Customize Page title & favicon on Citrix Access Gateway Enterprise Edition
Posted on July 13th, 2010
The defaut page title and fav icon logo appear on the browser tab when connecting to the Citrix Access Gateway Enterprise Edition.
Shown here:
It is possible to replace the logo with your own one and change the text to be more appropriate.
Logo
The logo is: /netscaler/ns_gui/vpn/images/AccessGateway.ico
replace with your own .ico file but keep the same file name
Browser title text
The title text is in two places
First: /netscaler/ns_gui/vpn/index.html
Search for the section:
<TITLE>Citrix Access Gateway</TITLE>
and change to your text
<TITLE>My CAG Text</TITLE>
Second: /netscaler/ns_gui/vpn/resources/en.xml
Search for the multiple sections:
<Title>Citrix Access Gateway</Title>
and change all of them to your text
<Title>My CAG Text</Title>
Keep changes after reboot
Copy the modified files to /var/mods and add the following lines to the /nsconfig/rc.netscaler file
cp /var/mods/images/AccessGateway.ico /netscaler/ns_gui/vpn/images/AccessGateway.ico
cp /var/mods/index.html /netscaler/ns_gui/vpn/index.html
cp /var/mods/en.xml /netscaler/ns_gui/vpn/resources/en.xml
New look and feel
Now it will look how you want.
Tags: CAG, CAG EE, CAG Enterprise, CAG Enterprise Edition, CAGEE, Citrix Netscaler, customisation, favicon.ico, modification, title
Filed under Citrix Access Gateway, Citrix Netscaler | 1 Comment »
Customize logos on Citrix Access Gateway Enterprise Edition Logon Screen
Posted on July 12th, 2010
This is based on Netscaler version 9.2 Build 46.9.cl although nothing appears to have changed from previous versions, so the same information will probably work on most Access Gateway Enterprise versions (CAG EE)
Change to a white theme
This is detailed in several places but most notably here: CTX123607
This gives the default logon screen in white.
Identify the images used
Here is a screen shot of the default view and list of the associated images & resolutions
There are five main images used in this page and they are:
| Image | Filename | Dimensions |
| 1 | ctxHeader01.bmp | 265 x 62 |
| 2 | ctxHeader02.bmp | 1175 x 62 |
| 3 | LoginIcon.png | 81 x 128 |
| 4 | CitrixWatermark.gif | 115 x 62 |
| 5 | LoginPaneCenterLeftBorderGlow.png
LoginPaneCenterRightBorderGlow.png LoginPaneFooterLeftBorderGlow.png LoginPaneFooterMidBorderGlow.png LoginPaneFooterRightBorderGlow.png LoginPaneTopLeftBorderGlow.png LoginPaneTopMidBorderGlow.png LoginPaneTopRightBorderGlow.png |
As original |
I have found it better to stick to the same dimensions when replacing these images as sometimes the style sheets need to be modified to allow larger image sizes. If you can, stick to the same dimensions.
The background for image 1 & 2 is in the image itself. If you want to keep the same shading and blue bar, then edit the existing image and keep the background.The same applies for the logon logo (image 3) as the shading is part of the image.
To modify the border glow it is best to open up the existing image and use the dropper tool to fill the line in the desired colour.
File locations
These image files need to be copied to the /netscaler/ns_gui/vpn_images location on the Netscaler device. However, when the netscaler is rebooted the changes are lost so they must be copied here at every startup.
Copy all the images to a folder under the /var/ folder (I use /var/mods/) and this can be the store for all modifications.
Startup script
The /nsconfig/rc.netscaler file runs at every boot, so add entries to this file to copy the modified files from the /var/mods/ folder to the correct location. For example,
tar -zxvf /var/mods/AGEEwhite.gz -C /netscaler/ns_gui/vpn/images
cp /var/mods/images/ctxHeader01.gif /netscaler/ns_gui/vpn/images/ctxHeader01.gif
cp /var/mods/images/ctxHeader02.gif /netscaler/ns_gui/vpn/images/ctxHeader02.gif
cp /var/mods/images/CitrixWatermark.gif /netscaler/ns_gui/vpn/images/CitrixWatermark.gif
cp /var/mods/images/LoginIcon.png /netscaler/ns_gui/vpn/images/LoginIcon.png
cp /var/mods/images/LoginPaneCenterLeftBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneCenterLeftBorderGlow.png
cp /var/mods/images/LoginPaneCenterRightBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneCenterRightBorderGlow.png
cp /var/mods/images/LoginPaneFooterLeftBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneFooterLeftBorderGlow.png
cp /var/mods/images/LoginPaneFooterMidBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneFooterMidBorderGlow.png
cp /var/mods/images/LoginPaneFooterRightBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneFooterRightBorderGlow.png
cp /var/mods/images/LoginPaneTopLeftBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneTopLeftBorderGlow.png
cp /var/mods/images/LoginPaneTopMidBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneTopMidBorderGlow.png
cp /var/mods/images/LoginPaneTopRightBorderGlow.png /netscaler/ns_gui/vpn/images/LoginPaneTopRightBorderGlow.png
Final steps
Ensure you boot the netscaler device to confirm the start up script is running correctly and make the same changes to the secondary device if running in an HS pair.
