable connection through mobile receiver”. When this is selected a few “rewrite” rules are created to resolve a problem with the iPad/iPhone receiver connections but the rewrite feature is not enabled at the same time on the Netscaler. Simply right clicking the “rewrite” menu in the left panel and selecting to enable the feature is enough to resolve the problem.
After doing this, all mobile receivers can connect as expected.
Tags: CAG, CAG EE, CAGEE, checkbox, Citrix, Citrix Access Gateway, Citrix Netscaler, citrix receiver, enterprise, enterprise edition, error, ipad, iphone, ipod, mobile receiver, rewrite
Filed under Citrix Access Gateway, Citrix Netscaler | No Comments »
Posted on July 13th, 2010
The defaut page title and fav icon logo appear on the browser tab when connecting to the Citrix Access Gateway Enterprise Edition.
It is possible to replace the logo with your own one and change the text to be more appropriate.
The logo is: /netscaler/ns_gui/vpn/images/AccessGateway.ico
replace with your own .ico file but keep the same file name
Browser title text
The title text is in two places
Search for the section:
<TITLE>Citrix Access Gateway</TITLE>
and change to your text
<TITLE>My CAG Text</TITLE>
Search for the multiple sections:
<Title>Citrix Access Gateway</Title>
and change all of them to your text
<Title>My CAG Text</Title>
Keep changes after reboot
Copy the modified files to /var/mods and add the following lines to the /nsconfig/rc.netscaler file
cp /var/mods/images/AccessGateway.ico /netscaler/ns_gui/vpn/images/AccessGateway.ico
cp /var/mods/index.html /netscaler/ns_gui/vpn/index.html
cp /var/mods/en.xml /netscaler/ns_gui/vpn/resources/en.xml
New look and feel
Now it will look how you want.
Posted on July 12th, 2010
This is based on Netscaler version 9.2 Build 46.9.cl although nothing appears to have changed from previous versions, so the same information will probably work on most Access Gateway Enterprise versions (CAG EE)
Change to a white theme
This is detailed in several places but most notably here: CTX123607
This gives the default logon screen in white.
Identify the images used
Here is a screen shot of the default view and list of the associated images & resolutions
There are five main images used in this page and they are:
|1||ctxHeader01.bmp||265 x 62|
|2||ctxHeader02.bmp||1175 x 62|
|3||LoginIcon.png||81 x 128|
|4||CitrixWatermark.gif||115 x 62|
I have found it better to stick to the same dimensions when replacing these images as sometimes the style sheets need to be modified to allow larger image sizes. If you can, stick to the same dimensions.
The background for image 1 & 2 is in the image itself. If you want to keep the same shading and blue bar, then edit the existing image and keep the background.The same applies for the logon logo (image 3) as the shading is part of the image.
To modify the border glow it is best to open up the existing image and use the dropper tool to fill the line in the desired colour.
These image files need to be copied to the /netscaler/ns_gui/vpn_images location on the Netscaler device. However, when the netscaler is rebooted the changes are lost so they must be copied here at every startup.
Copy all the images to a folder under the /var/ folder (I use /var/mods/) and this can be the store for all modifications.
The /nsconfig/rc.netscaler file runs at every boot, so add entries to this file to copy the modified files from the /var/mods/ folder to the correct location. For example,
tar -zxvf /var/mods/AGEEwhite.gz -C /netscaler/ns_gui/vpn/images
cp /var/mods/images/ctxHeader01.gif /netscaler/ns_gui/vpn/images/ctxHeader01.gif
cp /var/mods/images/ctxHeader02.gif /netscaler/ns_gui/vpn/images/ctxHeader02.gif
cp /var/mods/images/CitrixWatermark.gif /netscaler/ns_gui/vpn/images/CitrixWatermark.gif
cp /var/mods/images/LoginIcon.png /netscaler/ns_gui/vpn/images/LoginIcon.png
cp /var/mods/images/LoginPaneCenterLeftBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneCenterLeftBorderGlow.png
cp /var/mods/images/LoginPaneCenterRightBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneCenterRightBorderGlow.png
cp /var/mods/images/LoginPaneFooterLeftBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneFooterLeftBorderGlow.png
cp /var/mods/images/LoginPaneFooterMidBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneFooterMidBorderGlow.png
cp /var/mods/images/LoginPaneFooterRightBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneFooterRightBorderGlow.png
cp /var/mods/images/LoginPaneTopLeftBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneTopLeftBorderGlow.png
cp /var/mods/images/LoginPaneTopMidBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneTopMidBorderGlow.png
cp /var/mods/images/LoginPaneTopRightBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneTopRightBorderGlow.png
Ensure you boot the netscaler device to confirm the start up script is running correctly and make the same changes to the secondary device if running in an HS pair.
The web page can now look how you want it to!
Tags: CAG, CAG EE, CAG Enterprise, CAG Enterprise Edition, CAGEE, Citrix Access Gateway, Citrix Netscaler, color, colour, header image, image, look and feel, modification, watermark
Filed under Citrix Access Gateway, Citrix Netscaler | No Comments »
Posted on February 27th, 2010
I recently came across this problem at a site.
They had an internally generated certificate from their company Root CA. The certificate request was generated and then the cert was applied to the Netscaler 7000 device in the usual way.
When a client device made a connection to the Access Gateway Enterprise site, the browser simply showed a page cannot be displayed message.
Removing the Root CA from the client device was enough to prove that the connection was reaching the Netscaler as it then came up with the certificate warning message, but continuing this also showed page cannot be displayed.
It turns out that an internal documented process for this client was incorrect and the security team had issued an incorrect certificate. Rather than issuing a “webserver” type certificate, they issued an “SSL tunnel terminaltion” certificate. However, because it was still a valid certificate the netscaler showed it as valid – However, it wasn’t valid for the Access Gateway Enterprise connection through and this is why the page cannot be displayed message appeared.
Re-issuing the correct certificate type from the csr request and reapplying to the Netscaler was enough to resolve this.
Note: be careful to double check the cert type being issues by an internal CA.
Posted on September 11th, 2008
Citrix Access Gateway Enterprise Edition scope and limitations for end point scanning rule base
This is based on my findings with CAG Enterprise Edition 8.1 build 58.5.
- Internet Explorer
- End Point Analysis Policies
- Pre-Authentication policies
- Authorization policies
- Session policies
- Allowing access to some applications through CAG
- Trust XML Requests
- Restricting access to specific applications
- Allowing any Connection for an application
- Allowing some connections for an application – tied to session policies
- Applying a Citrix Policy based on the outcome of an EPA scan