Installing and Configuring Citrix XenMobile App Controller 2.9

After installing and configuring the XenMobile MDM server it’s time for the step-by-step blog about XenMobile App Controller. In this blog I will install (upload) the Citrix XenMobile App Controller 2.9 to the Citrix XenServer. After that I will configure the basic settings from the console and run the configuration wizard from the administrator web console. I will also create a server certificate for the App Controller, connect the XenMobile MDM server to the App Controller and publish an application.

XenMobile and the NetScaler

The Citrix NetScaler (10.1) now includes a XenMobile setup deployment wizard. With this wizard you can configure XenMobile MDM, App Controller, MS Exchange with Email Filtering and ShareFile at once. For the App Controller the wizard will create a NetScaler Gateway. Make sure you enter the correct Gateway FQDN (App Controller URL) and that you configure the correct certificate (for the external DNS name).

netscaler-xenmobile-config

Preparations

For the Citrix XenMobile App Controller installation/configuration you have to do the following preparations;

Active Directory Requirements

Fill in (at least) the following fields in the user account properties;

  • User Logon Name (and not only the pre-Windows 2000 one)
  • First Name
  • Last Name
  • E-Mail

Downloading and Uploading the XenMobile App Controller to the XenServer

Installing_and_Configuring_XenMobile_App_Controller_29_001

For this installation I will download “App Controller 2.9 Virtual appliance for XenServer” from the Citrix website.

Installing_and_Configuring_XenMobile_App_Controller_29_002

After downloading the XenMobile App Controller, open XenCenter, open the File menu and choose the option Import…

Installing_and_Configuring_XenMobile_App_Controller_29_003

Browse to the downloaded App Controller and click Next

Installing_and_Configuring_XenMobile_App_Controller_29_004

Select your XenServer and click Next

Installing_and_Configuring_XenMobile_App_Controller_29_005

Select the storage you want to upload the App Controller to and click Import

Installing_and_Configuring_XenMobile_App_Controller_29_006

Select the network interface you want to use for the App Controller and click Next

Installing_and_Configuring_XenMobile_App_Controller_29_007

Click Finish

Configuring the XenMobile App Controller

Installing_and_Configuring_XenMobile_App_Controller_29_008

Start the XenMobile App Controller and go to the Console tab of the virual machine (XenCenter). Login with the default admin account (account name: Admin, Password: password).

Installing_and_Configuring_XenMobile_App_Controller_29_009

Type 0 to start the Express Setup

Installing_and_Configuring_XenMobile_App_Controller_29_010

Type 1 to configure the IP Address

Installing_and_Configuring_XenMobile_App_Controller_29_011

Enter the IP Address you want to assign to the App Controller

Installing_and_Configuring_XenMobile_App_Controller_29_012

Enter the correct Netmask

Installing_and_Configuring_XenMobile_App_Controller_29_013

Type 2 to configure the Default Gateway

Installing_and_Configuring_XenMobile_App_Controller_29_014

 Enter the correct Default Gateway IP address

Installing_and_Configuring_XenMobile_App_Controller_29_015

Type 3 to configure the DNS Server(s)

Installing_and_Configuring_XenMobile_App_Controller_29_016

Enter the correct IP Address of the DNS server(s)

Installing_and_Configuring_XenMobile_App_Controller_29_017

Type 4 to configure the NTP Server

Installing_and_Configuring_XenMobile_App_Controller_29_018

Enter the correct IP Address of the NTP server

Installing_and_Configuring_XenMobile_App_Controller_29_019

Type 5 to commit the changes

Installing_and_Configuring_XenMobile_App_Controller_29_020

Type y to reboot the App Controller

Installing_and_Configuring_XenMobile_App_Controller_29_021

Open a web browser and type the following address: https://<ip of appcontroller>:4443/ControlPoint. Login with username: administrator (NOT admin !) password: password.

Installing_and_Configuring_XenMobile_App_Controller_29_022

When logging on for the first time, a Configuration Wizard will be appear. The first step is to change the default administrator password. Fill in the default password (password) and enter a new one (twice). Click Next

Installing_and_Configuring_XenMobile_App_Controller_29_023

Enter a hostname. In my case I will use appcontroller.hobo.lan. NOTE: you must create an inernal DNS record for this hostname manually.

Installing_and_Configuring_XenMobile_App_Controller_29_024

Enter the requested Active Directory information. Leave “Use secure connection” unselected for now. We will configure the certificates for the secure connection later. Click Next.

Installing_and_Configuring_XenMobile_App_Controller_29_025

Configure the correct Time Zone and DNS suffixes. Click Next

Installing_and_Configuring_XenMobile_App_Controller_29_026

Enter the requested mail server settings and click Next

Installing_and_Configuring_XenMobile_App_Controller_29_027

Click Save

Installing_and_Configuring_XenMobile_App_Controller_29_028

Click Yes

Creating and Installing a server certificate

The Citrix XenMobile App Controller requires the root and a server certificate to communicate between the App Controller and the Management console, Applications and StoreFront.  Note: this is not the SSL certificate for use with the external DNS record, that certificate must be trusted by an external CA and must be installed on the NetScaler.

