In Access Gateway I have two session policies bound to the Access Gateway Virtual Server.  One session policy is for the Citrix Receiver and the other session policy is for Web Interface ICA/HDX access only.   No issues with connecting to the environment using the Citrix Receiver or Web Interface ICA/HDX access only.  I recently enabled the option to use VPN or Web Interface ICA/HDX access with Client Choices by using AAA Groups with a session policy in Access Gateway for testing.  VPN and Web Interface ICA/HDX access worked fine but I could not logon using the Citrix Receiver.  I tested the Citrix Receiver from the iPad and Android mobile devices.  See the screenshots below for the different errors on each device.

Citrix Receiver error on the iPad.

Citrix Receiver error on Android.

After reviewing my configuration, a session policy conflict was found between the Citrix Receiver session policy bound to the Access Gateway Virtual Server and a session policy bound to an AAA Group.  The session policies both had the same priority of 0.  See the screenshots below for the Access Gateway Virtual Server and AAA Group session policies configurations.

Access Gateway Virtual Server session policies.

Access Gateway AAA Group session policy.

After some configuration changes and testing, there are two ways to fix the issue.  One option is to make the AAA Group session policy a lower priority by giving it a higher priority number than the Access Gateway Virtual Server Citrix Receiver session policy.  The other option is to configure the AAA Group session policy with a policy expression of REQ.HTTP.HEADER User-Agent NOTCONTAINS CitrixReceiver.  See the screenshots below for the AAA Group session policies configuration options.

AAA Group lower priority session policy

AAA Group policy expression session policy

By using either of the options above for the AAA Group session policy, you should now be able to connect using the Citrix Receiver without any errors.  I wish Access Gateway had a resultant set of policy tool like XenApp and XenDesktop has.

XenApp

• A version of XenApp that runs on Windows Server 2008 R2
• One console only, at least for XenApp
• PowerShell SDK for managing XenApp
• Realtime audio/video so that, for example, Microsoft Office Communication Server can be used well
• Migration tool that exports an old farm’s settings and imports them after optional transformation into a new far
• Consistent feature set among the XenApp versions (2003 / 2008 / 2008 R2)
  • Special folder redirection, power management, HDX Flash, etc
• A revamped Installation Manager on Windows 2008
• Report Center in Access Management Console/Delivery Services Console that links to EdgeSight/pull reports from XenApp management console
• XenApp Setup Wizard similar to XenDesktop Setup Wizard
• Integration with hypervisors similar to XenDesktop power on, power off, reboot, etc
• Folder inheritance of published applications in a folder- add a new server to a folder in the console and have applications automatically published on that server that are published to other servers in that folder
• Content redirection/file type association between seamless hosted and seamless streamed applications

Support for XenApp in SCCM (Microsoft System Center Configuration Manager)

• XenApp collections
• Add application hosting information to SCCM package
• Autonomic server load management to allow SCCM software distribution

VM Hosted Apps

• Session sharing (multiple applications per session/VM)
• Real application publishin
• Integration in XenApp management console

XenClient

• Release a first version, if only for enterprise volume laptops initially
• Make it run on any system that supports VT-D and TXT (trusted execution technology)
• Provide a private image mode: copy a VM to a client initially and then sync back differentially by creating snapshots that are stored on a server. A user would “own” a VM in this scenario and could store data and install applications in it, but updates/application installs could not be easily centrally managed.
• Provide a shared image mode: copy a VM to a client initially that is reset to its original state when powering off. Provide a second disk (VHD file) for persistent user data. In this scenario, users could not install applications, since the OS VHD gets reset constantly, but administrators could manage updates to the OS VHD centrally by distributing snapshots containing new applications or patches to the clients. All user data would have to be stored on a second partition.
• Optionally encrypt VHD files on the client (we are talking about laptops)
• Map the GPU to any VM. That way we could use a private VM (with GPU, for games, etc.) and a more secure business VM.
• Run applications from one VM seamlessly in the other VM (over ICA)

XenDesktop

• Make HDX media stream for Flash optionally work in such a way that we do not need internet access in the client’s site. Stream Flash through ICA from the server to the client and only render it on the client.
• PowerShell SDK for managing all aspects for XenDesktop
• Merge the XenDesktop Setup Wizard into the “Create Desktop Group” Wizard
• Windows Server 2008 support

Provisioning Server

• Give us a tool for automating the management/patching of PVS images
• Make it run in one of three modes:
  • Monitoring: Monitor external ESD server to determine if updates have been assigned to a machine
  • Scheduled: Periodically start the VM and allow the machine to update itself
  • Manual: Admin initiates VM start/stop for manually updating
• Give the tool a PowerShell SDK so we can program it
• Easy way to upgrade virtualization tools (VMware Tools, XenTools, etc) and Provisioning Server Target Device of a vDisk
• Provisioning Services Database Replication and or Mirroring

XenServer

• VM-based snapshot and not disk-based snapshot
• Easy way to revert to taken snapshots
• Memory sharing / ballooning / over commitment (for VDI)
• Thin provisioning for block-based storage repositories
• Possibility to separate management and XenMotion network interface
• Advanced template management
  • Integration of Sysprep, possibility to change hostname, ip, etc
• Administrative Delegation
• Wake On LAN of XenServer VMs
• Move VMs/VDIs to storage repository without having to turn off VM and copy – Storage XenMotion

Workflow Studio

• More development/example workflows
• More integration with Citrix products – XenDesktop, etc

Various

• Release Branch Repeater as a virtual appliance. Better make it available for all three important hypervisors.
• Release a virtual appliance version of Access Gateway that can serve as a true replacement for CSG (Secure Gateway). For that, it needs to be free or very cheap at least. And better make it available for all three important hypervisors.
• Consistent management console for all versions of Access Gateway
• Citrix Receiver framework for the Mac and Linux platform
• Integration of all Citrix agents/clients/plug-ins into Merchandising Server
• NetScaler VPX virtual appliance for Hyper-V
• Merchandising Server virtual appliance for ESX

Please keep this wish list going.

If you have found this article interesting or if you have any other insights, please feel free to leave comments on this article.