Citrix CloudGateway Enterprise

Citrix AppController initial wizard:

Communication Failure

Check the account used for AD lookup is valid.

The Administrator’s email address does not exist in AD:

http://forums.citrix.com/thread.jspa?threadID=323507

Make sure the administrator account in AD has a first & last name. In other words, don’t use the domain Administrator account. Create another account.
Currently, I don’t have Exchange configured on my domain.  Just populated AD email address with a valid email for my public domain (different to internal AD domain, however the public FQDN is the same). Email is hosted by my domain provider and I used the SMTP settings in the AppController wizard from my hosting co.

Domains:

user1@walker.uk.com (Admin email address configured in AD)
user2@walker.uk.com (user2’s email address configured in AD)
https://ns-agee.myADdomain.com (publicly accessible from the Internet).
https://cloudgatewayserver.myADdomain.com (not publically accessible)
myADdomain.com (Active Directory domain name)

AppController SSL Certificates.

Using Active Directory as the Certificate Authority (CA) 

  1. In the AppController (AC) configuration page, click Certificates.
  2. Click New…
  3. Select 2048
  4. Enter a common name. The FQDN of your AC server / appliance. Using the example above, mine is cgac01.myADdomain.com.
  5. Complete the other information and click save.
  6. Copy the contents of the CSR.
  7. Connect to your AD domain controller running Certificate Authority services.
  8. Browse to https://localhost/certsrv.
  9. Click Request a certificate.
  10. Click advanced certificate request
  11. Click Submit a certificate request by using a base-64-encoded CMC or PKCS…
  12. Paste the CSR into the Saved Request text box.
  13. Select Web Server from the template drop-down*.
  14. Click Submit
  15. Select Base 64 encoded.
  16. Click Download certificate.
  17. Save as something meaningful: server-Base64.cer
  18. Click Download certificate chain.
  19. Save as something meaningful: chain-Base64.p7b
  20. Return to the AC.
  21. Click Import and select Server (.pfx)
  22. Browse to the location of server-Base64.cer and click OK, OK. (No password required)
  23. Click Import and select Trust (.pem)
  24. Browse to chain-Base64.p7b.
  25. Select server certificate and click Make Active.

That’s the certificate chain complete. Two certificate with a Description of “(imported)” and Type of Server and Trusted should exist in the list.



AppController

Page 47 of the Citrix CloudGateway Enterprise POC.
When trying to activate and “install” the receiverconfig.cr file (on Windows, not Apple Mac), you get the following error:

“Cannot process provisioning file
Please contact your help desk with the following information:
SSL certificate was issued for a different name than the Update Server.
Cannot validate SSL”

It appears that the step to update the App Controller’s hostname was missed (Unless I’m blind). To fix:

  1. Log on to AppController (https://{AC-Hostname.int.domain.com}:4443.
  2. Click Settings tab.
  3. From the left menu, select Network Connectivity.
  4. Click the Edit link (next to the words “Network Connectivity”).
  5. Change the host name to match that of the one used in your SSL certificate. {AC-Hostname.int.domain}.
  6. Click Save.

Please feel free to leave a comment...