Working on project with customers that already have NetScaler configured for XenMobile 9 (parallel Build of XMS 10).

I was not able to use the Wizard ,unfortunately the NetScaler only allows the XenMobile Wizard to be used once. This was created thinking of the customers that need to run the wizard more than once for multiple XenMobile environments.

This following assumes that you have the following items already installed and configured on the Netscaler.

You will need to replace the values with your own.

SSL Offload

enable ns feature WL SP LB SSL IC SSLVPN AAA RESPONDER
add policy patset ST_WB_CKIES192_168_59_100
bind policy patset ns_cvpn_default_inet_domains enroll.arnaud.biz:8443 -index 2
bind policy patset ST_WB_CKIES192_168_59_100 CsrfToken -index 1
bind policy patset ST_WB_CKIES192_168_59_100 ASP.NET_SessionId -index 2
bind policy patset ST_WB_CKIES192_168_59_100 CtxsPluginAssistantState -index 3
bind policy patset ST_WB_CKIES192_168_59_100 CtxsAuthId -index 4
add ns httpProfile _XM_SSL_OFFLOAD_HTTP_PROFILE -conMultiplex DISABLED
add server 192.168.59.110 192.168.59.110
add service 192.168.59.110_80 192.168.59.110 HTTP 80 -gslb NONE -maxClient 0 -maxReq 0 –
cip DISABLED -usip NO -useproxyport YES -sp ON -cltTimeout 180 -svrTimeout 360 –
CustomServerID 3232235886 -CKA NO -TCPB NO -CMP NO
add authentication ldapAction 192.168.59.102_LDAP -serverIP 192.168.59.102 -ldapBase
“dc=arnaud,dc=lab” -ldapBindDn svc_ldap@arnaud.lab -ldapBindDnPassword
Password -ldapLoginName sAMAccountName
add authentication ldapPolicy 192.168.59.102_LDAP_pol NS_TRUE 192.168.59.102_LDAP
add lb vserver _XM_MAM_LB_192.168.59.144_8443 SSL 192.168.59.144 8443 -persistenceType
CUSTOMSERVERID -rule “HTTP.REQ.COOKIE.VALUE(\”ACNODEID\”)” -cltTimeout 180
add lb vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_443 SSL 192.168.59.143 443 –
persistenceType SSLSESSION -timeout 1440 -cltTimeout 180 -httpProfileName
_XM_SSL_OFFLOAD_HTTP_PROFILE
add lb vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_8443 SSL 192.168.59.143 8443 –
persistenceType SSLSESSION -cltTimeout 180 -httpProfileName
_XM_SSL_OFFLOAD_HTTP_PROFILE
add vpn vserver _XM_XenMobileGateway10 SSL 192_168_59_100 443 -Listenpolicy NONE
add vpn clientlessAccessProfile ST_WB_RW_192.168.59.142
add vpn clientlessAccessProfile NO_RW_192.168.59.142
set vpn clientlessAccessProfile ST_WB_RW_192.168.59.142 -URLRewritePolicyLabel
ns_cvpn_default_inet_url_label -ClientConsumedCookies ST_WB_CKIES192_168_59_100
add vpn clientlessAccessPolicy CLT_LESS_RF_192.168.59.142 TRUE ST_WB_RW_192.168.59.142
add vpn clientlessAccessPolicy CLT_LESS_192.168.59.142 “HTTP.REQ.HEADER(\”User-
Agent\”).CONTAINS(\”CitrixReceiver\”) && HTTP.REQ.HEADER(\”X-Citrix-Gateway\”).EXISTS”
NO_RW_192.168.59.142
bind lb vserver _XM_MAM_LB_192.168.59.144_8443 192.168.59.110_80
bind lb vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_443 192.168.59.110_80
bind lb vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_8443 192.168.59.110_80
add dns addRec enroll.arnaud.biz 192.168.59.144
set ssl vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_443 -sessReuse ENABLED –
sessTimeout 15 -clientAuth ENABLED -clientCert Optional -sslRedirect ENABLED
add ssl action _XM_MDM_XenMobileMDM10_ACTION -clientCert ENABLED -certHeader
NSClientCert
add ssl policy _XM_MDM_XenMobileMDM01_POLICY -rule CLIENT.SSL.CLIENT_CERT.EXISTS –
action _XM_MDM_XenMobileMDM01_ACTION
add vpn sessionAction AC_OS_192.168.59.142_A_ -splitDns BOTH -sessTimeout 1440 –
splitTunnel OFF -transparentInterception ON -defaultAuthorizationAction ALLOW -SSO ON
-ssoCredential PRIMARY -icaProxy OFF -ClientChoices OFF -forcedTimeout 1440 –
clientlessVpnMode ON -clientlessModeUrlEncoding TRANSPARENT -SecureBrowse ENABLED –
storefronturl “https://enroll.arnaud.biz:8443″
add vpn sessionAction AC_WB_192.168.59.142_A_ -defaultAuthorizationAction ALLOW -SSO ON
-ssoCredential PRIMARY -homePage “https://enroll.arnaud.biz:8443/Citrix/StoreWeb” –
icaProxy OFF -wihome “https://enroll.arnaud.biz:8443/Citrix/StoreWeb” -ClientChoices
OFF -clientlessVpnMode ON -SecureBrowse ENABLED
add vpn sessionAction AC_AG_PLG_192.168.59.142_A_ -splitDns BOTH -splitTunnel OFF –
transparentInterception ON -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential
PRIMARY -homePage “https://enroll.arnaud.biz:8443/Citrix/StoreWeb” -icaProxy OFF –
ClientChoices OFF -clientlessVpnMode OFF -clientlessModeUrlEncoding TRANSPARENT –
SecureBrowse ENABLED -storefronturl “https://enroll.arnaud.biz:8443″
add vpn sessionPolicy PL_OS_192.168.59.142 “REQ.HTTP.HEADER User-Agent CONTAINS
CitrixReceiver && REQ.HTTP.HEADER X-Citrix-Gateway EXISTS” AC_OS_192.168.59.142_A_
add vpn sessionPolicy PL_WB_192.168.59.142 “REQ.HTTP.HEADER User-Agent NOTCONTAINS
CitrixReceiver && REQ.HTTP.HEADER Referer EXISTS” AC_WB_192.168.59.142_A_
add vpn sessionPolicy PL_AG_PLG_192.168.59.142 “REQ.HTTP.HEADER User-Agent NOTCONTAINS
CitrixReceiver && REQ.HTTP.HEADER Referer NOTEXISTS” AC_AG_PLG_192.168.59.142_A_
bind vpn vserver _XM_XenMobileGateway01 -staServer “https://enroll.arnaud.biz:8443″
bind vpn vserver _XM_XenMobileGateway01 -appController “https://enroll.arnaud.biz:8443″
bind vpn vserver _XM_XenMobileGateway01 -policy 192.168.59.102_LDAP_pol
bind vpn vserver _XM_XenMobileGateway01 -policy PL_OS_192.168.59.142 -priority 100
bind vpn vserver _XM_XenMobileGateway01 -policy PL_WB_192.168.59.142 -priority 100
bind vpn vserver _XM_XenMobileGateway01 -policy PL_AG_PLG_192.168.59.142 -priority 100
bind vpn vserver _XM_XenMobileGateway01 -policy CLT_LESS_192.168.59.142 -priority 80 –
gotoPriorityExpression END -type REQUEST
bind vpn vserver _XM_XenMobileGateway01 -policy CLT_LESS_RF_192.168.59.142 -priority
100 -gotoPriorityExpression END -type REQUEST
bind vpn vserver _XM_XenMobileGateway01 -policy _cacheTCVPNStaticObjects -priority 10
-gotoPriorityExpression END -type REQUEST
bind vpn vserver _XM_XenMobileGateway01 -policy _cacheOCVPNStaticObjects -priority 20
-gotoPriorityExpression END -type REQUEST
bind vpn vserver _XM_XenMobileGateway01 -policy _cacheVPNStaticObjects -priority 30 –
gotoPriorityExpression END -type REQUEST
bind vpn vserver _XM_XenMobileGateway01 -policy _noCacheRest -priority 40 –
gotoPriorityExpression END -type REQUEST
bind ssl vserver _XM_XenMobileGateway01 -certkeyName Wildcard
bind ssl vserver _XM_MAM_LB_192.168.59.144_8443 -certkeyName Wildcard
bind ssl vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_443 -certkeyName Wildcard
bind ssl vserver _XM_LB_MDM
ocspCheck Optionalz_XenMobileMDM01_192.168.59.143_443 -certkeyName Root -CA –

