Why Mobile Devices need the Citrix Services Site configured

XenApp has a component called Web Interface Management Console (let’s call it WIMC). The WIMC can be installed on the same server as XenApp, or it can be installed on a different server. In smaller environments XenApp, WIMC and the Licensing Management Console (LMC) can be installed on the same server. In larger environments, the WIMC and the LMC are usually installed on separate servers than XenApp

The WIMC is where you configure the Website for your Citrix authentication and application enumeration and launch. Also you configure the URL for the Services Site. The Services site is what in the Presentation Server (predecessor of XenApp) days was called the PNA Agent site. The Services site, once configured allows users to see their apps being enumerated on the end point devices via the Online Plug-in, when you click the icon on the system tray (blue icon). The PNA agent site also allows the apps to be enumerated on the Start Menu and desktop of the end point device if you wish. The online plug-in is now being deployed as part of Citrix Receiver (“the black icon”). With Citrix Receiver the apps are not longer being enumerated in the system tray, only on the Start Menu and Desktop of the end point device.

What some people don’t realize is that the Services site is the PRIMARY way of configuring the Citrix Receiver for MOBILE DEVICES (Android devices, iOS devices, Blackberry devices, etc). If your mobile devices are outside of your LAN, you usually have some sort of protection such as Citrix Secure Gateway (CSG), Citrix Access Gateway (CAG), NetScaler or some 3rd party security appliance device, virtual or physical.
If you use a certificate to secure the access to your Citrix Farm, you MUST configure the certificate on your Services site in order for the Citrix Receiver to work properly on those devices. So in addition to the Web Site don’t forget to configure your Certificate on the Services Site.

I was checking a Citrix forum and came across a common issue and error when users try to connect to a Citrix farm and don’t have a certificate configured on the Services site in the WIMC:

“Connection Error. Citrix Receiver could not establish connection with remote host. Please contact your administrator for assistance”

This error can occur for different reasons, but a very common reason is a misconfiguration or non-configuration of the Secure Access in the Services site for the Mobile Devices.

Example: If you are using the latest Citrix Receiver (or CR) for iOS (as of January 2013 the latest version of CR for iOS is 5.7), and you are using the latest version of iOS (version 6.01 as of January 2013) and users are able to launch apps via Web Interface in the iOS device (IPhone, IPOD or IPAD) but not via CR, you need to check the secure access settings on the Services Site of the WIMC. If using CSG or CAG, use the option: Gateway Direct and configure properly, by entering among other things, the access route (IP address, Mask and acess method), the security ticket authority (e.g: http://hostname:8080/scripts/ctxsta.dll). You might need to contact Citrix Support and ask for help from the Web Interface team if you don’t know how to configure Web Sites or Services Sites for secure access).
A lot of times the issue is with the certificate. You can check the validity of the Cert by using a tool available at digicert.com ( digicert.com/help ). What this tool does is to allow you to enter the URL of the Certificate and see if it passes all the tests of validation. If you get any warnings or errors you might need to contact your Certificate’s provider and request another certificate.
It is not uncommon for a Citrix admin to forget to configure the Services Site for secure access

So, in summary, keep in mind: The Web Interface Management Console presents two types of Sites; one is the Web Site, and the other one is the Services Site. The services site is the PRIMARY way of connection for Mobile Devices and needs to be configured accordingly, especially if you are using certificates for the Citrix farm. In that case remember to select “Gateway Direct” instead of “Direct” for the Secure Access

Important to note that WIMC is being replaced by two new Citrix components: Citrix StoreFront and Citrix Merchandise Server. So, start studying these two new components and be prepared for the changes!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: