Instructions for Application Access via SecureCitrix This document provides Crozer-Keystone Health System associates instructions for accessing internal applications via the CKHS Citrix Secure Gateway. Connection Prerequisites: 1. Operating System: Windows Vista or 7, ensure all security patches are installed. 2. Browser: Microsoft Internet Explorer 7 (or above), ensure that browser support for 128-bit encryption is installed, and ensure all security patches are installed. Upgrades and patches are available at www.microsoft.com. 3. Ensure that you have administrative rights on your PC in order to install the Citrix Web Client. If you have any questions or problems connecting to the CKHS Citrix Secure Gateway, please contact the CKHS Customer Service Center at 610-447-2610.
The first time you logon to the Secure Gateway you must follow steps 1 thru 5. All subsequent logons may begin with page 9. For troubleshooting instructions, please go to page 11 The following procedures are for the first time you remotely access CKHS SecureCitrix: 1. Open the following URL: https://securecitrix.crozer.org. Notice the s in the https prefix. You may encounter the window below: Check the In the future box and click OK. 2
2. In order to connect to your applications, you will need to install the Citrix Web Client. If you have already completed this step, please skip to page 6. a. Begin by clicking on the Information icon, circled in RED below. You will be taken to our remote connectivity resource center. Depending on your browser version, a new window will open or a new tab will open. i. b. After clicking on the information icon, the web page on the following page will appear. Click on the Secure Citrix folder, highlighted in RED and then click on the Citrix Windows Web Client link, highlighted in BLUE. 3
i. c. You will now see the below window. Choose Save and choose a location to save the file to. Saving to the desktop seems to be the easiest place to put the file. Once the installation is complete, this file may be deleted from the desktop. Depending on your internet connection speed, the download may take a couple of minutes. i. 4
ii. iii. iv. 5
d. Close all internet explorer windows and double-click on the CitrixWebClient.msi application which should be on your desktop now e. Select Run on this i. f. The installation is in progress: i. g. On this next window click Close to complete the installation. You may now delete the CitrixWebClient.msi file from your desktop. Now return to https://securecitrix.crozer.org to gain access to your applications. i. 3. Windows Vista/7 needs to be configured to properly connect to the CKHS server a. Click on Start while logged on as an Administrator b. Click on All Programs c. d. Click on Accessories 6
e. f. RIGHT click on Command Prompt g. Choose Run As Administrator h. i. In the Command Prompt window, Enter the command: netsh interface tcp set global autotuninglevel=highlyrestricted a. If you receive the Ok. After the command, Reboot the PC. 7
4. You will be directed to the Metaframe Presentation Server Log In page. Enter your credentials supplied into the appropriate fields: a. Each token has been assigned a specific username. Enter the associated username into the Username field. (See the red RSA Care and Use... card accompanying your token key fob.) b. Enter your Network (NT or AD Account) password into the password field c. Choose the appropriate domain from the menu. Choose CKHS_NT or CKHSAD depending on your logon domain. If you are not sure, contact the Customer Service Center d. Next, enter the appropriate RSA Passcode: i. The first time the token is used, enter only the token code that is displayed on the token and click Log In. It will then prompt you to create a PIN. 8
ii. Enter a personally created PIN consisting of five to eight alphanumeric characters and click OK. iii. Upon successful PIN creation, you will be directed back to the log in page and informed that Your PIN has been set successfully. 9
iv. NOTE: You must wait until the code in the token window has changed before proceeding. Re-enter your assigned username in the Username field, in the Password field re-enter your Network Password, and in the Passcode field enter your new personal PIN followed by the tokencode that is displayed on the token. For example, if your PIN is 12345, and the tokencode is 98765, your password should be 1234598765. v. Click Log In. vi. You may be prompted to change your password. If so, you will see the following screen: vii. Enter your current/old password in the Old Password field. Enter a newly created password (at least 6 alpha-numeric characters) in the New Password and the Confirm New Password fields. Click OK. 10
POST-CONFIGURATION CONNECTION INSTRUCTIONS: 1. Open the following URL: https://securecitrix.crozer.org. Notice the s in the https prefix. 2. On the Secure Gateway web page: Enter your assigned username in the Username field, enter your Network Password in the Password field, choose the appropriate logon Domain, and in the Passcode field enter your personal PIN followed by the tokencode that is displayed on the token. For example, if your PIN is 12345, and the tokencode is 98765, your password should be 1234598765. 11
3. Upon successful login, you will be presented with the Applications page. The applications page displays the applications you have available for use. To access an application click on its associated icon. a. The application will go through the logon process and load. 12
COMMON ERROR MESSAGES 1. SSL Error 40: The Citrix SSL Relay name could not be resolved a. b. Firewalls such as Norton, McAfee, Zone Alarm, etc do not always allow full incoming and outgoing access for the Citrix ICA client. Most software firewalls have a sub-menu in them called Program Control which is the easiest way to configure the firewall. If Citrix ICA client shows up in the list already, modify its access rights and if Citrix ICA client is not defined yet, add it. c. Example: 2. SSL Error 70: The server sent an expired security certificate. a. Check the time and date on the PC. It must be accurate b. Example inaccurate date and time: 3. Error: The Network Connection To Your Application Was Interrupted a. 13
b. Delete the following registry Microsoft Terminal Server licensing key and reboot. After rebooting, immediately log back into the SecureCitrix website and attempt to launch an application c. HKEY_Local_Machine\Software\Microsoft\MSLicensing: d. Note that you must be a local administrator on the PC to successfully complete these operations. The firewall may also need to be disabled following the reboot to ensure that the registry key is properly recreated. 14