Citrix Remote Access?
Has anyone had any experience setting up remote access from a Mac to a Citrix MetaFrame Server? My wife?s company IT specialist told us that it can?t be done. I found this a bit surprising since the very essence of the Citrix MetaFrame access system is to allow connections from a wide range of clients, specifically including Mac clients. Citrix makes their client software for the Mac and provides detailed instructions on access.
There do seem to be issues with a web-initiated connection session to the Citrix MetaFrame I.e., Citrix may not allow a session on a Mac - through the native Citrox OS X client software - to be initiated by logging in through a company website. Instead, my understanding is that Citrix sessions on a Mac are initiated from the Mac desktop directly from the Citrix Client software by creating a connection file - specifying server location and network protocol - and then launching the connection file through the Mac Citrix Client software.
I pointed out this option to the IT specialist. Now, however, he responds that the problem is not Citrix. Now he says:
Does anyone know if this is true? This IT guy does not know Macs and has no interest in getting them to work. Having initially told us that Citrix was the problem, he is now changing his story and pointing at the Fusion server. I am not sure that I trust his advice. Is it impossible to route through the Fusion server as a Mac client? Even if it is, it is not possible to bypass the Fusion server and connect directly to the Citrix MetaFrame through the method I suggested above (i.e., don?t go through web access, but through launching a Citrix session directly from my desktop)?
I realize that this may be a bit esoteric for these forums, but I would really like to find a solution that would teach this IT ?XP specialist? something, rather than buying another computer - a PC ? as he suggests.
There do seem to be issues with a web-initiated connection session to the Citrix MetaFrame I.e., Citrix may not allow a session on a Mac - through the native Citrox OS X client software - to be initiated by logging in through a company website. Instead, my understanding is that Citrix sessions on a Mac are initiated from the Mac desktop directly from the Citrix Client software by creating a connection file - specifying server location and network protocol - and then launching the connection file through the Mac Citrix Client software.
I pointed out this option to the IT specialist. Now, however, he responds that the problem is not Citrix. Now he says:
Quote:
While it is true that Citrix Metaframe supports Mac clients, Our remote access clients do not interact directly with the Citrix server. Our remote access clients first go through a Fusion server, which acts as a gateway to our network which provides our clients web access. This is the part that does not support Mac clients.
While it is true that Citrix Metaframe supports Mac clients, Our remote access clients do not interact directly with the Citrix server. Our remote access clients first go through a Fusion server, which acts as a gateway to our network which provides our clients web access. This is the part that does not support Mac clients.
Does anyone know if this is true? This IT guy does not know Macs and has no interest in getting them to work. Having initially told us that Citrix was the problem, he is now changing his story and pointing at the Fusion server. I am not sure that I trust his advice. Is it impossible to route through the Fusion server as a Mac client? Even if it is, it is not possible to bypass the Fusion server and connect directly to the Citrix MetaFrame through the method I suggested above (i.e., don?t go through web access, but through launching a Citrix session directly from my desktop)?
I realize that this may be a bit esoteric for these forums, but I would really like to find a solution that would teach this IT ?XP specialist? something, rather than buying another computer - a PC ? as he suggests.
Comments
I have no idea about going through a 'Fusion' server - in all honesty I don't know what that is. If the IT guy is worth his snuff, and he has routed things through a proxy server before getting to the MetaFrame Server, then I would think you shouldn't be able to bypass it. But who knows... You could give it a shot ( I imagine the Mac client install is free).
Originally posted by The Pie Man
I recently set up my girlfriend with access to her company's Citrix MetaFrame Server - using the Citrix Software that you mentioned. You are correct in my case - I used the software to configure a default 'session' which contains all the information needed to make the connection. It saves this as a file on your machine (which I aliased to the desktop since she is on there all the time) and you simply double click that to start the session. Works like a champ - she can even print remote documents on the printer here which for some reason surprised me.
I have no idea about going through a 'Fusion' server - in all honesty I don't know what that is. If the IT guy is worth his snuff, and he has routed things through a proxy server before getting to the MetaFrame Server, then I would think you shouldn't be able to bypass it. But who knows... You could give it a shot ( I imagine the Mac client install is free).
