SkyByte Consulting

Recently I ran into a strange problem with hyperlinks not launching Internet Explorer from Outlook 2010.  Upon clicking on any hyperlink in any email, the system would prompt the user asking what program to use to open this file.  My first thought was this was an Outlook issue, since Outlook can prevent certain files and hyperlinks from opening.  However, after checking the default programs on the server, I discovered the HTTP and HTTP protocols had no association to Internet Explorer, and listed "unknown application" to open them.  Additionally I could not even choose an application to re-associate these protocols.

The Citrix Xenapp Installation is a Windows 2008 64 bit OS running Citrix Xenapp 5.  It turned out to be a known bug in Xenapp 5.  The IMAAdvanceSrv.exe service apparently removes a critical registry entry for Internet Explorer.  The registry key entries located here were both missing:

HKEY_LOCAL_MACHINESOFTWAREClassesIE.HTTPshellopencommand

HKEY_LOCAL_MACHINESOFTWAREClassesIE.HTTPSshellopencommand

By default, the command should be: "C:Program Files (x86)Internet Exploreriexplore.exe" -nohome

I replaced the keys and immediately hyperlinks were working again, however, after about an hour the keys I entered mysteriously disappeared.  Thankfully Citrix has identified the issue and has a resolution involving adding a registry entry found here: http://support.citrix.com/article/CTX107424.  After entering this key, the registry entry for Internet Explorer remained intact.

For x86 servers, add the following key below.  For x64 servers, the key belongs under WOW6432Node.

HKEY_LOCAL_MACHINE/Software/Citrix/SFTA

Valuename: DisableServerFTA REG_DWORD value decimal 1

SkyByte Consulting is committed to excellent Citrix Xenapp support!  Contact us today!

After installing Symantec Endpoint Protection to a Citrix Xenapp Installation, I noticed several repetitive errors appearing in the Application event log.  About every minute, a service or application part of Symantec Endpoint would crash.  These crashes were causing Symantec Endpoint to malfunction and update definitions properly.  We also believe this caused a decrease in system performance across our entire farm.  Several executables were failing and would log an error such as this:

Faulting application name: SescLU.exe, version: 11.0.7000.49, time stamp: 0x4db8fae2

Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f

Exception code: 0xc0000005

Fault offset: 0x0002e8f4

Faulting process id: 0x15e4

Faulting application start time: 0x01ccffa2c6db522a

Faulting application path: C:Program Files (x86)SymantecSymantec Endpoint ProtectionSescLU.exe

Faulting module path: C:WindowsSysWOW64ntdll.dll

We are running Citrix Xenapp 6 on Windows 2008 R2 servers part of a healthy VMware Vsphere cluster.  I installed Symantec Endpoint 11 RU7 from our SEPM server and had applied Symantec's recommendations for terminal environments.  We were very shocked to hear about performance issues with the hardware it resides on.  Considering how Symantec interacts with the system and its files, such errors could very well cause stability issues for users logged in.

This problem was related to the Citrix Application Programming Interface.  Thankfully this can be disabled for any executable or service experiencing a problem.  The procedure can be found on Symantec's website: http://www.symantec.com/business/support/index?page=content&id=TECH150373

Its recommended to add the entry in both locations 32 and 64 bit servers.

For the 32-bit version

Key: HKEY_LOCAL_MACHINESOFTWARECitrixCtxHook

Value Name: ExcludedImageNames
Type: REG_SZ
Value: rtvscan.exe,smc.exe,sesclu.exe,smcgui.exe,ccsvchst.exe
 

For the 64-bit version

Keys: HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixCtxHook and HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixCtxHook64

Value Name: ExcludedImageNames
Type: REG_SZ
Value: rtvscan.exe,smc.exe,sesclu.exe,smcgui.exe,ccsvchst.exe
 

In addition to these applications, I also added symdelta.exe which was occasionally crashing.  After a reboot, Symantec was functioning normally and the system performance had increased.  An antivirus software is essential to network security.  Configuring it properly on a terminal server is very important to ensure efficiency and functionality are in check.

