none
How to publish Citrix Metaframe 4.0 Webinterface trough UAG 2010 RRS feed

  • Question

  • Hi all,

    I'm having trouble publishing citrix webinterface trough the UAG.

    What i did is;

    - created a Browser embedded appliaction (Citrix XenApp 5.0)

    -I add paths to /Citrix, /Citrix/Metafram/auth etc.

    etc.

    also i applied nececairy steps from this article  http://blogs.technet.com/b/edgeaccessblog/archive/2010/03/25/how-to-publish-citrix-xenapp-5-x-with-uag-2010.aspx 

    I don't get any errors, after i click on the appliaction in the portal it just stays blank and keeps trying to load something. (not sure what)

    Also no errors in UAG webmonitor.

    Only error i see is in the iis log file of the Citrix web server,

    2010-06-18 12:32:37 W3SVC1 {Citrix webserver ip} GET /Citrix/MetaFrame/auth/login.aspx - 80 - {UAG inside ip}Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.648) 302 0 0

    The citrix web interface works fine without the UAG.

    Hope some can help with this one.

    Friday, June 18, 2010 2:16 PM

Answers

  • Citrix indeed behaves differently with different versions, so you won't be able to use UAG's built in template for this. It's possible to create a custom template, but the steps for that are much too complicated to state here. I would recommend contacting a conslutant to investigate the feasability of doing this publishing. There are several companies who specialize in IAG and UAG, and they might be able to help.
    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, June 29, 2010 8:10 PM
    Tuesday, June 29, 2010 8:08 PM

All replies

  • just tried,

     

    Hi,

    I think I have managed to fix my UAG and Citrix integration issues today.

    The fix included adding the following code into a custom WhlFiltAppWrap_HTTPS.xml file:

    <MANIPULATION_PER_APPLICATION>
    <APPLICATION_TYPE>CitrixXenApp5</APPLICATION_TYPE>

    <!-- Citrix fix for client cookies issue -->

    <DATA_CHANGE ee="1">
    <URL case_sensitive="false">/Citrix/.*/auth/login.aspx</URL>
    <!-- check if RWS is secured or not -->
    <SAR>
    <SEARCH encoding="base64">ZnVuY3Rpb24gc2V0SXRlbUluQ29va2llKG5hbWUsIHZhbHVlKQ==</SEARCH>
    <REPLACE encoding="base64">d2hsSXNTZWN1cmUgPSAiRkFMU0UiOw0KZnVuY3Rpb24gY2hlY2tXSExSV1MoKQ0Kew0KIHZhciB3aGxVUkwgPSBsb2NhdGlvbi5ocmVmOw0KCSBpbmRleDEgPSB3aGxVUkwuaW5kZXhPZigiLy8iKTsNCiAgICAgICAgICAgICBpbmRleDIgPSB3aGxVUkwuaW5kZXhPZigiLyIsaW5kZXgxKzIpOw0KICAgICAgICAgICAgIGluZGV4MyA9IHdobFVSTC5pbmRleE9mKCIvIixpbmRleDIrMSk7ICAgICAgDQoJIGluZGV4NCA9IHdobFVSTC5pbmRleE9mKCIvIixpbmRleDMrMSk7ICAgIA0KICAgICAgICAgICAgLy9nZXQgdGhlIHdobCBpbmRpY2F0b3IgZm9yIGEgc2VjdXJlLyBub24gc2VjdXJlIFJXUyAgICAgICAgICAgICAgICANCgkJd2hsVVJMID0gd2hsVVJMLnN1YnN0cmluZyhpbmRleDQtMSxpbmRleDQpOw0KCQkvL21lYW5zIHRoZSBSV1MgaXMgc2VjdXJlZA0KCQlpZiAod2hsVVJMID09ICIxIil3aGxJc1NlY3VyZSA9ICJUUlVFIjsNCn0NCmNoZWNrV0hMUldTKCk7ICAgICAgICAgICAgICAgIA0KZnVuY3Rpb24gc2V0SXRlbUluQ29va2llKG5hbWUsIHZhbHVlKQ==</REPLACE>
    </SAR>
    <!-- setting isSecure to false -->
    <SAR>
    <SEARCH encoding="base64">dmFyIGlzU2VjdXJlID0gKGxvY2F0aW9uLnByb3RvY29sLnRvTG93ZXJDYXNlKCkgPT0gJ2h0dHBzOicpOw==</SEARCH>
    <REPLACE encoding="base64">dmFyIGlzU2VjdXJlID0gd2hsSXNTZWN1cmU7</REPLACE>
    </SAR>
    <!-- remove secure setting when creating cookie on client machine -->
    <SAR>
    <SEARCH encoding="base64">aWYgKHdpbmRvdy5sb2NhdGlvbi5wcm90b2NvbC50b0xvd2VyQ2FzZSgpID09ICJodHRwczoiKQ==</SEARCH>
    <REPLACE encoding="base64">aWYgKHdobElzU2VjdXJlPT0iVFJVRSIp</REPLACE>
    </SAR>

    </DATA_CHANGE>
    </MANIPULATION_PER_APPLICATION>


    I would like to say that I wrote this myself, but we actually found it in the original AppWrap file on one of our old IAG servers.