bind ssl vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_8443 -certkeyName Wildcard
bind ssl vserver _XM_XenMobileGateway01 -eccCurveName P_256
bind ssl vserver _XM_XenMobileGateway01 -eccCurveName P_384
bind ssl vserver _XM_XenMobileGateway01 -eccCurveName P_224
bind ssl vserver _XM_XenMobileGateway01 -eccCurveName P_521
bind ssl vserver _XM_MAM_LB_192.168.59.144_8443 -eccCurveName P_256
bind ssl vserver _XM_MAM_LB_192.168.59.144_8443 -eccCurveName P_384
bind ssl vserver _XM_MAM_LB_192.168.59.144_8443 -eccCurveName P_224
bind ssl vserver _XM_MAM_LB_192.168.59.144_8443 -eccCurveName P_521
bind ssl vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_443 -eccCurveName P_256
bind ssl vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_443 -eccCurveName P_384
bind ssl vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_443 -eccCurveName P_224
bind ssl vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_443 -eccCurveName P_521
bind ssl vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_8443 -eccCurveName P_256
bind ssl vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_8443 -eccCurveName P_384
bind ssl vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_8443 -eccCurveName P_224
bind ssl vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_8443 -eccCurveName P_521
bind ssl vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_443 -policyName
_XM_MDM_XenMobileMDM01_POLICY -priority 100
set ssl service vpndbssvc_-245333078 -sessReuse ENABLED -sessTimeout 120 -tls11
DISABLED -tls12 DISABLED

 

