On more and more Citrix XenMobile projects I see Windows Phone 8.1 devices. The enrollment of a Windows Phone 8.1 device is a little bit different than those of iOS and Android, and so is the application wrapping process. You have to enroll a Windows Phone device via the Workplace (under settings). By default, there is no WorxHome application available. You have to download it from the Citrix.com website, sign it with your Symantec certificate and publish it as Enterprise Hub policy within the XenMobile console. Once the WorxHome Enterprise Hub is installed on the Windows Phone device, users can start with installing the published Citrix Worx applications. At this moment only WorxMail and WorxWeb are available for Windows Phone 8.1 but I hope that more Worx applications will be available as Windows 10 for Phone is official released.
The wrapping process is also different than for of iOS and Android. There is a MDX Toolkit, but it’s command-line based. No worries, in this blog I will show you all the necessary steps and requirements to wrap and publish Windows Phone 8.1 applications.
Requirements:
- Microsoft Company Developer Account (see: Registration Info)
- Enterprise Certificate from Symantec (see: Enterprise Mobile Code Signing Certificate)
Software Requirements:
- Microsoft .NET Framework 4.5.1 (see: Microsoft .NET Framework 4.5.1 – Offline Installer)
- Microsoft Silverlight 5 runtime and SDK (see: Get Silverlight 5)
- Visual Studio Express 2013 for Windows (see: Visual Studio Download page)
- MDX Toolkit for Windows Phone 8.1 (see: MDX Toolkit)
Get the following information:
- Windows Phone publisher ID (see: Account settings)
Step 1 : Install the software requirements
Install the software requirements as listed above (.NET, Silverlight and Visual Studio Express). All these installations are straightforward (next, next, finish), so I don’t add screenshots from these installations in this blog. All download links are provided in the list.
Step 2 : Install the Symantec certificates
See: How to install the Windows® Phone Private Enterprise Root and Intermediate certificates for the step-by-step instructions. After importing these two certificates you need to import your own Enterprise Mobile Code Signing Certificate. To get this certificate see: Enterprise Mobile Code Signing Certificate.
Step 3 : Create an Application Enrollment Token (AET)
First export your Symantec Code Signing Certificate (see: How to Export a Certificate with the Private Key). To make things easy, I create a folder in the root of my C drive called “AET” and copied my exported Code Signing Certificate in .PFX format in this folder.
Next, localize the AetGenerator.exe path. On my Windows 10 machine it was installed in this folder:
C:\Program Files (x86)\Microsoft SDKs\Windows Phone\v8.1\Tools\AETGenerator
Open a Command Prompt (as Administrator) and navigate to C:\AET
Run the following command (Replace data between ” < > ” with the correct information) ;
<PATH TO AETGenerator.exe> <PFX File> <Password>
In my case it is:
“C:\Program Files (x86)\Microsoft SDKs\Windows Phone\v8.1\Tools\AETGenerator\AETGenerator.exe” Symantec.pfx MyPassword
After running this commando an AET.xml, AET.aet and AET.aetx file are generated.
Step 4 : Extract the MDX Toolkit and Wrap WorxHome for Windows Phone
To wrap WorxHome of Windows Phone 8.1, download the following items;
Download the MDX Toolkit for Windows Phone 8.1 from the Citrix.com website
Download the Worx Home for Windows Phone 8.1 App
Extract the MDX Toolkit zip file. To make things easy, I extract the files to C:\MDXToolkit. I have saved the WorxHome .xap file into the C:\WorxHome folder.
Note: Create also a folder for the destination (signed WorxHome), this cannot be the same folder as the source because all the files in the destination folder will first be deleted. Therefor I also created a C:\WorxHome-signed folder.
Open a Command Prompt (as Administrator) and navigate to C:\MDXToolKit (the folder were the MKX Toolkit is extracted) and run the following command (Replace data between ” < > ” with the correct information) ;
CGAppPrepTool.exe -in:”<Path to WorxHome.xap file>” -out:”<output location>” -C:”<path to Symantec cert>” -password:<certificate password> -verbose -resign -PhonePublisherId:<PhonePublisherID> -mdmServerURL:”<MDM URL>”
In my case;
CGAppPrepTool.exe -in:”C:\WorxHome\WorxHome_10.0.3.69.xap” -out:”C:\WorxHome-Signed\WorxHome_Signed_10.0.3.69.xap” -C:”C:\AET\Symantec.pfx” -password:MyPassword -verbose -resign -PhonePublisherId:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -mdmServerURL:”https://mdm.robinhobo.com/zdm”
Step 5 : Wrap WorxMail and WorxWeb for Windows Phone
Download the WorxMail and WorxWeb for Windows Phone 8.1 applications from the Citrix.com website. I will save the WorxMail application to the C:\WorxMail folder and WorxWeb application to C:\WorxWeb folder.
