MichaelZ Posted September 18 Share Posted September 18 Hi, I was wondering if any of you could give me some pointers on how to allow citrix and the published apps through the tunnel? So far I have allowed the store in Chrome and Edge and allowed the Citrix Workspace through the tunnel. I can successfully conect to Citrix through a browser but I cannot connect directly through the workspace app. Also I cannot launch apps from inside citrix. I get an error that the selected resource failed to respond in time. If I set the tunnel into per-device mode everything works Quote Link to comment Share on other sites More sharing options...
Employee Andreano Lanusse Posted September 19 Employee Share Posted September 19 @MichaelZ did you create the device traffic rules adding the Chrome and Edge apps for the specific domains you want to connect via Workspace ONE Tunnel? In this case you want to connect through Tunnel Service on UAG, do you have all the ports and protocols open on your firewall to allow the Tunnel client to connect via UAG? This article explains the Tunnel communication flow and might help you https://techzone.omnissa.com/resource/understand-and-troubleshoot-tunnel-connections-load-balancing Quote Link to comment Share on other sites More sharing options...
MichaelZ Posted September 19 Author Share Posted September 19 (edited) The tunnel as such works with the other apps. It's just Citrix that won't work. When the tunnel is in device mode Citrix works and I can start published apps. When in per-app mode selfservice.exe will not let me log in and I cannot start apps from browsers as well. I can connect to web based citrix as I have added the url to our browser rules. But I cannot start apps as this is initiated by selfservice.exe. As this works in device mode I believe that selfservice.exe calls another app to actually connect and since this is not added the connection will fail. So basically what I need is a list of the citrix apps to allow in the tunnel or a pfn Edited September 19 by MichaelZ Quote Link to comment Share on other sites More sharing options...
Employee Andreano Lanusse Posted September 25 Employee Share Posted September 25 You need to find all the programs and not just the self-service.exe, certainly others apps are used by Citrix and needed to be added to the DTR. Quote Link to comment Share on other sites More sharing options...
Employee Solution Sascha Warno Posted September 27 Employee Solution Share Posted September 27 Carl has the list of all apps that should be involved. https://www.carlstalhood.com/workspace-app-for-windows/ Add those to the DTR and test again. Else you will need to use tools like procmon to find out which other services are called. ICA Engine (wfica.exe) – process that uses the ICA protocol to connect to published apps and desktops. Self-Service (selfservice.exe) – gets icons from StoreFront and displays them in a Window. When an icon is clicked, Self-service passes the ICA file to the ICA Engine to establish a connection. Single Sign-on (SSON) for ICA (ssonsvr.exe) – captures user credentials and submits them to VDAs after an ICA connection is established Workspace Auto-Update (CitrixReceiverUpdater.exe) – Notifies users of Workspace app updates. The most recent name for this component is Citrix Workspace Update. Quote Link to comment Share on other sites More sharing options...
MichaelZ Posted Monday at 11:54 AM Author Share Posted Monday at 11:54 AM On 9/27/2024 at 9:27 AM, Sascha Warno said: Carl has the list of all apps that should be involved. https://www.carlstalhood.com/workspace-app-for-windows/ Add those to the DTR and test again. Else you will need to use tools like procmon to find out which other services are called. ICA Engine (wfica.exe) – process that uses the ICA protocol to connect to published apps and desktops. Self-Service (selfservice.exe) – gets icons from StoreFront and displays them in a Window. When an icon is clicked, Self-service passes the ICA file to the ICA Engine to establish a connection. Single Sign-on (SSON) for ICA (ssonsvr.exe) – captures user credentials and submits them to VDAs after an ICA connection is established Workspace Auto-Update (CitrixReceiverUpdater.exe) – Notifies users of Workspace app updates. The most recent name for this component is Citrix Workspace Update. procmon was what finally cracked this nut. Thanks for the link and tip, Sascha. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.