SSL Bridge

enable ns feature WL SP LB SSL IC SSLVPN AAA RESPONDER
set system parameter -doppler DISABLED
add policy patset ST_WB_CKIES192_168_59_142
bind policy patset ns_cvpn_default_inet_domains enroll.arnaud.biz:8443 -index 2
bind policy patset ST_WB_CKIES192_168_59_142 CsrfToken -index 1
bind policy patset ST_WB_CKIES192_168_59_142 ASP.NET_SessionId -index 2
bind policy patset ST_WB_CKIES192_168_59_142 CtxsPluginAssistantState -index 3
bind policy patset ST_WB_CKIES192_168_59_142 CtxsAuthId -index 4
add server 192.168.59.110 192.168.59.110
add serviceGroup _XM_SVC_GRP_MAM_ SSL -maxClient 0 -maxReq 0 -cacheable YES -cip
DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB NO –
CMP NO
add serviceGroup _XM_SVC_GRP_MDM_443 SSL_BRIDGE -maxClient 0 -maxReq 0 -cacheable YES
-cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB
NO -CMP NO
add serviceGroup _XM_SVC_GRP_MDM_8443 SSL_BRIDGE -maxClient 0 -maxReq 0 -cacheable YES
-cip DISABLED -usip NO -useproxyport YES -cltTimeout 180 -svrTimeout 360 -CKA NO -TCPB
NO -CMP NO
add authentication ldapAction 192.168.59.102_LDAP -serverIP 192.168.59.102 -ldapBase
“dc=scubica,dc=com” -ldapBindDn administrator@arnaud.lab -ldapBindDnPassword
PasswordPlainText -ldapLoginName sAMAccountName
add authentication ldapPolicy 192.168.59.102_LDAP_pol NS_TRUE 192.168.59.102_LDAP
add lb vserver _XM_MAM_LB_192.168.59.144_8443 SSL 192.168.59.144 8443 -persistenceType
CUSTOMSERVERID -rule “HTTP.REQ.COOKIE.VALUE(\”ACNODEID\”)” -cltTimeout 180
add lb vserver _XM_LB_MDM_XenMobileMDM01_192.168.59.143_443 SSL_BRIDGE 192.168.59.143
443 -persistenceType SSLSESSION -timeout 1440 -cltTimeout 180
add lb vserver _XM_LB_MDM_XenMobileMDM10_192.168.59.143_8443 SSL_BRIDGE 192.168.59.143
8443 -persistenceType SSLSESSION -cltTimeout 180
add vpn vserver _XM_XenMobileGateway01 SSL 192.168.59.142 443 -Listenpolicy NONE
add vpn clientlessAccessProfile ST_WB_RW_192.168.59.142
add vpn clientlessAccessProfile NO_RW_192.168.59.142
set vpn clientlessAccessProfile ST_WB_RW_192.168.59.142 -URLRewritePolicyLabel
ns_cvpn_default_inet_url_label -ClientConsumedCookies ST_WB_CKIES192_168_59_142
add vpn clientlessAccessPolicy CLT_LESS_RF_192.168.59.142 TRUE ST_WB_RW_192.168.59.142
add vpn clientlessAccessPolicy CLT_LESS_192.168.59.142 “HTTP.REQ.HEADER(\”User-
Agent\”).CONTAINS(\”CitrixReceiver\”) && HTTP.REQ.HEADER(\”X-Citrix-Gateway\”).EXISTS”
NO_RW_192.168.59.142
bind lb vserver _XM_MAM_LB_192.168.59.144_8443 _XM_SVC_GRP_MAM_
bind lb vserver _XM_LB_MDM_XenMobileMDM10_192.168.59.143_443 _XM_SVC_GRP_MDM_443
bind lb vserver _XM_LB_MDM_XenMobileMDM10_192.168.59.143_8443 _XM_SVC_GRP_MDM_8443
set ns tcpbufParam -memLimit 200
add dns addRec enroll.arnaud.biz 192.168.59.144
bind serviceGroup _XM_SVC_GRP_MAM_ 192.168.59.110 8443 -CustomServerID 0123456789
bind serviceGroup _XM_SVC_GRP_MDM_443 192.168.59.110 443 -CustomServerID 0123456789
bind serviceGroup _XM_SVC_GRP_MDM_8443 192.168.59.110 8443 -CustomServerID 0123456789
set ssl serviceGroup _XM_SVC_GRP_MAM_ -tls11 DISABLED -tls12 DISABLED
add vpn sessionAction AC_OS_192.168.59.142_A_ -splitDns BOTH -sessTimeout 1440 –
splitTunnel OFF -transparentInterception ON -defaultAuthorizationAction ALLOW -SSO ON
-ssoCredential PRIMARY -icaProxy OFF -ClientChoices OFF -forcedTimeout 1440 –
clientlessVpnMode ON -clientlessModeUrlEncoding TRANSPARENT -SecureBrowse ENABLED –