Thanks for the reply. I don't know what a "Fusion" server is either (perhaps he means a server deploying Macromedia "ColdFusion", about which I know very little). But given that he originally pointed his finger at Citrix/Mac incompatibility - and was clearly wrong about that - I don't want to take his word about the inability of a Mac client to route through the "Fusion" server.
With regard to the alternative of a direct connection to the Citrix MetaFrame, I would not be suggesting bypassing the proxy without the knowledge/permission/help of the IT department. Rather, providing that they agree, is there a way to bypass the proxy? Keep in mind that I don?t care about getting access through the company?s website: I would want access through the Citrix OS X Client software directly from my desktop.
get it here
we have mostly PCs here in our hospital, and all the IT humunoids are PC heads...but even they tell me citrix and the hospital system will work fine with any mac
g
Originally posted by thegelding
shouldn't be a problem...
get it here
we have mostly PCs here in our hospital, and all the IT humunoids are PC heads...but even they tell me citrix and the hospital system will work fine with any mac
g
Thanks g.
I had, however, already done that. I downloaded the Citrix OS X client last week and installed it. I even recived and correctly-installed (I think) the security certificate from the IT guy, after I convinced him that Citrix could work with a Mac.
I still have had no luck connecting, though, through the company website. Based on my reading of Citrix, however, connecting through a website to a Citrix MetaFrame can be a problem with a Mac. The Citrix Mac guide only talks about connecting from the Mac desktop by configuring the Citrix client file with the correct server address and network protocol and then lauching directly from the Citrix OS X software.
Now the IT-head tells me the problem is the "Fusion" (proxy?)server - as described above- through which their remote clients have to route, from the web, to get to the Citrix server. I don't fully understand what he means and I have no idea about Mac compatibility with "Fusion". In any case, what I really want to do is route directly to the MetaFrame, as noted, not use the web access.
there are 3 ways you can connect
1. directly to the server using the native OS X Citrix ICA Client (available for free from www.citrix.com/download ) - the only limitation is you need to know the IP or the name of the server to point the client software at...
2. Via Web Interface for MetaFrame which is a browser based interface that generates an .ica configuration file (looks like the application's icon) which once clicked on in the web browser gets opened in the OS X ICA client and which uses the settings defined in the file to connect to MetaFrame (sort of like a .rm file for RealPlayer)
3. Via Web Interface for MetaFrame but instead of using the OS X native client you can use the Citrix ICA Java client which is essentially the same as the native client only its written in Java and is downloaded from the Web Interface web server as a Java applet (very easy and hassle free)
I have never heard about a fusion server and I don't have a clue whats that all about...
Hope this helps - feel free to ask whatever else...
Now the IT-head tells me the problem is the "Fusion" (proxy?)server - as described above- through which their remote clients have to route, from the web, to get to the Citrix server.
In which case NO client will be able to connect from outside the company LAN nothing to do with being a Mac specifically - TCP-IP routing with Macs is identical to what it is with UNIX or Windows boxen....
You sure the IT nonts doesn't mean they use some VPN setup which does not have a Mac client?
I don't fully understand what he means and I have no idea about Mac compatibility with "Fusion". In any case, what I really want to do is route directly to the MetaFrame, as noted, not use the web access..
depending on how their corporate network is setup - but i doubt very much that you will be able to route directly to the MF server from the Internet... well at least if their IT people are even remotely competent... since such a setup will be rather insecure even if using SSL on the connection...
Originally posted by rashumon
Amongst other sins I actually work for Citrix R&D and I can clearly tell you that Citrix MetaFrame Presentation server fully supports connections from Mac clients.
there are 3 ways you can connect
1. directly to the server using the native OS X Citrix ICA Client (available for free from www.citrix.com/download ) - the only limitation is you need to know the IP or the name of the server to point the client software at...
2. Via Web Interface for MetaFrame which is a browser based interface that generates an .ica configuration file (looks like the application's icon) which once clicked on in the web browser gets opened in the OS X ICA client and which uses the settings defined in the file to connect to MetaFrame (sort of like a .rm file for RealPlayer)
3. Via Web Interface for MetaFrame but instead of using the OS X native client you can use the Citrix ICA Java client which is essentially the same as the native client only its written in Java and is downloaded from the Web Interface web server as a Java applet (very easy and hassle free)
I have never heard about a fusion server and I don't have a clue whats that all about...
