Hi,
what I want to show you here is the configuration of a Citrix Access Gateway 5 with Advanced Controller for an iPhone/iPad Access to your XenApp/XenDesktop environment, because it isn’t documented now.

I got a lot of questions from partners regarding such a config so I did a demo config and you can see it below with all the Screen Shots.

I divided the config into 5 Steps:

  • Configuration on the WebInterface 5.4
  • Configuration on the Advanced Controller 5.0.2
  • Settings on the iPhone
  • Settings on the iPad
  • Additional information.

 

   Configuration on the Webinterface 5.4
Step1 First of all configure a XenApp Services Site-for the iPhone Access on your WebInterface Server. The name of the XenApp Services-Site in my example is “iPhone”.   
 

 
Manage Server Farm Config:

Step  2 Next configure the XML Service. Please enter the Server acting as a XML Service (and Port) of your XenApp Serverfarm or XenDesktop Site here. 
   
Authentication Methods:
Step  3 Set the Authentication Methode to “Prompt”. You can also pre populate and hide your Domain Name. It’s easier for your Users 🙂 
 

 
Secure Access Settings:

Step  4 The Secure Access Method in my environment is set to “Gateway direct”. Define your Access Method (e.g. Gateway translated) here. 
Step  5 Enter the FQDN of your Citrix Access Gateway.
This FQDN will your Users use to connect to the Access Gateway.Don’t enable “Session reliability”.
Don’t enable “Request tickets from two STAs where available”.
Step  6 Configure your Secure Ticket Authority URL (STA) next.Keep in mind to configure the same STA URL as you use in your Access Gateway config. When you have changed the default  XML Services Port (80) on your XenApp Server(s) acting as STA Server to another Port (e.g. 8080) then you must put the Port Number into the URLe.g:  http://Xenapp.citrix.com:8080/scripts/ctxsta.dllSee also in this document the – “ Settings  Access Gateway Appliances – Global Properties” – at the end of the document (Step 16).

 

   Configuration on the Advanced Controller 5.0.2  
 

Advanced Controller Web Resource Properties:

Step 1 Please be sure that you use at least the Version 5.0.2 of the Access Gateway 5 Advanced Controller and at least the 5.0.2 Citrix Access Gateway Release.
Step 2 The Name of the Web Resource in my example is “iPhone as WI”.
 Step 3 The Web Address is the configured XenApp Services-Site on WI 5.4 and the Application Type is “Citrix Webinterface”.Be sure to set the Web Address correct.Enter in the Web Address your Webinterface Website, without config.xml.
In the Home Page field enter the Webinterface Site with the config.xml
Step 4  
 

Advanced Controller Policy Properties:

Step 5  
Step 6 The name of the Policy is “Mobile Access”.
Step 7 The Web Resource “iPhone as WI” is activated.
Step 8 Only the Web Resource Settings is changed to “Basic”.
Step 9 No Filter is configured in my environment.
Step 10 Add your AD Group or Users who should have access.
   
Advanced Controller Logon Point Properties:
Step 11 Configure a Logon Point for the iPhone/iPad Access. I used the name “iPhone” for the Logon Point.
Step 12  Make the following settings for the Logon Point.
  •  The Name of the Logonpoint is “iPhone”. 
  • The  Logonpoint Type is “Basic”.
  • „Unauthenticated“ is activated

 

Step 13  The Home Page for the Logonpoint is “iPhone as WI”.
Step 14 Enable the Logon Point.
   
 

Access Gateway Appliances – Global Properties:

   
Step 15  It is important that you configure here the same STA Servers as you have configured on your Webinterface Server.
Step 16 Configure the IP Address Range of your XenApp Servers or XD Desktops in the “ICA Access Control” Property.
   
 

Citrix Access Controller Server Configuration Tool:

Step 17 The new created Logon Point “iPhone” must be deployed to the Access Gateway.
Start the Server Configuration Tool – go to Logon Points – mark your new Logon Point “iPhone” and click Deploy.
   
   iPhone Settings:
  Citrix Receiver for iPhone VersionAt least Version 4.0.1
  Install the Root Certificate of your Issuer on your device.
Obtain the certificate issuer’s root certificate and email it to an account configured on your device. When clicking the attachment, you are asked to import the root certificate.
  Address:
https://”FQDN-yourCAG”/http/”FQDN-yourWebinterface”/citrix/”yourWebsite/config.xml
My Example:
https://mobileaccess.demo.de/http/wi.citrus.local/citrix/iphone/config.xml
  Username:
Your User
  Password:
Your Password
  Domain:
Your Domain
  Gateway Settings:
No
   
   iPad Settings:
  Citrix Receiver for iPad Version:
At least Version 4.2.3
  Install the Root Certificate of your Issuer on your device.
Obtain the certificate issuer’s root certificate and email it to an account configured on your device. When clicking the attachment, you are asked to import the root certificate.
   
   
  Address:
https://”FQDN-yourCAG”/lp/”iphone-Logonpoint
My Example:
https://mobileaccess.demo.de/lp/iphone
  Username:
Your User
  Password:
Your Password
  Domain:
Your Domain
   
   Additional Information:
  Session Viewer:You can’t see iPhone or iPad connections in the Advanced Controller Session Viewer.
  Logonpoint Test:You can test your Logonpoint with a Webbrowser.
Enter the Website https://”FQDN-yourCAG”/lp/”iphone-Logonpoint” in Internet Explorer and you should redirected to https://”FQDN-yourCAG”/http/”FQDN-yourWebinterface”/citrix/”yourWebsite/config.xml.The Config.xml of your XenApp Services Site  should be displayed in your browser.