RDS Gateway and Horizon View behind NetScaler Content Switch

In the perfect world it would be possible to run lots of services behind a single IP address going through the NetScaler Content Switch. Unfortunately we don’t live in a perfect world, and this post is NOT going to give the solution.

Now, there’s no problems running RDS Gateway and Horizon View on a dedicated IP address with a SSL Brigde, but my current Mission Impossible is to get them all running on a single IP address. At the moment I have a Unified Gateway and ADFS running on 443 which is a great victory for a NetScaler Newbie like myself.

RDS Gateway and Horizon View behind Netscaler Content Switch 02

The purpose of this blog post is to show the community what I have achieved so far and a reasonable workaround for the problem in question. I’m pretty confident that we as a community will figure this out together, some day…..There ‘s clearly a big interest in this topic.

RDS Gateway and Horizon View behind Netscaler Content Switch 01

Below is the configuration for my RDS Gateway and VMware Horizon View Security server. I did have some problems in the beginning getting the webpages to display, but got some help from my NetScaler mentor Dave Brett figuring that out. Seems like the NetScaler VIP get’s confused when the external certificate is bounded to both the VIP and IIS.

I have configured VMware Horizon View Security Server and RDS Gateway as we’re supposed to with my external wildcard.xenapptraining.com certificate. Well, with that config the webpage never shows up when connecting. To fix the problem, you simply added the internal certificate instead.

RDS Gateway and Horizon View behind Netscaler Content Switch 05

Doing so the webpages shows up correctly and I’m able to log into the various services. Now the problem occur when I try connect, because it’s linked to an internal certificate that’s not recognized on the internet.

RDS Gateway and Horizon View behind Netscaler Content Switch 06

Jake Rutski did get this working on a different setup with NetScaler 10.5, but I’m running the latest release and there’s also some reports in the Citrix Support forum that RDS Gateway doesn’t work anymore on 65.35 but did on the 64.x.

Now what I’ve found as a reasonable workaround for me is to use the VPN function of the Unified Gateway. When connecting through VPN you get access to all SIP networks so it’s easy to connect to your internal services, though you get tons of SSL errors.

RDS Gateway and Horizon View behind Netscaler Content Switch 03

So until Citrix or the community figures this out, that’s the best workaround for homelabs running on a single IP Address. The only thing I want for Christmas is Citrix support for XenMobile behind a Content Switch (something the rumors says Citrix is working on).

2 Responses to RDS Gateway and Horizon View behind NetScaler Content Switch

  1. Trond,

    thanks for this great article! With your article and Jakob’s blog I was able to successfully set up a working configuration of AD FS 3.0 as well as RDWeb with a single public IP address and NetScaler unified content switching vServer.

    I’m able to successfully verify my AD FS functionality as well as launch RDP published remote apps.

    In case you’d like to discuss and have a look at my setup don’t hesitate to contact me. I’m well as you interested in leveraging NetScaler as a single point of entry for different services with just a single public IP address and get to grips with its Content Switching feature.

    Alex

Leave a reply