Hope this helps - feel free to ask whatever else...
Hello rashumon. Wow. I did not expect to get information directly from a Citrix'er.
Method 1. is what I would like to try, if only the IT guy would give me the necessary connection (server address and protocol) information. This is the method that is set out in the Citrix OS X Client software guide. The IT guy is, however, stuck on connecting through his company website, and will not consider that it is possible to connect any other way (even though I sent him a copy of the Citrix OS X Client guide).
Method 2. is what I have actually tried so far, but with no luck. As I said, however, my reading of the Citrix forums seems to indicate some issues with connection with a web interface using a Mac. For example, I read the following on the Citrix forums (apparently posted by a Citrix representative):
There's no such thing as a web client for Macs, but you could use the Java client instead of the Mac client if you like. This would be configured on the Web Interface server.
[...]
It is impossible for a web server to detect whether the ICA Client (or any software) is installed on MacOS X. The only operating system where this is possible is 32-bit Windows. For all other client operating systems, there is no registry of installed programs to inspect...
I am not sure that this is the full story, because there seems to be other, contradictory, advice also on the Citrix forums. Maybe it is possible to do it via Method 2, but I have not yet had any luck.
Method 3. is something that I also read about in the forums - and I even downloaded the Citrix Java Client guide to read. I suppose that Java would be a workable 'generic' solution, but the installation - according to the guide - appears to be a bit daunting. I think that I could do it on my machine, but the real problem is that it also seems to require the IT guy to make some alterations to the server to accomodate a Java solution, which he may or may not be capable of or willing to do (my interaction with him so far not been very good).
Originally posted by rashumon
In which case NO client will be able to connect from outside the company LAN nothing to do with being a Mac specifically - TCP-IP routing with Macs is identical to what it is with UNIX or Windows boxen....
You sure the IT nonts doesn't mean they use some VPN setup which does not have a Mac client?
I am not sure that the IT guy knows what he is doing or what he is talking about. This was a guy who was not capable of getting a remote Tarantella solution working propoerly even for Windows clients before moving on to his current Citrix efforts. Now I supose that Tarantella may have its challanges, but he should have been able to do better with it. This is also a guy who cannot prevent the e-mail inboxes of this particlar branch of my wife's employer - a large and prestigous company - from being completely clogged with unsolicited p*rn and other junk mail. I know that the filters are not perfect, but surely the company should have the IT capability to do better. This is also a guy who told my wife that Citrix was not compatible with Macs, when a quick glance at the Citrix website could have told anyone differently. I just don't know if I can trust his advice about anything.
depending on how their corporate network is setup - but i doubt very much that you will be able to route directly to the MF server from the Internet... well at least if their IT people are even remotely competent... since such a setup will be rather insecure even if using SSL on the connection...
But is not routing directly to the MF server what I would be doing under Method 1, discussed in my previous post? I am a bit confused here (but at least I have the defence of not being an IT expert
Just one more important bit of clarification here: when I have tried to log in through the company website (Method 2), I have been able to get as far as what is - I assume - the MF virtual desktop: the screen shows the available application icons and the http address includes "metaframe". However, the problem arrives when I try to click on one of the applications: a Citrix .asp icon appears on my Mac desktop (good), but when the Citrix OS X Client software tries to launch, I get the error message: ?The identity certificate received is not trusted (SSL error 61)?. This is despite the fact that the IT guy sent me a security certificate and I am pretty certain that I have installed it in the correct folder in the Mac (following the Citrix instructions - in the "Citrix ICA Client\\ keystore\\cacerts" folder).
Now I suppose that this could be a certificate problem, but I am not assuming that it necessaily is the certificate because the troubleshooting on the Citrix forums seems to indicate that this error message can also be a result of other problems, such as the possible basic problem of connecting to a MF server from a Mac through the web (perhaps because, as indicated by the Citrix rep, the MF cannot detect the installed files) rather than connecting through Method 2.
