Environment
Situation
Resolution
Create an accelerator for the Nfuse server:
- Enable the accelerator.
- Add a name for the Nfuse accelerator.
- Add a DNS name for the accelerator.
- Select either "Forward host name sent by browser to the web server" or "Alternate host name" (this should be the DNS name that the backend Citrix server is expecting).
- Enable authentication and pick an authentication profile.
- Add the Citrix NFuse server IP under "Web server addresses" and the correct port for the backend Citrix NFuse server (usually port 80).
- Check the IP that will be used for the accelerator under"Accelerator IP addresses" and specify the listening port for the accelerator (usually port 80).
- Enable Secure Exchange (optional step).
- Click "OK" button and then click on "Apply" button.
Create an accelerator to tunnel the ICA traffic to the MetaFrame
server:
- Enable the accelerator.
- Add a name for the accelerator.
- Add the DNS name for the accelerator (you can use the same DNS name as the Nfuse accelerator or a different DNS name).
- Select either "Forward host name sent by browser to the web server" or "Alternate host name" (this should be the DNS name that the backend Citrix server is expecting).
- Make sure that "Enable Authentication" is NOT enabled.
- Add the Citrix MetaFrame server IP (or if you have a farm all the server IP addresses) under "Web server addresses" and the correct port for the backend Citrix MetaFrame server (usually port 1494).
- Check the IP that will be used for the accelerator under"Accelerator IP addresses" and specify the listening port (you'll either need to specify a different Accelerator IP address or if you use the same accelerator IP address specified for the Nfuse Accelerator you will need to use a different port like port 81).
- Click "OK" button and then click on "Apply" button.
- Go to the iChain command line interface and type:
"set acceleratortunnelauthforica=yes", hit enter, then type "apply" and hit enter.
Add protected resources:
- Open ConsoleOne, open the ISO (iChain Service Object) and click on the "Protected Resources" tab.
- Add the protected resources for the Nfuse accelerator and for the MetaFrame accelerator (nfuse.citrix.com/*, mf.citrix.com/*). Set as restricted or secure (if secure make sure ACL object is properly configured.)
Citrix Server Settings:
- On the Presentation Server Console: Go to properties of the farm (right-click on the farm) and disable session reliability (if not disabled it will show up in the ICA file as CGPAddress=*2598).
- On the Citrix Web Interface Console (found under management consoles) go to client side proxy setting and change it from Auto to Client defined (use client proxy settings).
Formfill
Policies:
through NFuse -->
[WFClient]
[WFClient]
ProxyHost = mf.citrix.com:80
ICHAIN-TOKEN = 30
ProxyType=None
ProxyType=Secure
Address=172.16.10.1
Address=mf.citrix.com
through NFuse -->
Example of a rewritten ICA file:
[Encoding]
InputEncoding=ISO8859_1
[WFClient]
ProxyHost =mf.citrix.com:80
ProxyType=Secure
ProxyUsername=9e77acb2a87c46078df500f9
ProxyPassword=209384b517e42ce96db301e38d6349dfa8bc8ab2
Version=2
ClientName=WI_N97t_PYPiUHqx3zi
TransportReconnectEnabled=On
RemoveICAFile=yes
ProxyTimeout=30000
[ApplicationServers]
Notepad=
[Notepad]
Address=mf.citrix.com:1494
InitialProgram=#Notepad
LongCommandLine=
DesiredColor=2
Launcher=WI
TransportDriver=TCP/IP
WinStationDriver=ICA 3.0
ProxyTimeout=30000
AutologonAllowed=ON
Username=Administrator
Domain=\3D68CB1E6DA7EF02
ClearPassword=308B0262FDC7DE
ClientAudio=On
DesiredHRES=640
DesiredVRES=480
TWIMode=On
SessionsharingKey=2-basic-basic-CITRIX-Administrator-TestFarm
[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll
[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll
[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll
[EncRC5-128]
DriverNameWin16=pdc128w.dll
DriverNameWin32=pdc128n.dll
[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll