Jump to content
Welcome to our new Citrix community!

Configuring Citrix Unified Gatway with Published Desktop and OWA


Marc Kuhn

Recommended Posts

Hi guys

 

i'm starting to work with Unified Gateway which is as far as i can see a really nice configuration for the users to have all in one page. I configured a Virtualserver with the Wizard. Normally we are configuring everything with an Citrix ADM, i'm wondering if everybody is doing it with the wizard or is somebody doing it also via CLI?

 

Also i would like to use the RefWebUI Portal Template, which looks nice. When just adding the OWA to the Gateway, i will have 3 choices. In this artikel i saw, that i should be able to disable that choices and present the "Clientless Access", where i can start the Published Desktop as well as OWA. The Wizard created me 3 Session Profiles, i tried to disable that box in the one with 110 Priority:

 

image.thumb.png.8db643164c0aa945d8f90b8517192091.png

 

But as soon as i'm doing that, when the user is logging in, it redirects me directly to the Storefront Website. How can i achive that i'm landing directly in the page with "Clientless Access" where i have all together at one side?

 

Many thanks for your help.

 

Best regards,

Marc

Link to comment
Share on other sites

So the session policy setting client choices:ON (under Client experience tab > advanced settings) is what allows you to see multiple connection options, if possible.

However, if the net effect of your policies is only one type of connection supported, then it will bypass choices anyway.

Also, check if the storefront page is only specified in the storefront property in the Published Applications (ICA Proxy) tab OR if a a default home page was also specified on the Client Experience tab (if this is set, then you will be directed to storefront even if you wanted to do vpn...so maybe clear this value to use default vpn portal page if needed.)

 

So the question is a) do you have choices enabled or disabled and b) even if choices are enabled would user's have a choice of connections or not.

 

If you enable choices and still can't select an option, then look at additional settings:

The ICAPROXY:ON + storefront (without choices can be an ICAProxy only config). 

If choices are ON, then the options presented are dependent on the ICAProxy:ON|OFF the Clientless:ON|OFF|DISABLED settings

For Clientless to show up it needs to be set to Clientless:ON or OFF (off means optional and not disabled...its confusing)

You may also need to adjust the ICAProxy:ON to OFF (which also means optional, if a storefront is still configured as opposed to ON which is ICA only in some contexts)

 

 

 

 

Link to comment
Share on other sites

Hi Rowland

 

many thanks for your feedback. Well, when i configure the Unified Gateway from scratch, i'm able to see all 3 options. When i click on the Option "Clientless Access", i'm able to start the Published App and Desktop as well as start the OWA Website i configured. So to your question: The choices are OFF and i'm redirected to Storefront directly. Just to mention, when choices:ON everything is working except that i have the 3 choices, which i want to avoid.

 

The Session-Policy looks like this:

 

image.thumb.png.b64f4b0b5f30f09c8dc1745bc1d1c31e.png

 

image.thumb.png.c269dec9536e9111a268c92d5f8c99ff.png

 

image.thumb.png.a90638dbe79807609c604e1e691585fe.png

 

image.thumb.png.033124e74c98199e41f3568405324fdc.png

 

This is what the wizard is configuring for me, except the choices.

 

Do you see anything wrong there? I'm not sure if i understud you correctly.

 

Best regards,

Marc

Link to comment
Share on other sites

I thought you wanted to see the choices option.

So to clarify, you want to see both ICA Proxy apps AND the OWA clientless at same time via the RFWebUI vpn page instead of the StoreFront only page (i think this is correct).

In your !CitrixReceiver policy at priority 110 (because this affects the web page users and not the Citrix Receiver users):

 

These still may need to be tweaked but try this:

Choices:OFF
ICAProxy:OFF + StoreFront configured (ICA Proxy:ON means ICAProxy only)

Clientless:OFF (aka allow)

ON=means required, OFF=means allowed/optional, DISABLED=means none. (long story)

 

If Choices is OFF but more than one connection is possible, the system has to make a choice for you.  In this case:

You have ICAProxy:ON and other options, the user defaults to ICAProxy only with the storefront page...

If ICAProxy is OFF, but Clientless:ON, then you are clientless only (usually)

ICAProxy:OFF, but with a storefront store still specified usually allows you to get ica proxy apps + clientless/vpn stuff in the vpn portal page.

 

 

 

 

Link to comment
Share on other sites

Hi Rowland

 

many thanks for that, you are right, i would like to have one portal with Clientless and ICA Proxy Apps available there. I configured now ICAProxy:OFF. Now it asks me to install the Gateway VPN Client, which i did but which i don't want. Also the ICA Apps are not available in this portal like that. I guess there is another config needed for having Clientless Access configured instead of VPN:

 

image.thumb.png.98b9fb05fe2c1958fda114a8c3a717e9.png

 

Best regards,

Marc

Link to comment
Share on other sites

Hi Rowland

 

i found that article today and configured now the session policy like that:

 

https://support.citrix.com/article/CTX202890

 

Session Policy, the following settings are required:

On the Client Experience tab:
Clientless Access = ON
Single Sign-on to Web Applications = Checked
Credentials Index = Primary

 

On the Security tab:
Default Authorization Action = Allow

On the Published Applications tab:
ICA Proxy = OFF
Web Interface Address = https://serverFQDN/Citrix/StoreWeb (StoreWeb is the actual store name).
Single Sign-on Domain = Configured

 

Now i have both on the same page like i was looking for. Many thanks for your help on that.

 

Best regards,

Marc

  • Like 1
Link to comment
Share on other sites

3 hours ago, Marc Kuhn said:

On the Client Experience tab:
Clientless Access = ON

 

This is why you always have to play with it a bit.  Clientless:OFF (meaning allowed) would have deferred to vpn in choices mode. clientless:ON means clientless required (over vpn) and the ICA Proxy:OFF (meaning allowed, but not mandatory) with a storefront should result in both.

 

I'm glad you figured it out; as I forgot to adjust the other value.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...