In working with Outlook 2010, I had a client who had Exchange mailboxes that he needed to get rid of because they no longer needed. The user tried removing the mailbox from Outlook by simply launching the "Mail" (Outlook profiles) from control panel. When the user would re-open Outlook the account was still there. After some looking around it was found that the user had been given the "Manage Full  Access Permission" in Exchange 2010 to this specific mailbox. This was causing Outlook for some reason to hold on to the mailbox in the left pane.

In order to get rid of the mailbox the "Manage Full  Access Permission" had to be removed from the specified users on this function of the mailbox in the Exchange management console.  You can also use the Exchange Power Shell to perform this by using this command - Remove-MailboxPermission -Identity Mailbox -User -useraccessing Fullaccess

After removing the user from the full access permissions, Outlook was closed and opened back up and the users were then removed. It is unclear if this is issue is caused by a Microsoft Exchange upgrade or if this is just one of those little issues that slipped through the cracks on patching either system. SkyByte Consulting supports clients large and small with issues like this and many others. 

VDI (BYOD) Bring your own device

As many SMB’s rise slowly out of the recession and have begun to invest in the latest technologies, they are finding their new software and IT systems may support iPhone, iPad, Android, PC  or Mac. All this connectivity ushers in a new ways to conduct business. The variety of these devices can be used to provide better communication and flexibility in the workplace and thus improve business agility. BYOD can also provide both hard and soft returns for the organization’s IT investments. The hard returns of BYOD materialize as savings to your organization simply because it no longer has to shell out funds for the latest and greatest devices. The soft return may be happier employees and morale because they can leverage their device of choice to connect to company resources, instead of having IT and corporate dictate specific devices. It is important to point out BYOD also brings with it a host of cons that must be considered and controlled by the corporations acceptable use policy and IT security experts.

The first and foremost consideration is data security: A company must consider the pros and cons before they allow company data on an employee’s personal device. Once a company allows an employee to download data to a personal device, the company has little or no control or management of its data. This may also bring up legal issues over ownership of the data should the employer or employee relationship turn sour. For example a company’s intellectual property or contact lists could easily be harvested and brought to a competing business. There are many other variables to consider, such as a well-intentioned employee device may malfunction, damaging or deleting email or contacts on the company mail server. The employee may load an unsecure app whose goal is to leach or damage corporate data. The employee may load an app then walk into the business, connect to WiFi with a potential Trojan horse causing a devastating data loss.  For some organizations this is an acceptable risk, and steps can be taken to help mitigate some of these concerns, however for most organizations this is not tolerable.

BYOD introduces a fine line to saving money. There are additional IT and business costs in supporting multiple platforms. For example; IT must configure the company mail server to support Blackberry, iPhone, iPad and Android. IT must track and try to enforcesuggest a baseline of mobile security. This was a difficult enough task on a single platform, with BYOD this becomes 3X more difficult and time consuming. Fixing one issue for iPhone users may break something for the others.   There are also support and security benefits of supporting a single corporate platform. This conservative thinking brought stability and security to organizations for years.

So where does that leave us? Should an organization allow BYOD or not? There is no right or wrong and only an organization can choose whether the benefits can outweigh the risks. Chances are in a small organization this can be managed on an individual basis. Anything beyond a small business or a business that lives or dies by its data needs to seriously consider the implications of introducing unmanaged personal devices into their organization. However what we have discussed so far assumes an organization allows an employee devices to directly connect, sync, and interface with company assets.

Are there other options or solutions? Absolutely! VDI (Virtual Desktop Infrastructure). The industry has been virtualizing servers for years, VDI technologies are one of the hottest topics in IT. VDI leverages the benefits and investments in server virtualization and extends them to the desktop and mobile device space.  VDI software such as VMware View, Citrix XenAPP or Citrix XenDesktop allows secure data access for BYOD’s users. The biggest VDI benefit is that corporate data can be extended to all main stream devices and no actual copy of the data is stored on the device. Rather all data is stored, maintained, and secured in the organizations IT system. The VDI software client is also agnostic to the device or platform it runs on, thus eliminating the actual work in configuring the entire system to work with multiple platforms.  VDI allows the organization to maintain control over its data while still leveraging the benefits of BYOD.

SkyByte is a VMware Professional Partner and a Citrix Solution Provider.  Contact us today for a server virtualization or VDI evaluation.

Last week I ran into a bizarre email sending problem which ultimately was caused by Microsoft Outlook 2010.  All of a sudden a user could no longer send email from their Outlook, but could receive.  The user would immediately receive this undeliverable bounce-back after sending any emails:
 

 
"Delivery has failed to these recipients or groups:
user@domain.com

You can't send a message on behalf of this user unless you have permission to do so. Please make sure you're sending on behalf of the correct sender, or request the necessary permission. If the problem continues, please contact your helpdesk."

This error is typically seen when a user attempts to send an email on behalf of another user without the proper permissions.  This was not the case, the user was trying to just send email as himself.  The first obvious check was if his Exchange permissions were set correctly.  The user was running a fairly new box, running Windows 7 Professional 64 bit with Microsoft Office 2010 Home and Business edition.  Their Outlook was connected to an on-premise Exchange 2010 server, and no other users on the network were experiencing this problem.  While we had performed a Microsoft Exchange Upgrade recently, he had been running normally for several months.  The next step I took was see if he could send from OWA, and he could.  Additionally, he could send from his Android phone connected to his Exchange account.

To confirm the problem was isolated to his machine as a possible network security or software issue, he logged in as himself on another similar machine, created an Outlook profile and was able to send email just fine.  So, the next step I took was recreating his Outlook profile.  Recreating the Outlook profile will resolve many Outlook abnormalities, unfortunately this time it did not help.  Then I backed up the user's profile, and recreated it.  To my disbelief, the problem remained.  My next step was to fully remove and reinstall Office, not a repair install.  This finally fixed the issue, and he was able to send email again.

SkyByte Consulting has recommended Symantec Endpoint Protection and its managing capabilities to it's clients for a variety of reasons.  From the ease of deploying clients to end users and the ability to manage them all from one console makes Symantec Endpoint Protection a great Antivirus and Antimalware solution.  The Symantec Endpoint Protection Manager (SEPM) downloads definition updates from Live Update on a regular basis and then deploys the updates to each endpoint client connected to your network infrastructure.  Symantec releases several revisions throughout the day, so by only having to download one copy of the definitions to the SEPM rather than each individual client, you save bandwidth for other needs.

Recently I discovered a SEPM that had stopped receiving updates.  Rebooting the server had not helped and manually running LiveUpdate inside the SEPM would reply with "Error: LiveUpdate encountered one or more errors. Return code = 4".  According to Symantec, this could be a variety of reasons from network firewall security, IE's Enhanced Security, or a proxy.  I knew this was not the case and I was able to resolve this by following these steps:

1.  Stop the SEPM and SEP Embedded Database in Services.
2.  Uninstall Live Update from Programs and Features or Add/Remove programs
3.  Install Live Update from the SEP setup CD
4.  Open a command window, then browse to:
C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin
Type lucatalog -update and press Enter.
5. Start the SEP Embedded Database service and then the SEPM service
6. Login into the SEPM and retry downloading updates from Live Update.

1. In outlook 2010, click on your calendar.
   
2. From the Home tab, Select Calendar Groups.
   
3. In the drop-down list, click one of the following-
   
   
   1. To create a new group calendar, click Create New Group Calendar, and continue to step 4.
      
   2. If you have multiple Calendars open ( For example: You are viewing other peoples calendars along with your own), you can save the the calendars in the current view as a new calendar group in the navigation pane by clicking Save as New Calendar Group.
      
   3. To display team calendars in the navigation pane, click Show Team Calendars. Team calendars contain calendars for your manager, direct reports, and peers as determined from information in Active Directory.
      
4. In the Create New Calendar Group dialog box, type the name for the grouping, and click OK.
   
5. In the Select Name: Global Address List dialog box, find the individuals or resources you wish to add to the grouping. Click the Group Members -> button to add them (or double click their name). You can add multiple people or rooms by finding another person and clicking the button again.
   
   If you have a server-side distribution list (For example - a mail-enabled group, not a LISTSERV list or a personal distribution list), you may find that group and add it.
   
6. When you are done adding the people and rooms click OK and the calendar group is saved in your navigation pane. In it, you can see each of members or resources availability. If the individual or resource room doesn't allow people or a specific set of people to view the free/busy information, you will not see any details listed.
   
