Highlighted
2 Bronze

Wyse T10 Connection and Citrix Access Gateway VPX Hostname Length

Wyse T10 Connection and Citrix Access Gateway VPX Hostname Length

I'm testing a new T10 device and attempting to connect remotely through our Citrix Access Gateway VPX to our VDI-in-a-Box setup. When entering the hostname to create the new ICA connection, I am unable to type the entire address as the field doesn't appear to allow for long paths. Unfortunately our domain name is quite login and I must also append the entry with /http/192.168.115.16/dt/PNAgent/config.xml. Is there a way to allow for longer hostname entries? The device is running 7.1_122.

Thanks for any suggestions.

Ken

0 Kudos
Reply
12 Replies
Highlighted
3 Silver

Ken,

When setting up the client to connect through a VPX, you will not create a new ICA connection, but rather will setup a connection on the broker setup tab available on the remote connections menu. That is where you will enter http://192.168.115.16/dt/PNAgent/config.xml

0 Kudos
Reply
Highlighted
2 Bronze

Thanks. I have adjusted the settings as you suggest and it looks like the connection is trying to work. However, I'm getting ERR_CERT_EXPIRED 7606. I do have a valid GoDaddy cert installed on the CAG VPX. When I connect form other devices like an iPad, Android or IE, I don't get any type of cert errors as the cert doesn't expire for another 2 years.

Thanks again for your input.

Ken

0 Kudos
Reply
Highlighted
3 Silver

Check the date and time on your client, sounds like they could be wrong. Can you verify the length of the Certificate; for example, is it 1024, 2048, or 4096 bit?

Also, you may find that you need to install the GoDaddy root Certificate for authentication to work. Since our OS is only 4MB there isn't alot of room to ship with CAs, so we don't have more than 5 or 6 internally. You can install root certificates on the client manually (in the network security tab) or via the central INI file management method.

0 Kudos
Reply
Highlighted
2 Bronze

The cert is 2048 bits. And I see how I can import the GoDaddy root cert. What format and extension must the cert have to import? And do I need the entire chain or simply the root?

0 Kudos
Reply
Highlighted
3 Silver

The default extension when exporting a cert from IE is .cer, and thats fine. Typically only the root is required, but i have seen cases where the intermediate certs were required too, and it can't hurt to import them all.

0 Kudos
Reply
Highlighted
2 Bronze

I was able to successfully import the GoDaddy root cert. However, when I attempt to login from the device through the Citrix Access Gateway, I'm getting "Citrix sign-on failed." Unfortunately the T10 device doesn't provide much information. I can successfully make remote ICA connections using the same method with iPads, Androids and through IE with a Citrix Receiver installed. Are there any type of logs that can be removed from the device? I have used the ping and tracert test and they work fine.

Thanks again for your help.
Ken

0 Kudos
Reply
Highlighted
3 Silver

If you are still doing a proof on concept with the T10 and your CAG, it may be time to contact your sales rep to put you in touch with a sales engineer to further troubleshoot.

The only final thing i can think of is, if you are connecting to a CAG and not a CSG, then you need to have the following parameters in your INI file: PnliteServer=http://MyCitrixServerURL CAGAuthMethod=LDAP

0 Kudos
Reply
Highlighted
2 Bronze

That turned out to be the issue. We are using the free CAG VPX for the ICA connections. However, you cannot use CSG with the free version. This ini change allows this to work? And will I use the internal path to my vdiinabox setup for the pnlite?

0 Kudos
Reply
Highlighted
3 Silver

Oh, the free CAG...That could be a problem as the Free CAG does not allow you to create forwarders. Basically the CAG would look for our browser ID and forward the request to the PNAgent site on your VDI in a box. One other issue you may be seeing is with VDI-in-a-box the PNAgent site is non standard; it is http://server/dt/PNagent/config.xml 

If that doesn't work, I strongly recommend contacting your Wyse Sales rep to get hooked up with a Sale Engineer for further assistance.

0 Kudos
Reply