Problem:

Recently I have been tring to connect iPads to our Citrix Farm via a Citrix Access Gateway VPX and had a far bit of trouble.

I could connect fine from a Windows XP computer over the Internet using either the Online Plugin client or by going to the web page however when I tried on the iPad I got my list of available application but when I tried to open one I got a nice “Please Wait” whirly message and 20 seconds later I was bombed out back to the application list.

Cause:

After a couple of days of banging my head against the iPad I worked out the problem was with the STA’s (Secure Ticket Authority)

Our XenApp’s Servers live on top of VMWare vSphere and were deployed from a shared template, in effect they were ghost images and although they had been sysprepped all of the server STA unique identifiers were the same.

I found this out in Citrix Access Gateway under Applications and Desktops => Secure Ticket Authority, I don’t know why I had not noticed before but my STA’s all had the same identifier.

Resolution:

– On each of the XenApp servers open C:\Program Files\Citrix\System32\CtxSta.config
– Change UID=STA************* to a unique value for each server, I would use the same number of characters
– Save the file
– Restart the Citrix XML Service on each server
– In Citrix Access Gateway remove all of the configured STA and reboot
– Once Citrix Access Gateway is back up add the STA back in
– After a couple of minuets check that the STA servers have a unique identifier

Other cause of the “Please Wait” message:

In my travels I would a few possible causes, none of which were the issue for me but they may help.

– Make sure the list of STA servers on your Web Interface Server match what is in your Citrix Access Gateway
– Make sure your SSL certificate is good and the root certificate is trusted by the iPad
– To be able to use a XenServices site with an iPad your Citrix Access Gateway needs to be at 5.0.2 (or I guess higher)
– You need to be using Web Interface 5.x (or higher)
– Make sure your Web Interface sites are set to authenticate at Web Interface, you only get the option when you first create the site
– Make sure your web Interface site secure access is set to Gateway Direct and the server access points to the outside address of you Citrix Access Gateway.
– Make sure there are no firewalls stopping you CAG internal interface from getting to our XenApp server via ica (1494) and session reliability (2598)
– Make sure on CAG under Applications and Desktop => XenApp or XenDesktops you have allowed ica and session reliability to your XenApp servers
– Try enabling STA logging on your servers as per here http://support.citrix.com/article/CTX120589