Jump to content
Welcome to our new Citrix community!

RDP Proxy and ICA Proxy on same Gateway


Recommended Posts

I have a Citrix Gateway with a RDP Proxy session profile bound to it. RDP Proxy works great.

 

I would also like to deliver XAXD/StoreFront published apps from the same Gateway. So I have a Receiver for Web session policy that I bind to this Gateway, and that works great.

 

However, whenever I bind the RfW policy and RDP Policy at the same time, my RDP Proxy stop working. When users try to launch the RDP files, they just get "internal error occurred" in their RDP client.

 

Can anybody help me out? @Carl Stalhood1709151839 I followed your RDP Proxy guide, and you were able to deliver both RDP Proxy and XAXD apps on the same gateway.

Link to comment
Share on other sites

In your ADC session profile on client experience, set clientless access to On.

on published applications, set ICA Proxy to OFF and enter your storefront FQDN in the Web Interface Address section.

Web Interface Address Type is IPv4

Web Interface Portal Mode is NORMAL.

RDP set your RDP Profile.

 

All in the same session profile. After login you are getting ica and rdp apps / desktops on the same gatway landing page.

 

Best Regards

Julian

Link to comment
Share on other sites

I have tried this several times and it just doesn't work for me. I never see the ICA apps on the gateway, unless I apply 2 separate session policies: One for RDP, and one for Storefront, but then my RDP files no longer work.

 

Do you have a separate VIP for the RDP listener? I think this might be my problem. I have the Gateway and RDP Listener on the same vServer and VIP. I think maybe I need a separate vServer with the RDP SERVER profile attached, making it the rdp listener. Then  I need a second vServer/VIP with the authentication and the combined RDP and Storefront session policy attached. Is that how you have it setup?

Link to comment
Share on other sites

3 minutes ago, Julian Jakob said:

I don't use the rdp listener feature, I only create a rdp client profile and that's it.

 

Me neither. I created the RDP Server profile but it is not bound to any vServers. Did you build a generic vServer for your RDP Session profile? Or did you use the XA/XD Gateway or Unified Gateway wizards?

 

I just don't understand what I am missing. I am using SAML for authentication to the Gateway, and FAS for VDA authentication. I wonder if that is messing with things somehow. And Citrix support has not been very helpful.

Link to comment
Share on other sites

Sure, that's a very important info, as you are using SAML for authentication, windows does not support SAML auth, thats why you are getting the error by clicking on your rdp bookmarks if you enable the unified gatway config.

 

For VDA you're having FAS for SSO, for RDP Proxy there is no SSO Support, you have to authenticate twice. Just disable SSO for your rdp proxy so if your users clicking on rdp bookmark the windows auth is popping up again. (checkout https://support.citrix.com/article/CTX208324and) and it should work!

Link to comment
Share on other sites

Hi Julian, SAML authentication to the RDP PRoxy Gateway works already. I do get a second prompt for credentials when connecting to the RDP host, but that is fine,. The problem is that as soon as I add XAXD/Storefront config to the session profile, the RDP PRoxy fails.

 

Also XAXD ICA proxy using SAML auth to the gateway also works. It is only when trying to combine the 2 options on the same gateway do I get the error with RDP Proxy.

Link to comment
Share on other sites

51 minutes ago, Julian Jakob said:

Sure, that's a very important info, as you are using SAML for authentication, windows does not support SAML auth, thats why you are getting the error by clicking on your rdp bookmarks if you enable the unified gatway config.

 

For VDA you're having FAS for SSO, for RDP Proxy there is no SSO Support, you have to authenticate twice. Just disable SSO for your rdp proxy so if your users clicking on rdp bookmark the windows auth is popping up again. (checkout https://support.citrix.com/article/CTX208324and) and it should work!

 

Would you be able to share the "Expression" in your RDP/XAXD Session policy? Is it just "true"?

Link to comment
Share on other sites

11 hours ago, Julian Jakob said:

on published applications, set ICA Proxy to OFF and enter your storefront FQDN in the Web Interface Address section.

 

Also, for your StoreFront FQDN, are you putting the full path to the Receiver for Web site (ie: https://storefront.domain.com/Citrix/StoreWeb) ? Or just the FQDN of the root server? (ie: https://storefront.domain.com)? Or something else.

 

Thanks again for any advice!

Link to comment
Share on other sites

Yes, sure. As I'm saying, I'm using a single session profile / session policy, expression is "true".

 

My RDP Client Profile:

image.thumb.png.318ca980a72f4e41bd20942291e6e221.png

 

The StoreFront Settings in the Session Profile: (URL configured to the StoreWeb Path)

image.thumb.png.7a6df3720e16b719e2e101584e8a7434.png

 

In the same Session Profile, the configured RDP Client Profile linked (first screenshot):

image.thumb.png.efdda40b6f2cc2653088261d40f1fabc.png

 

nothing else, this works fine for me in a few setups.

 

Regards

Julian

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...