Note: Create also a folder for the destination, this cannot be the same folder as the source because all the files in the destination folder will first be deleted. In this case I have created a C:\WorxMail-Signed and a C:\WorxWeb-Signed folder.
Open a Command Prompt (as Administrator) and navigate to C:\MDXToolKit (the folder were the MKX Toolkit is extracted) and run the following command (Replace data between ” < > ” with the correct information) ;
CGAppPrepTool.exe -in:”<path to WorxMail.xap>” -out:”<path to output file>” -T:”<path to WorxMail icons and manifest>” -C:”<path to Symantec Certificate>” -password:<cert password> -verbose -resign -phonePublisherId:<Publisher ID>
In my case;
CGAppPrepTool.exe -in:”C:\WorxMail\WorxMail_10.0.7.31.xap” -out:”C:\WorxMail-Signed\WorxMail_10.0.7.31.mdx” -T:”C:\MDXToolkit\Templates\WorxMail” -C:”C:\AET\Symantec.pfx” -password:MyPassword -verbose -resign -phonePublisherId:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Repeat this step for WorxWeb.
Step 6 : Publish WorxHome, WorxMail and WorxWeb in Citrix XenMobile 10.x
The final step is publishing WorxHome, WorxWeb and WorxMail in Citrix XenMobile 10.x. First we need to create an Enterprise Hub policy to publish WorxHome for Windows Phone 8.1.
Login to the Citrix XenMobile 10.x console. Go to the Configure tab and open the Device Policy page. Click Add to create a new policy
Click on Enterprise Hub
Fill in the Policy Name and optionally the Description. Klik Next
First browse to your AET.aetx file created in step 3, then browse to the signed WorxHome application. Click Next
Select the correct Delivery Group you want the Enterprise Hub assign to and click Save
Browse to Configure > Apps to Add the WorxMail and WorxWeb application. When adding the new application, select Windows Phone on the left side under Platform and upload the .mdx file
Configure the policies you want to configure and click Next 3 times (assign the correct Delivery Group if not already configured) and then click finish.
Now you are able to install WorxHome, WorxMail and WorxWeb with an enrolled Windows Phone 8.1 device as shown below.
Made a little mistake when wrapping the WorxHome, and thanks to your blog, I found that mistake. Thanks!
Good to hear, thanks!
Our Symantec certificate expired over the weekend and I have re-wrapped the Worx Home and WorxWeb aps with the new cert, however when I launch Worx Home the Windows Phone says there is a problem with the app (which I guess is the expired cert) and asks to uninstall. I do that then it doesn’t reinstall the new version and I have to re-enroll the phone. any ideas on the correct procedure to renew these apps once the Symantec Cert expires?
thanks for your help
Hi Ben, you need to re-deploy the Enterprise Hub policy to the devices.
terima kasih
Great guide!
Thanks
First, I thank you very much for this post. I contact you because I meet a problem to enroll a windows phone 10 with XenMobile 10. it’s ok for worxhome, I have then install worxmail successfully but the account configuration failed with the message: Access to your company network is not currently available.
Do you have an idea about this error? Do citrix xenmobile and Windows Phone 10 works only with microsoft azure AD?
Many thanks for your help.
Hi Stephane, looks like you don’t have acces from your Netscaler to your Exchange server, or no internet connection if you use Office 365.
Hi,
Thanks for this post!
You forgot to mention to install the Windows Phone SDK tools in Software Requirements which contains the aetgenerator.exe
Hi Bastiaan, they are included in the Visual Studio Express 2013 for Windows (with Update 5) installation package. If you install that, you don’t need to install any additional features.
Hi Robin,
Thanks for this post, really help me and save lot of time.
But then, how do you deploy the receiver ? (mean on corporate devices, without ms account).
Thanks
david
Hi David, at this moment, not. Citrix Receiver as comes from the public app store. And you always need a Microsoft Account to download the app. On iOS you can deploy it machine based with VPP and no Apple ID is needed. Hope Microsoft will come with a solution as well..
Hi Robin,
at first, thanks a lot for helping me with this article. Unfortunately i’ve got a little question. Wrapping of WorxMail, WorxHome and WorxWeb are successfully done. Enterprise Hub and WorxMail are working as expected. Unfortunately worxweb not opening internal sites (for example: internal.mycompany.lan). Do I miss anything? For Android and iOS i’ve got the network access policy, but for windows phone it is missing. Any ideas about that?
Thank you very much!
Tom
Hi Tom, Yes I had that same problem 2 years ago. I do not remember exactly what it was, but could think it had to do with the expression of the session policies in the NetScaler configuration. I let you know when I remember the solution. Regards, Robin
Hi Robin,
Thanks for your update. Do you have any news for me?
Best regards
Tom
Hallo Tom, no unfortunately I cannot find it in mail archive anymore. But can you do a test with the session policies by adding the following the the current one:
&& REQ.HTTP.HEADER User-Agent CONTAINS WindowsPhone