How to Fix Java issues with Citrix Netscaler GUI

We have all encountered the dreaded Java error when trying to connect to the Citrix Netscaler GUI.  In this post I would like to walk through the steps of resolving those Java error messages. There are a few technical articles that TRY to walk you through the process of troubleshooting this issue, but I have found the method that I use to be the most successful.  For me this is one of the most frustrating error messages, as I am constantly working in different versions of Java, Netscaler firmware or browser.

For starters, lets go ahead and uninstall any version of Java you currently have installed.  Most versions of Netscaler 10.1 and above will support the most recent version of Java.  You can download the most recent version Here.  For this exercise, we are going to assume you are using chrome, Firefox or IE.  In my experience, I have had the most success with the Netscaler GUI and the Chrome browser.

After you have successfully installed Java and went through the confirmation process go ahead and browse to your java configuration applet or go to control panel > Java (32bit).

Once the Java Control Panel pops up, click on the Settings button.

You will now be redirected to the Temporary Internet files dialog.  First, click on the “Delete Files” button

One the “Delete Files and Applications” box appears, UNCHECK all of the checkboxes and click OK.

Before clicking out of the Temporary Internet files dialog, make sure to uncheck ” Keep Temporary files on my computer” and click OK.  Having all of these temporary files are one of the main causes for applet corruption.

That last set of steps will clear out all the previously downloaded temporary applets, cookies and certificates you currently have in your configuration.  If you are launching java for the first time after the new install this might be a moot point, but I do it anyway 🙂

Now, stay in the Java Control Panel and at the top, click on the “Security” Tab.  Inside of that tab, click on “Edit Site List” at the bottom.

Once you have clicked on Edit Site list, Click on Add.  Here you will be able to add the Netscaler access gateway FQDN as an exception.  Only add websites here that you know you can trust their certificate.

After you click add you will notice a text box appear in the same window.  Go ahead and add your Netscaler FQDN into that field and click OK  example:  Https://yournetscaler.yourdomain.com

After clicking OK, you will notice your Netscaler FQDN is now in the exceptions list.  Click Ok to exit the Java Control panel and relaunch your browser to test.

 

This article applies to Netscaler versions 9.3, 10.0, 10.1

Let me know how it goes.  Add your comments below!

 

 

Kevin B. Ottomeyer @OttoKnowsBest

 

 

Configuring Citrix Storefront Domain Pass-through with Receiver for Windows

I would like to discus the procedure for configuring and implementing Domain Pass-through with Citrix Storefront and Citrix Receiver.

First things first, let’s get a receiver installed on a test machine.

****Note, this machine and all subsequent machines must be a member of the domain that your storefront server is currently attached to in order for the pass-through to work.

Download the Citrix receiver Here

Once downloaded find the path of your download location.  Now, we will need to install the receiver with the single sign on switch as follows:

This will install the receiver, enable and start the single sign-on service on that machine.  After your installation is completed and the machine is rebooted,  log back in to your workstation and double-check to make sure the ssonsvr.exe service was installed and is currently running under services.

Once you have confirmed.  Lets move over to your Storefront server.

Launch the Storefront administration console from the storefront server and on the left side of the console, click on Authentication.

Once authentication is selected move over to the right side of the console screen and under actions > authentication, click on add/remove Methods.

After clicking on Add/Remove Methods, a dialog box should appear with options to select what methods you would like to enable in Storefront.  The second option from the top is, “Domain pass-through”, click on the check box next to that option and click OK.  This will enable Storefront to take the credentials from the ssonsvr service on your workstation and pass them through Storefront and enumerate the app list without authenticating twice.

Depending on your Citrix infrastructure, you might need to propagate the changes to the other Storefront servers in your Server Group.  If you have more than one Storefront server and you do not propagate changes, you might see mixed results in your testing.

To do this, click on “Server Group” on the right side of the console and then on the left side under actions, click on “Propagate Changes”.    This action will replicate all the changes you just made to your authentication policies over to the other Storefront servers in your Server Group.

Now that you have all the configuration pieces in play, reboot the workstation you installed the receiver to and log back in.  Once logged in your should be able to right-click on the receiver and click open.  Receiver will now prompt you for your Storefront FQDN or email address if you have email based discovery enabled.  At this point your application list should enumerate without prompting for credentials. This also goes for the Web portal. Test both to make sure they are passing those credentials through appropriately.

********If your credentials still do not pass through, below are a few troubleshooting steps you can take.  Of course this all depends on how your environment is set up and what access you have to modify certain components in your windows infrastructure.

Modifying local Policy to enable pass-through on the workstation

Apply the icaclient.adm template located in C:\Program Files\Citrix\ICA Client\Configuration to the client device through Local or Domain Group Policy.

Once the adm template is imported, Navigate to Computer Configuration\Administrative Templates\Classic Administrative Templates\Citrix Components\Citrix Receiver\User authentication\, then double-click on the “Local user name and password” setting.

The following box should appear and make sure to select both “Enable pass-through authentication” and “Allow pass-through authentication for all ICA connections”.

Adding Trusted Sites in your browser

On the same workstation you are testing the pass-through.  Open IE and navigate to Tools > Internet Options.  Click on Trusted Sites and add your Storefront FQDN (the same address you entered into the receiver when you set it up.

