Citrix

How to Configure Connection Methods with Receiver for iOS on CloudGateway 2.0

  • CTX134666
  • Created On  Aug 31, 2012
  • Updated On  Dec 04, 2013
  • 8 found this helpful
  • Article
  • Topic : Other

Summary

This article describes how to configure connection methods with Receiver for iOS on CloudGateway 2.0.

Background

The Citrix Receivers for mobile devices iOS 5.6.1 and Android 3.1.170 released in July 2012 provide the capability to connect to stores hosted on the StoreFront server or AppController. The mobile Receivers can still connect to a Legacy (PNA) site but it cannot take advantage of the CloudGateway features such as follow-me applications, follow-me data, or access cloud-based applications (Web/SaaS) from AppController.

Configuring Connection Methods with Receiver for iOS on CloudGateway 2.0

The following scenarios provide an understanding when to use the StoreFront server FQDN and/or Access Gateway FQDN in a CloudGateway 2.0 solution when connecting from a mobile device:

Internal Users Connecting to Storefront 1.2 Server

  • Scenario 1 – Legacy (PNA) Site and No Store Available
  • Scenario 2 – No Legacy (PNA) Site but Store is Available
  • Scenario 3 – No Legacy (PNA) Site but Custom Store Name is Available
  • Scenario 4 – Legacy (PNA) Site and Store is Available
  • Scenario 5 – Use Email-based Account Discovery
  • Scenario 6 – Run the StoreFront Provisioning File

External users connecting via Access Gateway 10

  • Scenario 1 – Use Email-based Account Discovery
  • Scenario 2 – Run the StoreFront Provisioning File

Internal Users Connecting to StoreFront 1.2 Server

If users enter the FQDN of StoreFront server as shown in the following screen shot, then the Receiver scans the backend StoreFront server for the following paths:

  • GET /
  • GET /Citrix/DesktopWeb/auth/login.aspx
  • GET /Citrix/XenApp/auth/login.aspx
  • GET /XAFServices/config.xml
  • GET /lp/
  • GET /vpn
  • GET /CitrixLogonPoint
  • GET /vpn_logo.gif
  • GET /citrix/pnagent/config.xml

Scenario 1 – Legacy (PNA) Site and No Store Available

If Receiver finds a Legacy (PNA) site on StoreFront that is enabled by default and no store on StoreFront is called Store that is /Citrix/Store, then the Receiver connects to the Legacy (PNA) site and prompts for credentials as shown in the following screen shot:

Scenario 2 – No Legacy (PNA) Site but Store is Available

If Legacy (PNA) site is not available on StoreFront server, then the Receiver fails to connect to StoreFront even if there is a store called Store that is /Citrix/Store.

If you select Manual Setup, then it does not provide the option to configure StoreFront as the connection type, as shown in the following screen shot:

In this scenario, users have to run the Provisioning File generated by the StoreFront server or use Account Services solution or Email-based account delivery that uses the Service Location (SRV) DNS record. Refer to http://support.citrix.com/proddocs/topic/dws-storefront-12/dws-plan-account-discovery.html for more information.

Scenario 3 – No Legacy (PNA) Site but Custom Store Name is Available

If Legacy (PNA) site is not available and no store on StoreFront server is called Store in the location /Citrix/Store, then the Receiver reports the following error message:

"Error – Could not verify server address https://StoreFrontFQDN"

If you select Manual Setup, then it does not provide the option to configure StoreFront as the connection type, as shown in the following screen shot:

In this scenario, users have to run the Provisioning File generated by the StoreFront server or use Account Services solution (Email-based account delivery) that uses the Service Location (SRV) DNS record. Refer to http://support.citrix.com/proddocs/topic/dws-storefront-12/dws-plan-account-discovery.html for more information.

Scenario 4 – Legacy (PNA) Site and Store is Available

If the StoreFront server has both a Legacy (PNA) site and a store called Store that is /Citrix/Store, then the Receiver connects to the Legacy (PNA) site and users gets a prompt to enter the credentials.

