Application Manager prevents Citrix Web Interface from working

Version 1

    Verified Product Versions

    AppSense Application Manager 8.9AppSense Application Manager 8.8AppSense Application Manager 8.7AppSense Application Manager 8.6AppSense Application Manager 8.5AppSense Application Manager 8.4AppSense Application Manager 8.3AppSense Application Manager 8.2AppSense Application Manager 8.1AppSense Application Manager 8.0

    Introduction

    Connecting to the Citrix Web Interface from a server that has Application Manager installed causes an error on the web page.
     
    You may also see the following event generated in the Event Viewer or Appsense Management Console:
     "AppSense Application Manager denied execution of 'c:\windows\microsoft.net\framework\v2.0.50727\temporary asp.net files\citrix_xenapp\c64e146c\65593d0a\assembly\dl3\715c8be2\cf3fc0a4_c25ecd01\accesstokens.dll' on 'servername'".
     
    The account that is denied is "IIS APPPOOL\CitrixWebInterface5.4.0AppPool"

    Detail

    The cause is due to the fact that when trying to access the Web Interface the Citrix app pool is denied access to the .NET components created by the Web Interface installer.
     
    During the installation of the Web Interface site, the trusted owner is configured as the Web Interface's IIS Pool account.
     
    This leads to Application Manager denying access due to an unknown Trusted Owner.
    The issue can be resolved by performing the following Application Manager configuration change.
     
    1) Open your Application Manager configuration.
    2) Add a new User condition.
    3) Use the "IIS APPPOOL\CitrixWebInterface5.4.0AppPool"as the user account.
    4) Change the user account restriction policy to "Unrestricted".
    5) Save and deploy the new configuration.
     
    This can be further locked down to restrict the App Pool account and only allow it to access/execute files from the required location in order to carry out its duty. For example, "'c:\windows\microsoft.net\framework\v2.0.50727\temporary asp.net files\citrix_xenapp\". The actual folder path(s) can be found during the auditing phase of implementing Application Manager or from Citrix documentation.
     
    Note: The account "IIS APPPOOL\CitrixWebInterface5.4.0AppPool" may vary depending on the version of the Citrix Web Interface that you are running.