Access

CTX-Blog

powered by Ecki's Place

March 24, 2009

AAC and IE 8.0

Some days ago, Microsoft officialy released IE 8.0. Since IE 8.0 will be available trough Windows Update soon, more and more users will hit existing AAC deployments with this browser. Unfortunately this is not working as expected. This is, how an AAC portal page looks like in IE 8.0 with default settings:

Portal
OWA

The layout is crushed, links are missing and OWA is nearly unusable 🙁

A small change in the file C:\Inetpub\wwwroot\CitrixSessionInit\NUI.aspx solves the display issue by forcing IE 8.0 into IE 7.0 compatibility mode.

It is sufficient to add the following line in the header of the NUI.aspx file:

<meta http-equiv=”X-UA-Compatible” content=”IE=EmulateIE7″ />

Your header might look like this after the change:

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Citrix Access Gateway</title>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1" />
<meta name="CODE_LANGUAGE" content="C#" />
<meta name="vs_defaultClientScript" content="JavaScript" />
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5" />
<link rel="SHORTCUT ICON" href="themes/default/images/favicon.ico" type="image/vnd.microsoft.icon" />
<base id="baseElement" href="" runat="server" />
<link id="cssElement" rel="stylesheet" href="" runat="server" />
<!--[if IE]>
<style type="text/css">

Immediately your portal is rendered again as it should be 🙂

Portal
OWA

This is not a final solution for the problem, but until Citrix releases a fix for this issue it will do…

Regards
Ecki

July 29, 2008

Update – AAC tuning, part 4

I had to upgrade the document, because a customer wanted to set the color of the bar to a dark blue. The caption inside the bar could not be read anymore after this change, so we had to change the color of the caption to white. This way we got the contrast needed back. How to do that is added to the document now.

The howto is written in german. A translation into english is not available at the moment. Since the pdf utilizes a lot of pictures, you might be able to understand it anyway. As soon as i find the time, i will provide a translated version. Until then, you can download the german version here: AAC4_5_CustomizeLogonPoint_Rev1.1_DE.pdf

Regards
Ecki

July 12, 2008

AAC tuning, part 4

To adjust the look of an AAC LogonPoint at the CI of a company is not as easy as it is with a Citrix Web Interface deployment. In the following PDF i will show you a way to get there anyway.

The howto is written in german. A translation into english is not available at the moment. Since the pdf utilizes a lot of pictures, you might be able to understand it anyway. As soon as i find the time, i will provide a translated version. Until then, you can download the german version here: AAC4_5_CustomizeLogonPoint_Rev1.1_DE.pdf

This is, what your LogonPoint could look like after reading this document:
Angepasster LogonPoint - LoginAngepasster LogonPoint - Portal

Additional documentation about customizing an AAC LogonPoint can be found here:

  • Basic Customization of the Advanced Access Control 4.x Logon Point
  • How to Customize the Default View for Web Interface 4.6 When it is Embedded in Access Gateway Advanced Edition
  • And here you can find a currently very interesting article about AAC and FireFox 3.0:

  • Access Interface Appears Incorrectly with Firefox 3.0
  • Regards
    Ecki

    May 7, 2008

    AAC hotfix AAC450W003 and CAG hotfix 4.5.7 available

    A few days ago, Citrix released the hotfixes AAC450W003 and hotfix AG2000_v457. Beside a couple of bug fixes, there are some really interesting things in these releases:

    Hotfix AAC450W003 invalidates some parts of my last posting in “AAC tuning, part 3”. A couple of months ago, i asked Citrix to allow customers to change the caption of the RADIUS input box on the logon page. In my last article i showed a way to change the caption easily for RSA and SafeWord deployments and pointed out a way to change the text with a little script in case of another RADIUS solution. However this solution had some unwanted side effects and so i’m glad that Citrix came up with a solution for all deployments. The procedure described in the first section of “AAC tuning, part 3” stays valid but is now applicable for all RADIUS deployments too, given you installed hotfix AAC450W003 correctly.

    Vista is now supported with AAC 4.5, but it is still beta. This means, that you are now able to check Vista clients through EPA-scans, provided by Citrix. My first tests have been successfull. CAUTION: If you use EPA-scans from EPAFactory/Accario you have to wait for an update from Accario to support AAC 4.5 HF03. This should be available around the 20th of Mai.

    The list of supported AV scanner and personal firewalls has become a little longer. McAfee 8.5i, Symantec AVE 10.0, Symantec Endpoint Protection 11.0 and Trend Micro 8.0 are now officially supported at last.

    The download and readme for AAC can be found here: CTX117123, AAC45W003

    The download and readme for CAG 4.5.7 can be found here: CTX117123, Hotfix AG2000_v457

    Regards
    Ecki

    December 15, 2007

    AAC tuning, part 3

    Two Factor Authentication with RSA, SafeWord or any other third party RADIUS solution is a common way to authenticate in a secure manner to an AAC deployment. AAC however labels the input box for the OTP (One Time Password) fix with the text “SecurID-PASSCODE”, “SafeWord CODE:” oder generic with “RADIUS Password”.

    Endusers however know their OTP solution most of the time with other names, the name of the RADIUS solution provider for example. This can lead to confusion during the login process.

    This problem is easily solved for RSA SecureID and SafeWord. A solution for RADIUS is described further down. As in part 1 and 2, the solution can be found in the “web.config” file in the root of the respective LogonPoint directory.

    On a standard AAC server this is presumably:

    C:\Inetpub\wwwroot\CitrixLogonPoint\#LogonPointName#

    There is an other version of this file in the “C:\Inetpub\wwwroot\CitrixLogonPoint\” directory which should stay untouched !

    This file can be opened and edited with any editor like the Windows NotePad. In the last third of the file you can find a section <appSettings>, which gives you some interesting possibilities. Among other things you can configure the lables for the OTP field, so that it displays a text your users expect. All it needs, is to change the following line below the <appSettings> section:

    <add key=”SecondaryAuthenticationPromptOverride” value=”Password:” />
    and
    <add key=”SecondaryAuthenticationToolTipOverride” value=”Enter Password” />

    Where “Password:” stands for the text to be displayed as lable and “Enter Password” stands for the text, displayed as tool tip.

    The section should look like this afterwards:

    <appSettings>
    <add key="DebugConsoleTrace" value="False" />
    <add key="AdvancedGatewayClientDownloadUrl" value="http://www.citrix.com" />
    <add key="AdvancedGatewayClientActivationDelay" value="10" />
    <add key="MaxConnectionsToAuthenticationService" value="20" />
    <add key="LogonPointId" value="00000000-0000-0000-0000-000000000000" />
    <add key="DeployedBy" value="LACONFIG" />
    <add key="ExtendedSecurIdFunctionalityEnabled" value="true" />
    <add key="SecondaryAuthenticationPromptOverride" value="SafeWord PIN + Zahlencode:" />
    <add key="SecondaryAuthenticationToolTipOverride" value="PIN und Zahlencode eingeben" />
    <!- -

    After saving the changes, a user calling this manipulated LogonPoint should now see the new lable.

    This method unfortunately works only for RSA SecureID and SafeWord. The text displayed, when using a third party RADIUS solution is hard coded and not that easy to manipulate. There is a pending feature request at Citrix, but it isn’t clear, when a solution will be publicly available.

    At last I found a very good work-around in the Citrix AAC Forum, published by Joel Donaldson. A simple manipulation of the BasePage.aspx file of the respective LogonPoint solves the problem in an elegant way.

    With an english LogonPoint it is sufficient, to add the following paragraph before the </body> tag:

    <script type="text/javascript" language="JavaScript">
    document.body.innerHTML=document.body.innerHTML.replace("RADIUS Password:","Kobil Einmalpasswort:");
    </script>

    The result will look like this:
    Loginprompt nach der Manipulation

    If you want to support german LogonPoints also, you need another code block that respects the german notation:

    <script type="text/javascript" language="JavaScript">
    document.body.innerHTML=document.body.innerHTML.replace("RADIUS-Kennwort:","Kobil Einmalpasswort:");
    </script>

    Other languages can be added easily this way.

    If someone is asking itself why this works, this short explanation may help. The script code is looking for the string “RADIUS Password:” in the delivered web page and replaces it with the second parameter of the function “document.body.innerHTML.replace”, in our example “Kobil OTP:”.

    Attention, this works only, if JavaScript is enabled in the browser. If JavaScript is disabled, the original text “RADIUS Password:” is displayed. This modification shouldn’t have any other side effects.

    < < AAC tuning, part 2

    !!! Please read the first comment to this post !!!

    Regards
    Ecki

    July 21, 2007

    Web Interface 4.6 for Windows available

    Yesterday Citrix released the new Web Interface 4.6 for Windows. This version is mandatory for several new features and enhancements introduced with the Rollup Pack 01 for Presentation Server 4.5.

    Before installing Web Interface 4.6 you have to update your AMC (Access Management Console for Presentation Server 4.5) first. The new console snap-ins must be present before the new features can be installed successfully. The new AMC can be downloded here.

    The download of Web Interface 4.6 and aditional informations can be found here.

    Regards
    Ecki

    First Hotfix Rollup Pack for Presentation Server 4.5 available

    On July 19th Citrix released the first Hotfix Rollup Pack for Citrix Presentation Server 4.5. This update comprises a couple of new features and options. Beside others, the main improvements are IMHO the following issues:

    • Microsoft Windows Vista/Office 2007 Compatibility Updates
    • Enhanced (16-, 32-, and 48-bit) Icon Support
    • Microsoft Office Live Preview Support

    To get the fulll benefit of these compatibilityupdates, you must also deploy Version 10.100 or later of the Presentation ServerClient.

    The download and aditional informations can be found here.

    Regards
    Ecki

    April 23, 2007

    Citrix Application Streaming FAQ

    The following article by Citrix Support represents a FAQ for the Application Streaming feature in Citrix Presentation Server 4.5. This article isn’t static, but will be updated periodicaly. So remember to come back.

    Regards
    Ecki

    March 13, 2007

    PNAgent Filter for Web Interface 4.5

    Most of you will know the Web Interface addons and modifications from Thomas Kötzing. I use them myself quite often in customer projects. Until now, a badly needed modification was available only for WI 4.2. I am talking about the

    Program Neigborhood Agent Filter

    This modification gives an administrator the power to hide Published Applications from the user. The only thing he has to do is adding a “#” sign in front of the application description. Very handy, if you use PNAgent to populate the Desktop and Start Menu and do not want the published Desktop to appear in the context menu of the PNAgent in the taskbar.

    Because i needed this modification for a customer, i adapted the code of the existing modification for WI 4.5 and invite everyone interested in this modification to download it.

    Download FilterApps4.5

    Regards
    Ecki

    March 4, 2007

    High availability with PS 4.5

    Sorry, this post is not available in English

    Regards
    Ecki