7. To add more people or resources, right-click on the calendar group in the navigation pane and click Add Calendar. Choose one of the following methods  to add the calendar-
   
   
   1. From Address Book
   2. From Room List
   3. From Internet
   4. Open Shared Calendar
      
8. To delete a calendar group, right-click the calendar group in the navigation pane and select Delete Group.

SkyByte Consulting is a premier provider of Virtualization solutions and technologies.


Recently SkyByte won an RFP for a major suburban park district near Chicago. SkyByte successfully beat out four other Chicago IT firms with our design and project pricing. The park district had approximately thirty aging physical servers well beyond their effective service life. Their server room consisted of two 42U racks full of old server equipment. SkyByte proposed a four server VMware vSphere Cluster connected to a NetApp 2040 SAN. Cisco switches were chosen and NFS was utilized for the storage area network. SkyByte architected a secure DMZ along with multiple production internal networks. The project had the added benefit of centralizing all of the organizations data within the new NetApp SAN. This further improved the organizations disaster recovery options.

SkyByte installed the new VMware vSphere cluster and virtualized all the old servers from P to V. The virtualization candidates were Microsoft Exchange, four Microsoft SQL database servers, file and print servers, application servers and many F5 load balanced web servers.  Upon completion of the project all old server equipment was removed, and a complete 42U rack was removed from the room. 84U U’s of space were reduced to 15U’s. Power and cooling requirements for the data room were reduced by more then 50%. The park district gained fault tolerance, and high availability; the system is designed to continue business operations with a two host failure. The organization also gained much more flexibility within their system to meet the public's needs. Other benefits have been much better performance logging and reporting. The organization has acknowledged system performance was dramatically improved across all servers.

SkyByte has been working with Virtualization technologies since 2003. Over the last several years we have focused our infrastructure practice on server virtualization and server consolidation through the use of VMware vSphere Clusters and standalone ESX and ESXi hosts. He have aligned ourselves with NetApp and EMC for storage solutions. SkyByte has found VMware’s virtualization product suite to be vastly superior to the competing server Virtualization software such as Hyper-V and Citrix XenServer. Specifically the levels of refinement, flexibility, reliability and support are much better with the VMware products.

Contact us today for a free evaluation of what Virtualization can do for your organization. 847.574.6256 or info@skybyte.com

Yesterday I was setting up Backup Exec 2010 R3 as part of disaster recovery solutions initiative for a client. Installing the media server was the easy part, but installing the remote agent on one of the servers proved to much more of a pain. Using the utility built into Backup Exec, I deployed the agent to the server. I then logged into the server to verify that the agent had indeed installed. I noticed a red "X" on the tray icon, so I investigated. Upon looking into the error it said that the service did not start so I opened the services MMC and tried to start it manually. The service started then stopped immediately with the error -

"The Backup Exec Remote Agent for Windows Systems service on Local Computer started and then stopped. Some services stop automatically if they have no work to do for example, the Performance Logs and Alerts service."

I also looked in the event logs and found an error with the event ID: 58117 - The application failed to listen on the NDMP TCP/IP port. Check the network configuration.

After digging around on the Internet I found a support document from Symantec that explained the issue. Backup Exec's remote agent requires port 10000 to operate. For those of you who may not know port 10000 is a very commonly used port. Because the administration site for the software running on this particular server was also running on port 10000 the service was failing to start and I was receiving that vague error message (Thanks Symantec!).

1. Confirm that there is another application using port 10000 by first opening a command prompt: Goto Start -> Run -> Type "CMD" and press Enter
2. At the command prompt type:
   NETSTAT -abno
   Then press ENTER
    
   This will give a list of all ports that are in use on the system along with the name of the process that is utilizing the port.  The ports are listed in the format of IP

1.  Edit the SERVICES file located in C:\WINDOWS\system32\drivers\etc\ using  Notepad
2.  Add an entry that reads like the following example (12000 is just an example port.  Pick any available port that did not show as in use in the NETSTAT results):
   ndmp          12000/tcp
    
   At the end of the line press ENTER so that the cursor goes down to the next blank line.  If the ENTER key is not pressed at the end of the NDMP line, the change will not take effect.
3. After making the change, save the file and restart the Backup Exec Remote Agent for Windows Servers service.