The web page can now look how you want it to!
enjoy
Tags: CAG, CAG EE, CAG Enterprise, CAG Enterprise Edition, CAGEE, Citrix Access Gateway, Citrix Netscaler, color, colour, header image, image, look and feel, modification, watermark
Filed under Citrix Access Gateway, Citrix Netscaler | No Comments »
Citrix XML Service DNS Address Resolution & Access Gateway Enterprise SSL error 38
Posted on April 9th, 2010
I recently set up a Citrix Access Gateway Enterprise solution on a pair of netscaler 7000 devices running v9.1 build 101.5.
It was set up in traditional ‘smart access’ configuration and the Web Interface site was configured for 3 seperate farms – XenApp4.5, XenDesktop 4 & Presentation Server 4.0.
Launching sessions through the CAG for the XenApp farm was fine, but I was getting an SSL error 38 – The proxy denied access to message for the other two farms.
In checking the settings I noticed that the farms that produced the error had the ‘XML Service DNS address resolution’ option selected in the farm properties.
Unselecting this option enabled remote connections to work as normal, however this option was required and needed to be re-enabled.
It turns out that the firewall rules had not been set up properly from the DMZ to the DNS servers, so the Netscaler devices were unable to perform DNS lookups. As soon as the Firewall settings were resolved, the Netscalers could perform DNS lookups and resolved the problem.
Tags: CAG Enterprise, Citrix Netscaler, DNS, ssl error 38, the proxy denied access to, XML Service DNS Address resolution
Filed under Citrix Access Gateway, Citrix Netscaler | No Comments »
Access Gateway Enterprise – ‘page not found’ due to incorrect certificate type
Posted on February 27th, 2010
I recently came across this problem at a site.
They had an internally generated certificate from their company Root CA. The certificate request was generated and then the cert was applied to the Netscaler 7000 device in the usual way.
When a client device made a connection to the Access Gateway Enterprise site, the browser simply showed a page cannot be displayed message.
Removing the Root CA from the client device was enough to prove that the connection was reaching the Netscaler as it then came up with the certificate warning message, but continuing this also showed page cannot be displayed.
It turns out that an internal documented process for this client was incorrect and the security team had issued an incorrect certificate. Rather than issuing a “webserver” type certificate, they issued an “SSL tunnel terminaltion” certificate. However, because it was still a valid certificate the netscaler showed it as valid – However, it wasn’t valid for the Access Gateway Enterprise connection through and this is why the page cannot be displayed message appeared.
Re-issuing the correct certificate type from the csr request and reapplying to the Netscaler was enough to resolve this.
Note: be careful to double check the cert type being issues by an internal CA.
Tags: Access Gateway, CAG EE, CAG Enterprise, cert, certificate, Citrix Netscaler, enterprise, page cannot be found
Filed under Citrix Access Gateway, Citrix Netscaler | No Comments »
Citrix Access Gateway Enterprise Edition scope and limitations for end point scanning rule base
Posted on September 11th, 2008
Citrix Access Gateway Enterprise Edition scope and limitations for end point scanning rule base
This is based on my findings with CAG Enterprise Edition 8.1 build 58.5.
- Pre-requisites
- Internet Explorer
- End Point Analysis Policies
- Pre-Authentication policies
- Authorization policies
- Session policies
- Allowing access to some applications through CAG
- Trust XML Requests
- Restricting access to specific applications
- Allowing any Connection for an application
- Allowing some connections for an application – tied to session policies
- Applying a Citrix Policy based on the outcome of an EPA scan
- Testing
Tags: Analysis, CAG EE, CAG Enterprise, CAG Enterprise Edition, End Point Analysis, end point scans, EPA, limitations, scan, scope
Filed under Citrix Access Gateway, Citrix Netscaler | 1 Comment »