Saturday, 18 May 2013

Publishing Citrix XenApp 6.5 on UAG 2010

I'm not a fan of publishing XenApp on UAG.  Much as there is a wizard, it only works with older versions of XenApp, so you end up having to make a number of modifications to UAG whether it be coding or registry changes, which may end up breaking when you update to a new version of XenApp or apply UAG service packs.

Last week I had to publish Citrix XenApp 6.5, but on testing the main screen just loops.  So fortunately, Ben Ari came to my rescue via this blog post: http://blogs.technet.com/b/ben/archive/2011/10/05/issues-with-citrix-5-4.aspx

Another issue that pops-up with Citrix often, and has been reported to occur with Citrix 5.4 is a looping behavior, where trying to launch the application triggers the browser to loop through the login page repeatedly, ad infinitum. This is caused by a change to the way Citrix handles cookies. To fix it, one needs to configure UAG to treat the cookies a little differently, and that is done via a custom SRA and AppWrap configuration.

To resolve this, you will need to create two XML files on your server, and populate them with the content that I will include ahead. Be careful when copying the content, to preserve a good structure. If any of the XML tags gets broken, it cause UAG to produce a 500 error, so be prepared to back-out any changes if you run into issues. You may also contact me directly via the contact-me form to obtain the files directly from me. The 2nd file there is the more sensitive one, as it has a very long line of text that must be kept intact.

Here are the steps:

1. Copy the content of the first box below into a text file, and save it as “WhlFiltSecureRemote_HTTPS.XML” on your UAG server, under the folder <UAG Path>\Von\Conf\Websites\<Your Trunk>\Conf\CustomUpdate
2. Look at the path settings (highlighted below in green). Your actual path for the Citrix installation may differ (a common variation is /Citrix/XenApp/auth/). If so, change it in the file you create.
3. Copy the content of the second box below into a text file, and save it as “WhlFiltAppWrap_HTTPS.XML” on your UAG server, under the same folder
4. If there are files by those names in there already, STOP! The files CAN be combined, but it could be tricky to do, and I recommend opening a support case with Microsoft CSS to work-through that process.
5. Activate your UAG configuration
The code for the XML files are available from Ben's blog post.

I did encounter an issue though.  This works perfectly on UAG 2010 SP2, but as soon as I applied UAG 2010 SP3, it no longer worked.  Instead of taking you seamlessly into the XenApp application, it presented Windows 2008 R2 login screen.  If you enter your details it works, but if you try to start up another application it would prompt for a login again.  It seems that the SP3 update no longer passes the credentials for the XenApp SSO to work.  I'll update, if I can find out why.

No comments:

Post a comment