1. First and most importantly! - Create an admin account on your computer and change your everyday user to a standard account. If you do get infected, the virus will not have admin rights to your machine! It won't be able to install anything or modify any critical systems in your machine. This tip is the most critical by far!
2. Uninstall Adobe Flash Player. I know your probably saying "Why would I do that? I can't watch Youtube or play Farmville on Facebook!!" Well what you may not know is that Adobe flash has more holes than a piece of Swiss cheese and no matter how many updates the put out for it, you just can't fix bad code/programming.
3. Install an Anti virus client! They can be found for free and there is no excuse for not having one.. Microsoft offers Security Essentials (Microsoft Security Essentials)
4. Download an Anti Mal-ware program like Malwarebytes - This is by far one of the best tools for keeping you computer clean and spy ware/malware free. (Malwarebytes)
5. Don't just click because you can.... Just because it's on Facebook doesn't mean it's safe. No one is really going to sell you Viagra for 25 cents a pill, so stop clicking on the links. This type of attack is called click jacking and it's one of the most common ways PC's get infected!
6. If it sounds to good to be true.. It probably is. Like watching "The Big Bang Theory" episodes for free a week before they come out. Do not install anything on your machine that's not from a reputable source. This includes Active X controls and "plug-ins".
7.  Update your computer the Windows Updates and also keep your browser/s (Chrome, Firefox, Opera, Internet Explorer) up to date. Windows, Linux, or even Mac OS X all get updated regularly to plug holes in security that the programming and support teams find.
8. Spam isn't just for eating. Spam is something in the corporate world that plagues many companies and users. If some prince in Nigeria says he has 5 million dollars for you, that should be your best clue that the email is bad news. Who it's from- Emails from sdc2@#dd@misseddeliveries.dhl.com is not a real email address. Before I forget if you get an email from a friend with a link or a file with a .exe at the end, delete it and call the person to inform them that their E-mail has been hijacked or they are now a spam bot. 
9. Don't turn off you're Windows Firewall unless you know what your doing. I know it can get in the way of your Torrent downloads which 99% of the time are illegal anyway and filled with Viruses and Malware... Your firewall is the first line of defense in a PC so learn to use exceptions and that can be learned from some simple googling...
10. Common sense is key. If you think before you click you won't have to spend $50 to $200+ getting you PC cleaned off or wiped and reloaded. Also don't get mad at the computer repair person because you have to shell out the money. He didn't infect the computer, but he might be able to help you prevent it from happening again.

I recently installed a CAD viewer as a published application in a Citrix Xenapp installation.  The Xenapp environment is running Windows Server 2008 R2 across all servers in the farm.  The goal was to be able to open .DWG files in this application by double clicking on any .DWG file.   Unfortunately this specific CAD viewer application did not associate itself to any file extensions in the system's registry  Instead, double clicking the file opens the window asking you how you would like to open the file, which would have been a problem.

There are a few ways you can associate a file in Windows Server 2008 R2.  You can choose manually select the program to open and select always open this type of file with this program, or you can associate the file type under default programs in the Control Panel.  Since we are using roaming profiles, these user settings are immediately lost upon log off.  Attempting to associate the file under the administrator account will not apply to all users either.

Furthermore, under the Citrix console you can associate files for published applications within the Content Redirection properties in the published application.  This useful feature applies specific file types to always open with the published application.  The only downside to this is Citrix searches the registry of your Xenapp servers to determine what file extensions can be associated.  The resolution is to manually associate the file type using the assoc and ftype commands on the Xenapp server.

• Per User -
  • HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains
• The Whole Machine (Globally)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains

If you are working on specific users needs than you will want to edit the HKCU(HKEY_CURRENT_USER), but if you need the same sites or domains trusted then use the HKLM(HKEY_LOCAL_MACHINE). Below I will give two different approaches to making this an easy add for your users or for you as the admin.

