Creating user customizable announcements for NetScaler Access Gateway

A customer would like to designate a number of people for customizing announcements on the Access Gateway Enterprise page.  This way the organization can announce important changes, planned downtime or other announcements. The advantage of this is that a network engineer does not need to be bothered for displaying all sorts of messages on the Access Gateway by fiddling with the files on the appliances.


Read more of this post


To EPA or not to EPA …

For anyone who has not worked with NetScaler Gateway Endpoint Protection Analysis before. It is pre-check before the user get to see the Gateway Logon page it has to comply certain rules that we have programmed the Gateway with. Sometimes I here people say that there is no future for EPA, but I would like to show a use-case which still is actively deployed using NetScaler Gateway and EPA’s.

This feature was already present with the Citrix Access Gateway Advanced using Citrix Advanced Access Control Option Server, yes did it! :-).

What it does is that upon client request it will launch a small piece of Citrix client software to check if the client meets our requirements for connecting. This is triggered by using an ActiveX component within Internet Explorer of Firefox. If the software is not installed it will prompt the user to do so.

Read more of this post

Contributing to Citrix Education

Last week I was off to Citrix Systems, Santa Clara for attending the next Citrix NetScaler-based CCA exams IDW (Item Development Workshop). An IDW is a workshop that lasts about a week in which you and others will create exam questions (or items) that will appear on the next (or revised) Citrix exam(s). In this particular IDW we are concentrating on the follow-up exams of the old Citrix NetScaler 1Y0-A11 and Citrix Access Gateway Enterprise 1Y0-A13 which are based on the Citrix NetScaler 9 software version.

Citrix NetScaler IDW 2012-01

Unfortunately we forgot to take a picture of all the participants together, so to name a few: from left to right: Lourdes Soler (Citrix), Henny Louwers, Stuart Souter, Alejandra Garcia (Citrix), Craig Pickford and Robert Zehnder.

Read more of this post

Citrix NetScaler 10: Apply Citrix Receiver Theme

You may have noticed in the Release Notes of Citrix NetScaler 10 that is possible to apply the new Citrix Receiver theme to the Access Gateway Enterprise logon page.

As per the Release notes:

Apply the Citrix Receiver theme to the logon page
You can use the command line to overwrite the original Access Gateway logon page with the Citrix Receiver theme

Only the how is nowhere to be found in the Citrix documentation. Update: the official Citrix product documentation on how to apply the Citrix Receiver theme to Citrix Access Gateway Enterprise 10 can be found here:
So, although the explanation below will work, I’d have to recommend using Citrix product documentation.

Well, Jarian Gibson found out how (So no credit for me), you can also go tot the forum post, it is the same task sequence.

Read more of this post

Security bug: Users can change Citrix WI Site by changing path in URL

At first I thought I was going out of my mind, fortunately Citrix Tech Support has confirmed this bug and are working on a solution.


Installing a brand new pair of Citrix NetScaler MPX 5500 with the latest Citrix NetScaler build (9.3-55.6).

The Citrix NetScaler security design was made so to create 9 Access Gateway Virtual Servers all with their own Citrix Web Interface site so that all the traffic could be isolated and different kinds of security measures could be applied to the different Access Gateway Virtual Servers. There are multiple Citrix XenApp Farms in de backend where the different users would land depending of the target audience.

Read more of this post

Copy webcontent to Citrix NS/AG from FTP site through a Cron job

I have a customer who would like the Citrix NetScaler (Access Gateway and AAA website) website to dynamically retrieve files to show customized content without web developers entering the Citrix NetScaler on a frequent basis.

One thing you do have to remember is that over-customizing the Citrix Access Gateway portal page is in fact not supported by Citrix. I do not think there are a lot of people out there who actually know this. Now, they will not act very difficult if you alter a picture here or there or customize a little text, but be aware of over-customizing. Next to support issues, you can run into trouble when new Citrix NetScaler updates come out that are not going to be aware of your customizations.

Now, this particulair customer over-customizes Smile a lot! What they wanted is to have an iFrame in the Access Gateway (and AAA) page which showed visitors updated news, links, RSS Feeds etc. This iFrame showed the content of a Microsoft Sharepoint environment (please, don’t ask why). We tried publishing this iFrame through Citrix Netcaler but did not work (long story short, it was because of Microsoft Sharepoint). So now we came up with the idea to copy this content periodially to the Citrix NetScaler through the use of a Cron job and FTP. (See image below).

Read more of this post

[BUG] “Unexpected Response” Access Gateway Enterprise in NetScaler build 9.3-53.5

If you are using Citrix Receiver on iOS or Android to access pulished applications on Citrix Access Gateway Enterprise (NetScaler) do not upgrade to the latest firmware which is 9.3-53.5.

Users will get an “Unexpected Response” on an iOS device when they try to login to a Citrix Access Gateway environment. On Android the error statement is “The Citrix Access Gateway you are connecting to is not configured for this device. Please contact your administrator.”

Read more of this post

Access Gateway: “Corrupted Content Error” when using FF7 or higher

“Corrupted Content Error” when logging on to a Citrix Access Gateway Enterprise/Web Interface for NetScaler with Mozilla Firefox 7 or Higher

I’m not yet sure if this is a Citrix issue or a Firefox issue since this problem occurs with a lot more websites with the new Firefox versions. On Citrix Access Gateway Enterprise it seems to occur when using Citrix Access Gateway Enterprise (NetScaler) and Citrix Web Interface for NetScaler (have not yet tested with Web Interface for Windows). Apparently Firefox does not like the fact that either the header Content-Length and/or Content-Disposition values change when passing from the Access Gateway to the Web Interface.

Firefox says web developers need to change there code, I have submitted a support case with Citrix Tech Support. Will let you know what the outcome will be for those interested.

Read more of this post

Maximum Access Gateway Users Allowed remains at 0 after changing hostname on a Citrix Access Gateway Enterprise

First off I’m not a big fan of changing the default hostname ‘ns’ of a Citrix NetScaler/AGEE, this creates potential problems on moments when you cannot use them. For instance with a situation where you have to rebuild a Citrix Access Gateway Enterprise as soon as possible to restore user productivity as soon as possible.

Citrix NetScaler and Citrix Access Gateway Enterprise are pre-configured with the hostname ns and there really is no reason to change this. This hostname is not being broadcasted to other machines in any way. So it will not lead to conflicts with other systems on your network.

But offcourse there will always be customers who want the hostnames altered no matter what! Today I had run into a little problem with a customer who has changed the default ns name to an alternate hostname.

Read more of this post

OWA 2010 freezes in Citrix Access Gateway portal page

Within Citrix Access Gateway you can configure the E-mail tab to point to your Microsoft Exchange Outlook Web Access page so that your users can go to their webbased mail from within the Citrix Access Gateway portal page.

Officially Citrix does not support the integration of OWA 2010 within the Citrix portal page, and if I’m not mistaken OWA 2007 isn’t officialy supported either. Although you can get OWA 2007 to work within the Access Gateway portal page without much effort.

OWA 2010 is a little bit different, Microsoft changed the OWA backend to a heavier interface (Premium) in which there are more possibilities. OWA 2010 also still has the Light version (formerly known as Basic) for the older Web browsers like Internet Explorer 6.

Read more of this post