    Based upon the MS UAG blog it appears that the AppWrap code has been “cleaned up” for UAG (goodle "uag appwrap") which probably involved this code being removed. We have confirmed that this code fixes publishing Citrix WI 4.x/5.x with UAG RTM.

    Based upon my findings, it is hard to see how anyone using Citrix Web Interface 4.x/5.x could have a working solution with the default UAG RTM configuration. Hence, I am a bit surprised that this issue has not been seen elsewhere by now…

    Kind Regards

    Jason

     

    original post http://forums.forefrontsecurity.org/default.aspx?g=posts&t=166

    still nothing

    Friday, June 18, 2010 4:25 PM
  • anyone????????

    i'm realy desperate.

    Monday, June 21, 2010 8:56 AM
  • I don't think the XenApp 5.0 templates work with version 4.x as the Web Interface structure is different...
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Monday, June 21, 2010 9:10 AM
    Moderator
  • First of all thank you very much answering, i thought i was all alone.

    isn't there any other way to get this working?

    Monday, June 21, 2010 9:26 AM
  • Citrix indeed behaves differently with different versions, so you won't be able to use UAG's built in template for this. It's possible to create a custom template, but the steps for that are much too complicated to state here. I would recommend contacting a conslutant to investigate the feasability of doing this publishing. There are several companies who specialize in IAG and UAG, and they might be able to help.
    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, June 29, 2010 8:10 PM
    Tuesday, June 29, 2010 8:08 PM
  • You could also look at some of the old IAG templates, but they would need modifying for UAG; not easy, but maybe easier than starting from scratch...
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, June 29, 2010 11:15 PM
    Moderator
  • Hi Amigo. If you are in a hurry and want to use a quick solution, you could publish Citrix access as a client/server application instead of a web or browser embedded one. Just select a template for a generic client/server application for multiple servers (hosts disabled). Specifiy the servers in the Citrix farm and the web interface. Use ports 443 (or 80) (for web interface) and 1494 and/or 2598 (for ICA client). Make sure the socket forwarding mode is set to Basic.

    Note that:

    1) This only works for Internet Explorer

    2) There will be no SSO to the web interface

    3) There will be no URL inspection

    Hope it helps


    // Raúl - I love this game
    Wednesday, June 30, 2010 6:26 AM
  • Hi

     

    Im also having similer issue but i am using UAG update1 i noticed the SSLtemplate was there by default now but when i connect to the Web Interface box a new popupbox comes up asking me to login if i do nothing happens i dont get into WI.. i have seen all the posts about the WhlFiltAppWrap_HTTPS.xml file but where do u save it there is no Custom updates folder in website\conf and if i edit the one just on conf it reset ever reset.. if i need to make that directory and file do i need to put anything else into it jsut really getting annoying and i would have though this would have been an easier process

     

    UAG Version 2010 Update 1

    Citrix xenapp 4.5

    Web Interface 5.3

     

    thanks

     

    Dave

    Saturday, July 31, 2010 5:17 AM
  • I fought this issues earlier in the year, what I did then (while running UAG_eval) was import (into customupdate) folders the necessary code from UAG_RC1 (which still natively supported Citrix WI 4) and it worked like a charm.

    Fast forward to today, and a honest-to-goodness paid for UAG appliance running UAG update 1, and my customupdate files would not work.  After two days of fiddling with URL rule sets, and custom code.  I went for a different approach.  I discoverd that I could use XenApp WI 5 to access my Citrix Metaframe 4.0 farm.  Or in my case XenApp WI 6 (as it's Server 2008 R2 friendly)

    So my solution ultimatly was to upgrade my citrix web interface, all in all, it took about 45 minutes, to set up, configure, and create the portal applictiaon using the UAG-built in XenApp WI 5 template.

    Monday, August 2, 2010 7:27 PM
  • I fought this issues earlier in the year, what I did then (while running UAG_eval) was import (into customupdate) folders the necessary code from UAG_RC1 (which still natively supported Citrix WI 4) and it worked like a charm.

    Fast forward to today, and a honest-to-goodness paid for UAG appliance running UAG update 1, and my customupdate files would not work.  After two days of fiddling with URL rule sets, and custom code.  I went for a different approach.  I discoverd that I could use XenApp WI 5 to access my Citrix Metaframe 4.0 farm.  Or in my case XenApp WI 6 (as it's Server 2008 R2 friendly)

    So my solution ultimatly was to upgrade my citrix web interface, all in all, it took about 45 minutes, to set up, configure, and create the portal applictiaon using the UAG-built in XenApp WI 5 template.


    I'm curious to know how you got the portal application configured. I'm running Citrix Web Interface 5.2 and UAG (without update 1) and the canned UAG XenApp Web Interface 5 browser embedded portal. From the portal properties, I added the /Citrix/XenApp path, listed the farm servers and have 1494, 2598, and 3389 listed. When I hit the portal landing page the Citrix link is grayed out w/ the text 'Forefront UAG endpoint components installation is disabled'. Is the UAG endpoint component required for Citrix connectivity?

    Thanks.

    Saturday, August 13, 2011 12:33 AM
  • Hi Amig@. Yes, client components are needed. The first access to WI is a web application and so nothing else is needed but when executing an application the ICA client must be launched (normally through an ActiveX) and that one is a client/server application that must be encapsulated by client/server wrapper.

    Have a nice weekend


    // Raúl - I love this game
    Saturday, August 13, 2011 6:55 AM