It's late here - and I remain confused. Off to bed.
Hello rashumon. Wow. I did not expect to get information directly from a Citrix'er.
Its actually a Citrite
Try to give me some answeres to the following questions and we'll take it from there:
1. what is the exact URL that the web browser shows for the WI login page and the WI applications page? is it HTTPS or HTTP?
Should be something like:
http://<machine name or IP>/MetaFrameXP/WebInterface/login.asp
you would probably not want to post the <machine name> section here for security reasons feel free to deprecate it. its the rest of the URL that i care about...
2. When you get to the WI application icons page do you get a settings button? it should show up in the top of the application icons frame if you do then click on it:
3. in the settings page - do you get a Launch client or ( could also be called embedded client) selection drop down menu? if you do check if there's a Java client in that list - select it and then go back to the applications page and try launching an application - what happens now?
4. if the above does not work - or if there isn't a launch/embedded client section in the settings page click on any of the application icons and open the .asp file that was saved on the desktop in text edit - you will see an Address=<IP address> parameter section - launch terminal and try pinging that IP address - what happens?
5. What Mac browser are you using for this? (i.e. Safari, IE, Mozilla etc..?)
6. When you double click the certificate the IT guy gave you and select 'View Certificate' what are the:
Expiry date:
Type:
Key Usage:
7. you might want to just past the entire contents of the .asp file from the web interface here for me to have a look - only make sure you deprecate all IP addresses or URL's for obvious security reasons....
Chinney
1. what is the exact URL that the web browser shows for the WI login page and the WI applications page? is it HTTPS or HTTP?
Should be something like:
http://<machine name or IP>/MetaFrameXP/WebInterface/login.asp?
For the login page it is:
https://<company web site>/Citrix/MetaFrameXP/default/login.asp
For the applications page it is:
https://<company web site>/Citrix/MetaFrameXP/default/frameset.asp
One thing I should clarify, when I get through to these MetaFrame websites, the .asp file has not yet appeared on my desktop. It only appears after I click on one of the applications on the applications page, after which the .asp file launches, using my installed Citrix OS X client software, and I get the error message: ?The identity certificate received is not trusted (SSL error 61)?.
2. When you get to the WI application icons page do you get a settings button? It should show up in the top of the application icons frame if you do then click on it:
Yes, a settings button does appear.
3. in the settings page - do you get a Launch client or ( could also be called embedded client) selection drop down menu? if you do check if there's a Java client in that list - select it and then go back to the applications page and try launching an application - what happens now?
No, there is no ?Launch client? or ?Embedded client? drop down menu. The only menus that I get are the following:
Presentation Preferences
\tRemember folder location
\tShow current folder location
\tUse silent authentication
\tApplication Detail Display:
\t \tIcon
Name
Description
Connection Preferences
\tWindow Size:
\t Standard:
Custom size:
Percent of screen:
4. if the above does not work - or if there isn't a launch/embedded client section in the settings page click on any of the application icons and open the .asp file that was saved on the desktop in text edit - you will see an Address=<IP address> parameter section - launch terminal and try pinging that IP address - what happens?
When I ping the address, I get: ?ping: unknown host?.
I must say, however, the IP address is not even in a format that I have seen before (although I am not an expert in such matters). Rather than "xx.xxx.xx.xx" (all numbers) etc, it is ";xx;xxxxxxxx;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ", where the first two places after the semi-colon are numbers; the next set are letters referring to a city, with a number attached; and the next, long, set are a mixture of apparently random numbers and letters.
5. What Mac browser are you using for this? (i.e. Safari, IE, Mozilla etc..?)
I have tried it in all three of these browsers, with the same result in each. I.e., I ultimately get the error: ?The identity certificate received is not trusted (SSL error 61)?.
6. When you double click the certificate the IT guy gave you and select 'View Certificate' what are the:
Expiry date: Wednesday 06 October 2004 9:17:19 AM
Type: X.509 v3 certificate
Key Usage: Encrypt, Verify, Wrap
7. you might want to just past the entire contents of the .asp file from the web interface here for me to have a look - only make sure you deprecate all IP addresses or URL's for obvious security reasons....
I'll PM you on on this.