XenMobile_AppController_Cert_001

For the creation of the server certificate I will use Internet Information Services (IIS). Go to Server Certificates and click Create Domain Certificate

XenMobile_AppController_Cert_002

Enter the requested information and click Next

XenMobile_AppController_Cert_003

Select the correct (intern) Certification Authority (CA), enter a Friendly name and click Finish

XenMobile_AppController_Cert_004

Right click the certificate and click Export

XenMobile_AppController_Cert_005

Export the certificate to an .pfx file and set an password. Click Ok

XenMobile_AppController_Cert_006

Open an MMC console and add the Certificates snap-in (My User Account)

XenMobile_AppController_Cert_007

Browse to Certificates – Current User > Personal > Certificates. Right click Certificates and browse to All Tasks > Import

XenMobile_AppController_Cert_008

Click Next

XenMobile_AppController_Cert_009

Browse to the certificate and click Next

XenMobile_AppController_Cert_010

Type the password for the private key and select Mark this key as exportable. This will allow you to back up or transport your keys at a later time. Click Next.

XenMobile_AppController_Cert_011

Click Next

XenMobile_AppController_Cert_012

Click Finish

XenMobile_AppController_Cert_013

Click OK

XenMobile_AppController_Cert_014

Right click the certificate and browse to All Taks > Export

XenMobile_AppController_Cert_015

Click Next

XenMobile_AppController_Cert_016

Click Next

XenMobile_AppController_Cert_017

Make sure you select Include all certificates in the certification path if possible and click Next

XenMobile_AppController_Cert_018

Set a password and click Next

XenMobile_AppController_Cert_019

Browse to the path you want to save the certificate to and click Next

XenMobile_AppController_Cert_020

Click Finish

XenMobile_AppController_Cert_021

Click OK

XenMobile_AppController_Cert_022

Logon to the XenMoble App Controller web console and go to Settings, Certificates

XenMobile_AppController_Cert_023

Go to Import and select Server (.pfx)

XenMobile_AppController_Cert_024

Enter the password you set while exporting the certificate and click OK

XenMobile_AppController_Cert_025

Select the certificate and click Make Active. Note that the root CA is also imported automatically and is added to the Certificate Chain.

XenMobile_AppController_Cert_026

Click Yes

XenMobile_AppController_Cert_027

You can now browse to the AppController Admin Console via HTTPS

Allow the XenMobile MDM server to communicate with the XenMobile App Controller

To allow the XenMobile MDM server to communicate with the XenMobile App Controller configure the following;

XenMobileMDM-AppController-Connection-001

Logon to the XenMobile MDM admin console and go to Options

XenMobileMDM-AppController-Connection-002

Go to App Controller. Enter the Host Name and a Shared Key (anything you like without special characters) and click Close

XenMobileMDM-AppController-Connection-003

Click Yes

XenMobileMDM-AppController-Connection-004

Open the XenMobile App Controller admin console, go to Settings, XenMobile MDM and click Edit

XenMobileMDM-AppController-Connection-005

Enter the requested information and click Test Connection

XenMobileMDM-AppController-Connection-006

Click Close

XenMobileMDM-AppController-Connection-007

Click Save

XenMobileMDM-AppController-Connection-008

Go back to the XenMobile MDM Console and click Check connection

XenMobileMDM-AppController-Connection-009

Click OK

Publish an Application

Within the Citrix XenMobile App Controller you can deploy a lot of different types of applications including Android Apps (APK files or MDX files for wrapped), iOS Apps (IPA files or MDX files for wrapped), Web & SaaS, Web Links or Apps directly from iTunes or the Google Play store. For this blog I show you how to publish a SaaS application.

XenMobile_AppControler_Publish_App_001

Logon to the App Controller administrator panel and go to the tab Apps & Docs

XenMobile_AppControler_Publish_App_002

Go to Web & SaaS and click on the big green plus sign

XenMobile_AppControler_Publish_App_003

For this example I will use the LinkedIn SaaS app, click Add

XenMobile_AppControler_Publish_App_004

Click Next

XenMobile_AppControler_Publish_App_005

You can define Workflows within the App Controller if, for example, approval is required from a manager. In this case I let everything default. Click Next

XenMobile_AppControler_Publish_App_006

Click Save

XenMobile_AppControler_Publish_App_007

The LinkedIn application is now published from the App Controller

XenMobile_AppControler_Publish_App_008

To see if it works, open a web browser and enter the App Controller URL

XenMobile_AppControler_Publish_App_009

Click on the plus sign to add the LinkedIn application

XenMobile_AppControler_Publish_App_010

Select the LinkedIn application

XenMobile_AppControler_Publish_App_011

Click on the LinkedIn icon

XenMobile_AppControler_Publish_App_012

The App Controller will save the credentials for the user.

It is also possible to add XenApp / XenDesktop application and desktops by connecting StoreFront to the App Controller.

23 comments

  • Hi Robin ,

    Thanks for the effort . Great article.

    One question : I followed the exact same steps and I still get the following :

    there are no apps or desktops assigned to you at this time.

    I have added to your steps new AD group and giving permissions but getting the same message on all users .

    any ideas ?

  • Hi Robin,

    After filling the User Logon Name as you stated in your article it all worked fine.

    Thanks again.

  • I am trying to follow the same process but it looks like the screens are different now. At least in my case. The Netscaler login portal for XenMobile only shows the options for Xenmobile and Exchange. I am on build 124.13 and this is brand new install.

    • That’s correct, the other two wizard options are only available in the enhanced version of the NetScaler.

  • Thanks Robin, this is awesome.

    BTW app controller address should be
    https://App ControllerIPaddress:4443/ControlPoint

    port is 4443 and not 4333

    I figured it out though, thanks!

  • First of all thanks for this great post. I configured the appcontroller and used your article for wrapping WorxMail and WorxWeb for both Android and IOS. On Android the WorxMail works great. However on IOS there are no mails visible in the app. When I configure the native app with the same credentials all mails are retrieved properly.

    Any ideas what the issue might be?

    • You can check the policy tab from the published iOS WorxMail app. What are the network settings, is “Tunneled to the internal network” selected? And is the Inital VPN mode correct configured?

      • Hi Robin,

        no the configuration was ok. Problem was that WorxMail is incompatible with Exchange 2003.

        gr, F

  • Hi…

    Just wanted to ask if you are able to push out in-application settings with the App Controller?

    For example if an application had an email address and a port number – could this be automatically populated for each user?

    Great post!

    Thanks

    • That depends on the application, the application must be Worx ready and must be wrapped.

  • Hi Robin,

    Your article on App Controllers and MDM was extremely useful.

    Yesterday I did HA on the App Controllers here and I finally worked it out. I thought I would send the steps through to you in the event someone visited your website and it could help them. Here are the steps.

    For anyone else struggling with this, this is the simple way I did it. (This is my own experience and you need to test yourself)

    Install the 1st controller and the 2nd controller, configure the IP address, subnet mask and gateway for both. Then configure the Role preference for each controller, along with the VIP address and the peer address. (This is the other controllers IP) Create a DNS entry for the VIP address

    Then sign into the controller via the VIP address. So https://appcontroller.companyname.com:4443 and configure the hostname for the controller as the DNS VIP address and enter all the other settings as required. (You can skip the certificates for now) You will then logged out of the website. Log back in and import the certificate for the VIP address. (Don’t forget to import root cert and chain it if required) You will now be able to log out and back in and should have no certificate errors.

    You can now either turn off the 1st controller and sign back into the website and you should be able to see that you are signed in via the 2nd controller as the overview will show the 2nd controllers IP, or you can just force failover to the second controller in the app controller console.

    Thanks

    Clinton.

  • Hi Robin,

    Thank you for the great article. I have a related question.

    Scenario: upgrade 2.8 went wrong & you implement 2.9 (fresh install) to eventually replace the old App Controllers.

    Question: Do you need to add all your Weblinks & other Applications manually or is there a way to bulk import all the apps?

    Thank you in advance.

    Best regards,
    Reza

    • Never test that scenario, but with the same versions you can create/export a snapshot for that.

  • I Robin

    First of all thanks for your help.

    I´m trying to have my App Controller apps to appear on Storefront, but so far I´be been failing at this.

    Storefront works ok, users are able to logon,and launch XenApp and XenDesktop apps without any issues.

    App controller is running, I can create apps, assign them to groups, and everything looks to be ok. I´ve configured the Deployment, and Windows Apps tabs as everyone seems to say its required (tried different choices), but they are not appearing.

    I´ve also tried adding AC server to Storefront Store as Delivery Controller wtthout success.

    So far, this environment doens´t have netscaler available (we´re waiting for the purchase of the public cert)

    Also, if I try to logon to AC Web Store, I can´t, every user gets rejected no matter what they input there.

  • Hi Robin

    It is a very great article to learn and understand the Citrix XenMobile and its components configuration.

    I would like to know that how i can register devices on MAM directly (any enrollment doc available) . I am not using MDM.

    Regards
    Sumeet

About Robin Hobo

I work as a Senior Solution Architect with focus on the Modern Workspace. I am specialized in Azure Virtual Desktop (AVD), Windows 365 and Microsoft EM+S (including Microsoft Endpoint Manager - Microsoft Intune).

For my full bio, check the About Me page.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close