Tag Archives: Access Gateway

Using Citrix Edgesight to report Access Gateway logins.

Edgesight has at best some mediocre reports. The reports seem really useful at first glance, but when you are after a specific set of data it can be hard to come by. Below is a step by step guide to reporting external connections into your Citrix environment.

First, we need to uniquely identify users as they come through the access gateway. To do this we change the web interface site to tag workstation names differently for access gateway connections.

Log into your web interface and Identify the site used for your access gateway.

  • For Web Interface 4.5 and 4.6
    • edit the session.aspxf file located in the C:inetpubwwwrootCitrix<site name>app_datasiteserverscripts folder.
  • For Web Interface 5.0
    • edit the SessionUtils.java file located in the C:inetpubwwwrootCitrix<site name>app_codePagesJavacomcitrixwipageutils folder.
  • In either case, change the following line
From: deviceInfo.setClientName(clientName);
To: deviceInfo.setClientName(clientName.Replace("WI_","AG_"));

Note: The length of the client name must remain the same. For example, WEB0 cannot be substituted for WI_

Now that your users will be uniquely identified with their client name starting with AG_, time to move to edgesight and write your custom user group:

Open the Edgesight client, and browse to user configuration:

Select user groups from the left hand menu

Select new user group

Name the user group something relevant e.g. Access gateway users, and press “Create user group”.

Select Queries and choose next

again, give the query a relevant name, and enter the following in the query:

Select sessid from vw_es_usergroup_ica_users where client_name like "ag_%"

Save the query, then click back, then next again.

Choose the new query you have created from the list, then choose Add query below.

Now select Finish.

Now we wait until the next data upload occurs. This is configured in your agent properties…

Once the data upload has occured, move to the Browse tab in edgesight

Find the report near the bottom called “user login details for a user group”

Select the user group you specified from the user group dropdown, then choose Group by Date, then by user then by all.

you should now get a meaningful report on access gateway connections:

Customising the Error messages on Citrix Access Gateway Enterprise

As with most software solutions, advising the user to “contact the system administrator” may seem logical in the lab, but in the real world most users haven’t a clue who their system administrator is! He’s a collection of a number of individuals or just one sheepish person that doesnt need to be exposed to the user for every little password issue.

The Citrix access gateway suffers this pet peeve of mine and recently I was asked to set about changing this wording of this error to include a custom message.

To do so, load up winscp and connect to your Primary netscaler*.

*note i said primary, dont spend wasted time troubleshooting your secondary netscaler like this idiot did :(

Browse to /netscaler/ns_gui/vpn

Right click and edit the login.js file.

Find the string you wish to modify as below:

Enter the new text you wish to see, then save the file back to the netscaler.

Clear your internet preferences and test!

To keep your settings after a netscaler restart, check the following article from Citrix: CTX122271

To modify the second password field to be pin and token, please see the following article: CTX126206