The first way is using the following Visual Basic script:

Option Explicit

Dim DomainArray(5), strComputer, strHTTP, strHTTPS
Dim dwordZone, regPath, objReg, counter, subkeyPath
Dim subkeyValue
Const HKEY_LOCAL_MACHINE = &H80000002

DomainArray(0) = "trusteddomain0.com"
DomainArray(1) = "trusteddomain1.com"
DomainArray(2) = "trusteddomain2.com"
DomainArray(3) = "trusteddomain3.com"
DomainArray(4) = "trusteddomain4.com"

strComputer = "."
strHTTP = "http"
strHTTPS = "https"
dwordZone = "2"
regPath = "SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings" &_
        "\ZoneMap\EscDomains\"
Set objReg = GetObject("winmgmts:{impersonationLevel = impersonate}!\\" & _
        strComputer & "\root\default:StdRegProv")

For counter = 0 to 4
        subkeyPath = regPath & DomainArray(counter)
        objReg.CreateKey HKEY_LOCAL_MACHINE,subkeyPath
        objReg.SetDWORDValue HKEY_LOCAL_MACHINE,subkeyPath,strHTTP,dwordZone
        objReg.SetDWORDValue HKEY_LOCAL_MACHINE,subkeyPath,strHTTPS,dwordZone
Next

The above script when executed will insert 'trusted domain0.com', 'trusteddomain1.com' and etc to Internet Explorers trusted sites zone when run on any machine. To run this script the user running it will need to be a local admin on the machine or any user that has access to write to the HKEY_LOCAL_MACHINE registry hive and any other changes that are global to the machine.

The next way involves creating a "Registry Entries" (.reg) file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trusteddomain0.com]
"http"=dword:00000002
"https"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trusteddomain1.com]
"http"=dword:00000002
"https"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trusteddomain2.com]
"http"=dword:00000002
"https"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trusteddomain3.com]
"http"=dword:00000002
"https"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\trusteddomain4.com]
"http"=dword:00000002
"https"=dword:00000002

Just like the previous script, this must also be run by a user with administrator privileges and any changes will be global on all users of the machine. You can customize this code to fit your needs. Please also make sure before deploying these that the changes will not violate your network security policy.

SkyByte Consulting  provides support for many clients from small to large and everywhere in between. In the case of Microsoft SharePoint, Dynamics, and other MS enterprise products you can deploy Microsofts Threat Management Gateway (TMG) or Unified Access Gateway (UAG) which can perform reverse proxy to the sites. I hope this post will help a few admins out there with authentication annoyances and prevent un-needed service tickets.

All information presented on this blog is for informational purposes only and is provided on an as-is basis.

• The URL for accessing Gmail (mail.google.com) is blocked by many organizations because they don't want personnel accessing their e-mail while on company time.
• There is now Global Address List functionality. This means that you wouldn't be able to have a single "Marketing Contacts" address book shared by all of your marketing people. The "shared contacts" functionality only really mans that things are shared within your domain.
• Contact sync to mobile devices - at least with the iPhone there is no way to sync a subset of Gmail contacts. Most people don't want all of their email contacts added to their phones address book.
• Having the reassurance of Microsoft Server Support specialists or Public Forums when your company runs into problems?

We recently created a brand new Citrix Xenapp 6.0 environment with four Windows 2008 R2 servers in our farm.  40 users will be connecting into the environment with a variety of platforms including thin client technology, mobile PCs, and now mobile tablets and phones.  One of the goals in our Citrix Xenapp installation was to support as many platforms as possible.  With Citrix, that is entirely possible with a few tweaks to get things working right.  With mobile devices becoming the preferred computing device, especially tablet PCs, Citrix access has become a frequent request in recent years.

Citrix offers an lightweight application available for iOS, Android, and Blackberry devices called the Citrix Receiver.  This simple app provides you secure access into your companies Xenapp environment.  You can stream published apps and use your desktop on the convenience of a tablet.

During our testing phase, we ran into an issue with iOS 5 devices not accepting our SSL certificate installed on the Secure Gateway server running Windows IIS6.  We experienced the problem on both the iPad1 and iPad2 and also the iPhone 4 and more than likely it affected all iOS devices.  We had reason to believe it was due to our standard SSL certificate authorized through GoDaddy since we had other environments working but with an SSL certificate through another SA.  The problem occured when an iOS device attempted to launch an app or published desktop.  The connection would fail half way and say:

Connection Error:  You have not chosen to trust "Go Daddy Secure Certification Authority", the issuer of the server's security certificate.  Error Number: 183

• Secure employee-owned devices with access to corporate resources.
• Manage and provision all mobile endpoints and desktop from a single interface.
• Reduce costs and allow employees to use their own mobile device for work.
• Safely support a wide variety of mobile phones connecting to a company network.