Richard Parmiter

Virtualisation blog and Knowledge Base

  • You are here: 
  • Home
  • CAG EE

Citrix Recevier for iPad shows “Error” but Reciever for Android works

Posted on February 21st, 2012

Came across  this interesting problem today.

Users connecting to a XenApp deployment via a Netscaler 9.3 & CAG Enterprise Edition using the Citrix receiver for iPad and Android. Web Interface for Netscaler was used to provide the XenApp services site.

The Android receiver worked as expected but the iPhone/iPad receiver did not enumerate the apps. On the creation of a new connection, the following errors were shown:

  • iPhone: There are no applications available at this time
  • iPad: Error

After much messing about, it seems that when creating a XenApp service site on the Netscaler, a checkbox is provided stating “enable connection through mobile receiver”. When this is selected a few “rewrite” rules are created to resolve a problem with the iPad/iPhone receiver connections but the rewrite feature is not enabled at the same time on the Netscaler. Simply right clicking the “rewrite” menu in the left panel and selecting to enable the feature is enough to resolve the problem.

After doing this, all mobile receivers can connect as expected.



Tags: , , , , , , , , , , , , , , ,
Filed under Citrix Access Gateway, Citrix Netscaler | No Comments »

Customize Page title & favicon on Citrix Access Gateway Enterprise Edition

Posted on July 13th, 2010

The defaut page title and fav icon logo appear on the browser tab when connecting to the Citrix Access Gateway Enterprise Edition.

Shown here:

It is possible to replace the logo with your own one and change the text to be more appropriate.


The logo is:  /netscaler/ns_gui/vpn/images/AccessGateway.ico

replace with your own .ico file but keep the same file name

Browser title text

The title text is in two places

First: /netscaler/ns_gui/vpn/index.html

Search for the section:

<TITLE>Citrix Access Gateway</TITLE>

and change to your text


Second: /netscaler/ns_gui/vpn/resources/en.xml

Search for the multiple sections:

<Title>Citrix Access Gateway</Title>

and change all of them to your text

<Title>My CAG Text</Title>

Keep changes after reboot

Copy the modified files to /var/mods and add the following lines to the /nsconfig/rc.netscaler file

cp /var/mods/images/AccessGateway.ico /netscaler/ns_gui/vpn/images/AccessGateway.ico
cp /var/mods/index.html /netscaler/ns_gui/vpn/index.html
cp /var/mods/en.xml /netscaler/ns_gui/vpn/resources/en.xml

New look and feel

Now it will look how you want.

Tags: , , , , , , , , ,
Filed under Citrix Access Gateway, Citrix Netscaler | 2 Comments »

Customize logos on Citrix Access Gateway Enterprise Edition Logon Screen

Posted on July 12th, 2010

This is based on Netscaler version 9.2 Build although nothing appears to have changed from previous versions, so the same information will probably work on most Access Gateway Enterprise versions (CAG EE)

Change to a white theme

This is detailed in several places but most notably here: CTX123607

This gives the default logon screen in white.

Identify the images used

Here is a screen shot of the default view and list of the associated images & resolutions

There are five main images used in this page and they are:

Image Filename Dimensions
1 ctxHeader01.bmp 265 x 62
2 ctxHeader02.bmp 1175 x 62
3 LoginIcon.png 81 x 128
4 CitrixWatermark.gif 115 x 62
5 LoginPaneCenterLeftBorderGlow.png








As original

I have found it better to stick to the same dimensions when replacing these images as sometimes the style sheets need to be modified to allow larger image sizes. If you can, stick to the same dimensions.

The background for image 1 & 2 is in the image itself. If you want to keep the same shading and blue bar, then edit the existing image and keep the background.The same applies for the logon logo (image 3) as the shading is part of the image.

To modify the border glow it is best to open up the existing image and use the dropper tool to fill the line in the desired colour.

File locations

These image files need to be copied to the /netscaler/ns_gui/vpn_images location on the Netscaler device. However, when the netscaler is rebooted the changes are lost so they must be copied here at every startup.

