Wyse T10 Connection and Citrix Access Gateway VPX Hostname Length

Ken,

When setting up the client to connect through a VPX, you will not create a new ICA connection, but rather will setup a connection on the broker setup tab available on the remote connections menu. That is where you will enter http://192.168.115.16/dt/PNAgent/config.xml

Check the date and time on your client, sounds like they could be wrong. Can you verify the length of the Certificate; for example, is it 1024, 2048, or 4096 bit?

Also, you may find that you need to install the GoDaddy root Certificate for authentication to work. Since our OS is only 4MB there isn't alot of room to ship with CAs, so we don't have more than 5 or 6 internally. You can install root certificates on the client manually (in the network security tab) or via the central INI file management method.

Oh, the free CAG...That could be a problem as the Free CAG does not allow you to create forwarders. Basically the CAG would look for our browser ID and forward the request to the PNAgent site on your VDI in a box. One other issue you may be seeing is with VDI-in-a-box the PNAgent site is non standard; it is http://server/dt/PNagent/config.xml 

If that doesn't work, I strongly recommend contacting your Wyse Sales rep to get hooked up with a Sale Engineer for further assistance.

I was able to successfully import the GoDaddy root cert. However, when I attempt to login from the device through the Citrix Access Gateway, I'm getting "Citrix sign-on failed." Unfortunately the T10 device doesn't provide much information. I can successfully make remote ICA connections using the same method with iPads, Androids and through IE with a Citrix Receiver installed. Are there any type of logs that can be removed from the device? I have used the ping and tracert test and they work fine.

Thanks again for your help.
Ken

The cert is 2048 bits. And I see how I can import the GoDaddy root cert. What format and extension must the cert have to import? And do I need the entire chain or simply the root?

Thanks. I have adjusted the settings as you suggest and it looks like the connection is trying to work. However, I'm getting ERR_CERT_EXPIRED 7606. I do have a valid GoDaddy cert installed on the CAG VPX. When I connect form other devices like an iPad, Android or IE, I don't get any type of cert errors as the cert doesn't expire for another 2 years.

Thanks again for your input.

Ken

The default extension when exporting a cert from IE is .cer, and thats fine. Typically only the root is required, but i have seen cases where the intermediate certs were required too, and it can't hurt to import them all.

That turned out to be the issue. We are using the free CAG VPX for the ICA connections. However, you cannot use CSG with the free version. This ini change allows this to work? And will I use the internal path to my vdiinabox setup for the pnlite?

So the Xenith 2 can connect through CAG VPX without CSG enabled? I presume it's simply making a direct ICA connection. And we do only have ViaB, so no need for an RDP client as the T10 has.

Thats true. The Xenith 2 platform, which is actually the same hardware as your T10 but with a different zero engine on it, already has the updated receiver. If all you are doing is VDIIAB then you could conceivably get away with using that device today.

Thanks. I actually did get with a sales engineer last night and he caught the issue with our CAG VPX setup. CSG must be enabled and we don't have that option, so we'll just have to find another device. He did mention that a future firmware update to the T10 would update the Citrix Receiver to work much like the iPad version does, which should solve our issue as we can connect fine with iPads through our CAG VPX.

Thanks again for your help through my issue. I actually learned a touch.

Ken