Scenario 5 – Use Email-based Account Discovery

With the latest version of Citrix Receivers, users can now add an account or store without the StoreFront server FQDN or IP address. This is called Account Services or Email-based account discovery. This feature is available and supported on Citrix StoreFront 1.2 or later, AppController 2.0 or later, and Access Gateway 10 69.4nc or later. Email-based discovery uses SRV (Service Location) DNS records created either on the Local DNS server, Authoritative DNS server, or both. To learn more about SRV (Service Location) record, refer to http://support.citrix.com/proddocs/topic/dws-storefront-12/dws-plan-account-discovery.html.

In this scenario, users must enter an email address, as shown in the following screen shot:

Note: Citrix Receiver does not check the authenticity of the email address entered. However, it checks the domain of the email address. This is the domain that you have to use to query for a SRV record. Next, users get prompts to enter domain credentials:

Scenario 6 – Run the StoreFront Provisioning File

If the IT Administrator decides not to create the SRV DNS record, users should be able to run the provisioning file provided by StoreFront server either from Receiver for Web site or export the provisioning file from the StoreFront server console.

The following screen shots shows an example of provisioning file from Receiver for Web site:


The following screen shot is an example of provisioning file from Citrix StoreFront console:

Note: Some Android OS devices do not allow the execution of the .CR file (provisioning file) from StoreFront. As a workaround, export the file from the StoreFront server, change the extension as .xml and send it as an email.

External users connecting via Access Gateway 10

To allow remote mobile users to connect to CloudGateway using iPad, iPhone, or Android devices, you must configure the new Citrix Receivers for mobile devices by using either the Provisioning File or Email-based account discovery.

If you provide the Access Gateway FQDN, then the Receiver connects to the Access Gateway through the Legacy (PNA) site instead of the store in the StoreFront server. If users want native connectivity to a store, then users must run the Provisioning File or complete the email-based account discovery wizard.

If users enter the Access Gateway FQDN, then the Receiver scans the Access Gateway appliance to identify which Access Gateway edition the customer has deployed and then it adjust the settings automatically.

Scanning paths using Receiver for iOS:

  • GET /vpn --- Access Gateway Enterprise
  • GET /CitrixLogonPoint --- Access Gateway Advanced

Because the Receiver connects to a Legacy (PNA) site and not to a store from StoreFront server, it is recommended for customers to complete the following steps:

  1. Configure the SRV DNS record so users can use the Email-based Account Discovery.
  2. Run the provisioning file generated by StoreFront server.

Note: You can only run provisioning file for mobile devices with Receiver for iOS 5.6.0 or later and Receiver for Android 3.1.170 or later. In earlier versions of Citrix Receiver for mobile devices, connections to the Legacy (PNA) site are allowed only from StoreFront through Access Gateway Enterprise edition.

This behavior on Citrix Receiver for mobile devices is available for customers who still use the Web Interface with XenApp Services site for mobile users. If the users upgrade to the latest Citrix Receiver for mobile, you must have the auto-client configuration available for the users to configure their mobile device accordingly.

Scenario 1 – Use Email-based Account Discovery

To use the Email-based Account Discovery, IT administrators must create the SRV DNS record either on the Local DNS server or on Authoritative/public DNS server. For more information about how to create the SRV record appropriately, refer to http://support.citrix.com/proddocs/topic/dws-storefront-12/dws-plan-account-discovery.html.

In this scenario, users must enter an email address:

Note: Citrix Receiver does not check the authenticity of the email address entered. However, it checks the domain of the email address. This is the domain that you have to use to query for a SRV record. Next, users get prompts to enter domain credentials:

Scenario 2 – Run the StoreFront Provisioning File

If the IT administrator does not to create the SRV DNS record, then users can run the provisioning file provided by StoreFront server either from Receiver for Web site or export the provisioning file from the StoreFront server console.

The following screen shots shows an example of provisioning file from Receiver for Web site:


The following screen shots shows an example of provisioning file from Citrix StoreFront Console:

Note: Some Android OS devices do not allow the execution of the .CR file (provisioning file) from StoreFront. As a workaround, export the file from the StoreFront server, change the extension as .xml and send it as an email.


Share your comments or find out more about this topic

Citrix Forums

Languages

N/A

Was this helpful?

Thank you for your feedback!


| Terms of Use | Privacy | Governance