Copy all the images to a folder under the /var/ folder (I use /var/mods/) and this can be the store for all modifications.

Startup script

The /nsconfig/rc.netscaler file runs at every boot, so add entries to this file to copy the modified files from the /var/mods/ folder to the correct location. For example,

tar -zxvf /var/mods/AGEEwhite.gz -C /netscaler/ns_gui/vpn/images
cp /var/mods/images/ctxHeader01.gif /netscaler/ns_gui/vpn/images/ctxHeader01.gif
cp /var/mods/images/ctxHeader02.gif /netscaler/ns_gui/vpn/images/ctxHeader02.gif
cp /var/mods/images/CitrixWatermark.gif /netscaler/ns_gui/vpn/images/CitrixWatermark.gif
cp /var/mods/images/LoginIcon.png /netscaler/ns_gui/vpn/images/LoginIcon.png
cp /var/mods/images/LoginPaneCenterLeftBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneCenterLeftBorderGlow.png
cp /var/mods/images/LoginPaneCenterRightBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneCenterRightBorderGlow.png
cp /var/mods/images/LoginPaneFooterLeftBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneFooterLeftBorderGlow.png
cp /var/mods/images/LoginPaneFooterMidBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneFooterMidBorderGlow.png
cp /var/mods/images/LoginPaneFooterRightBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneFooterRightBorderGlow.png
cp /var/mods/images/LoginPaneTopLeftBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneTopLeftBorderGlow.png
cp /var/mods/images/LoginPaneTopMidBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneTopMidBorderGlow.png
cp /var/mods/images/LoginPaneTopRightBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneTopRightBorderGlow.png

Final steps

Ensure you boot the netscaler device to confirm the start up script is running correctly and make the same changes to the secondary device if running in an HS pair.

The web page can now look how you want it to!


Tags: , , , , , , , , , , , , ,
Filed under Citrix Access Gateway, Citrix Netscaler | 1 Comment »

Access Gateway Enterprise – ‘page not found’ due to incorrect certificate type

Posted on February 27th, 2010

I recently came across this problem at a site.

They had an internally generated certificate from their company Root CA. The certificate request was generated and then the cert was applied to the Netscaler 7000 device in the usual way.

When a client device made a connection to the Access Gateway Enterprise site, the browser simply showed a page cannot be displayed message.

Removing the Root CA from the client device was enough to prove that the connection was reaching the Netscaler as it then came up with the certificate warning message, but continuing this also showed page cannot be displayed.

It turns out that an internal documented process for this client was incorrect and the security team had issued an incorrect certificate. Rather than issuing a “webserver” type certificate, they issued an “SSL tunnel terminaltion” certificate. However, because it was still a valid certificate the netscaler showed it as valid – However, it wasn’t valid for the Access Gateway Enterprise connection through and this is why the page cannot be displayed message appeared.

Re-issuing the correct certificate type from the csr request and reapplying to the Netscaler was enough to resolve this.

Note: be careful to double check the cert type being issues by an internal CA.

Tags: , , , , , , ,
Filed under Citrix Access Gateway, Citrix Netscaler | No Comments »

Citrix Access Gateway Enterprise Edition scope and limitations for end point scanning rule base

Posted on September 11th, 2008


Citrix Access Gateway Enterprise Edition scope and limitations for end point scanning rule base


This is based on my findings with CAG Enterprise Edition 8.1 build 58.5.


  • Pre-requisites
    • Internet Explorer
  • End Point Analysis Policies
    • Pre-Authentication policies
    • Authorization policies
    • Session policies
  • Allowing access to some applications through CAG
    • Trust XML Requests
    • Restricting access to specific applications
    • Allowing any Connection for an application
    • Allowing some connections for an application – tied to session policies
  • Applying a Citrix Policy based on the outcome of an EPA scan
  • Testing


Read the rest of this entry »

Tags: , , , , , , , , ,
Filed under Citrix Access Gateway, Citrix Netscaler | 1 Comment »