storefronturl “https://enroll.arnaud.biz:8443″
add vpn sessionAction AC_WB_192.168.59.142_A_ -defaultAuthorizationAction ALLOW -SSO ON
-ssoCredential PRIMARY -homePage “https://enroll.arnaud.biz:8443/Citrix/StoreWeb” –
icaProxy OFF -wihome “https://enroll.arnaud.biz:8443/Citrix/StoreWeb” -ClientChoices
OFF -clientlessVpnMode ON -SecureBrowse ENABLED
add vpn sessionAction AC_AG_PLG_192.168.59.142_A_ -splitDns BOTH -splitTunnel OFF –
transparentInterception ON -defaultAuthorizationAction ALLOW -SSO ON -ssoCredential
PRIMARY -homePage “https://enroll.arnaud.biz:8443/Citrix/StoreWeb” -icaProxy OFF –
ClientChoices OFF -clientlessVpnMode OFF -clientlessModeUrlEncoding TRANSPARENT –
SecureBrowse ENABLED -storefronturl “https://enroll.arnaud.biz:8443”
add vpn sessionPolicy PL_OS_192.168.59.142 “REQ.HTTP.HEADER User-Agent CONTAINS
CitrixReceiver && REQ.HTTP.HEADER X-Citrix-Gateway EXISTS” AC_OS_192.168.59.142_A_
add vpn sessionPolicy PL_WB_192.168.59.142 “REQ.HTTP.HEADER User-Agent NOTCONTAINS
CitrixReceiver && REQ.HTTP.HEADER Referer EXISTS” AC_WB_192.168.59.142_A_
add vpn sessionPolicy PL_AG_PLG_192.168.59.142 “REQ.HTTP.HEADER User-Agent NOTCONTAINS
CitrixReceiver && REQ.HTTP.HEADER Referer NOTEXISTS” AC_AG_PLG_192.168.59.142_A_
bind vpn vserver _XM_XenMobileGateway01 -staServer “https://enroll.arnaud.biz:8443″
bind vpn vserver _XM_XenMobileGateway01 -appController “https://enroll.arnaud.biz:8443″
bind vpn vserver _XM_XenMobileGateway01 -policy 192.168.59.102_LDAP_pol
bind vpn vserver _XM_XenMobileGateway01 -policy PL_OS_192.168.59.142 -priority 100
bind vpn vserver _XM_XenMobileGateway01 -policy PL_WB_192.168.59.142 -priority 100
bind vpn vserver _XM_XenMobileGateway01 -policy PL_AG_PLG_192.168.59.142 -priority 100
bind vpn vserver _XM_XenMobileGateway01 -policy CLT_LESS_192.168.59.142 -priority 80 –
gotoPriorityExpression END -type REQUEST
bind vpn vserver _XM_XenMobileGateway01 -policy CLT_LESS_RF_192.168.59.142 -priority
100 -gotoPriorityExpression END -type REQUEST
bind vpn vserver _XM_XenMobileGateway01 -policy _cacheTCVPNStaticObjects -priority 10
-gotoPriorityExpression END -type REQUEST
bind vpn vserver _XM_XenMobileGateway01 -policy _cacheOCVPNStaticObjects -priority 20
-gotoPriorityExpression END -type REQUEST
bind vpn vserver _XM_XenMobileGateway01 -policy _cacheVPNStaticObjects -priority 30 –
gotoPriorityExpression END -type REQUEST
bind vpn vserver _XM_XenMobileGateway01 -policy _noCacheRest -priority 40 –
gotoPriorityExpression END -type REQUEST
bind ssl vserver _XM_XenMobileGateway01 -certkeyName Wildcard
bind ssl vserver _XM_MAM_LB_192.168.59.144_8443 -certkeyName Wildcard
bind ssl vserver _XM_XenMobileGateway01 -eccCurveName P_256
bind ssl vserver _XM_XenMobileGateway01 -eccCurveName P_384
bind ssl vserver _XM_XenMobileGateway01 -eccCurveName P_224
bind ssl vserver _XM_XenMobileGateway01 -eccCurveName P_521
bind ssl vserver _XM_MAM_LB_192.168.59.144_8443 -eccCurveName P_256
bind ssl vserver _XM_MAM_LB_192.168.59.144_8443 -eccCurveName P_384
bind ssl vserver _XM_MAM_LB_192.168.59.144_8443 -eccCurveName P_224
bind ssl vserver _XM_MAM_LB_192.168.59.144_8443 -eccCurveName P_521
set ssl service vpndbssvc_-245333078 -sessReuse ENABLED -sessTimeout 120 -tls11
DISABLED -tls12 DISABLED

 

Note: Those information are provided based on my own experience.