Also, it wouldn’t hurt to configure pass through in IE.  In The Internet Options Security tab with Trust Sites selected, choose Custom level, security zone. Scroll to the bottom of the list and select Automatic logon with current user name and password.

Configure the NIC provider order

On the workstation you installed the receiver, launch control panel and click on Network Connections, choose Advanced > Advanced Settings > Provider Order tab and move the Citrix Single Sign-on entry to the top of the Network Providers list.

If you are still having problems with the receiver not passing the credentials, leave a comment with your specific issue.

References:

https://www.citrix.com/downloads/citrix-receiver.html

http://support.citrix.com/article/CTX200157

 

 

Kevin B. Ottomeyer @OttoKnowsBest

 

 

 

 

Lewan Synergy of the Rockies

Our Lewan Synergy of the Rockies event was yesterday, here are some highlights and links from the event.

Citrix Support – Premier Support calculator citrix.com/pscalculator. AutoSupport released for automated diagnosis of issues http://support.citrix.com/article/CTX135408

Citrix GotoMeeting – mobile clients have the ability to start and host a meeting as well as present content from the device. Whiteboard functionality is also built in.

Citrix XenServer – XenServer 6.1 released, includes support for Storage XenMotion, LACP (up to 4) support, batch conversion of VMware virtual machines

Citrix XenClient – added support for ultrabooks

Citrix ShareFile– What ShareFile does is: Store, Sync, Share

• Sync and device with user files
• Selective offline access on mobile devices
• Data protection – encryption, lock, remote wipe, poison pill
• Enables file sharing with anyone
• Online file sharing space for virtual teams

With ShareFile Enterprise released, control plane resides at Citrix Online while the data plane can reside inside your datacenter, your data never resides outside. StorageZone Connect (tech preview) allows integration of existing file shares.

Citrix CloudGateway Enterprise – enabled mobile application management of iOS and Android devices, wrapped native app deployment via the Citrix AppController. AppController integrates mobile, web/saas, follow-me-data.

Just announced last week is @WorkWeb and @WorkMail, videos of this solution in action are here.

Citrix Receiver – Citrix Receiver for HTML 5 was released this summer, requires Access Gateway 10 and StoreFront 1.2. Enabled clientless access to Windows apps, Desktops, web and SAAS apps.

One Citrix Receiver look and feel across desktops and mobile platforms. First Time User experience allows setup and configuration with just a users email address.

Citrix RemotePC – Citrix RemotePC was released as part of Citrix XenDesktop 5.6 Feature Pack 1. RemotePC is the secure brokering of a physical endpoint (desktop or laptop) that is in your office (typically) via Citrix HDX technology. Think of it as GotoMyPC but with the centralized control over virtual channels (printing, clipboard, local drives, etc), automated provisioning of PC and end users, and the high performance of Citrix HDX. RemotePC is available in Citrix XenDesktop Enterprise and Platinum and in most cases won’t require any additional Microsoft licensing…as in you won’t need VDA licenses!

Universal Print Server– Combined with the previously available Universal Print Driver, administrators may now install a single driver in the virtual desktop image or application server to permit local or network printing from any device, including thin clients and tablets, leveraging HDX optimization technology to reduce bandwidth load over wide area networks and manage printing communications outside of the virtual desktop channel for enhanced Quality of Service. Use of the Citrix Universal Print Driver had previously been constrained to Windows devices because we relied on Windows to translate from Windows-centric print formats. With UPS, the print engine runs on a server, and we’re no longer limited to printing from Windows devices because the format translation is done on the server. There’s now little or no need to install 3rd party, non-native printer drivers, so overall stability is also improved.

Project Excalibur (XenDesktop v.Next) – Part of Project Avalon. Unification and simplification of XenApp/XenDesktop into a single architecture. XenApp IMA architecture has been around since Metaframe XP and in Project Avalon is being integrated into the Citrix XenDesktop FMA architecture.

Excalibur will also bring support for Windows Server 2012 and Windows 8 machine groups.

Also announced was a new SuperCodec using H.264 encode/decode. With so many devices support H.264 decode via hardware acceleration this could be a fallback encoding method for devices that don’t support offloading the multimedia to the client (ex: AVI, WMV, Flash). With the upcoming vGPU (GPU virtualization) the encoding could also potentially benefit from hardware based encoding. This technology will also support transcoding down high bit-rate video down to adapt to available bandwidth so that you can take 1080p video and transcode down to stream on 3G networks.

You can watch Citrix Synergy Barcelona session SYN133 on CitrixTV which goes thru the Excalibur release.

Excalibur will be available for download as a tech preview on November 1st.

Citrix Netscaler – Citrix Netscaler 10 now support scale-up, scale-in, and scale-out (TriScale) options with new Active-Active-Active-Ac.. scale-out options. Citrix and Cisco also announced a new partnership where Cisco will be selling Citrix Netscaler into their customers who are looking for Application Delivery Controllers as Cisco recently discontinued their ACE product line. Citrix also announced new partnerships with a number of key vendors who will be building joint solutions on their Netscaler product line.