There is no citrix ssl server configured on the specified address. : server, ssl, configured, specified, address

May 17, 2008 08:09am pdt

1. BLipman 130,105
2. croberds 112,950
3. CarlWebster 36,810
4. tsmvp 24,872
5. oBdA 21,730
6. ScooterA... 17,175
6. mpfister 17,175
8. mgcIT 13,035
9. GregMoseley 9,518
10. nprignano 8,229
11. dpetr000 7,675
12. dphantom 7,560
13. chrisnew... 6,870
14. ET0000 6,400
15. JaredJ1 5,900

1. mgcIT 572,257
2. BLipman 345,957
3. chrisnew... 172,458
4. ITDharam 130,426
5. ET0000 115,897
6. CarlWebster 113,103
7. croberds 112,950
8. oBdA 95,983
9. gsgi 75,983
10. thegordo 73,434
11. ScooterA... 57,511
12. mpfister 56,074
13. tsmvp 55,597
14. AdamBNYC 53,999
15. nprignano 50,729

11.22.2006 at 05:48AM PST, ID: 22069461

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.6

There is no citrix ssl server configured on the specified address.

Zone: Citrix

Tags: server, ssl, configured, specified, address

Hi
Im getting the error after I have logged in on the web interface, using username,password, and safeword.
I get to see my published applications. When i launch one of the applications from the internet, I get the error: "cannot connect to the citrix metaframe server. there is no citrix ssl server configured on the specified address".
Im thinking it could be a nat or firewall rule problem to the Secure gateway.

If I make a vpn connection to the firewall, and make a entry in my hosts file like this:
172.16.0.5 csg.mydomain.com
it will work.
I can see in the secure gateway performance statistics, that I only get packets back and forth from it, using this method.

I have the following ports forwarded:
externalip1:443 -> CSG -> 80,443,1494,2598 -> LAN
externalip2:443 -> WI:444

Here is some more detail:

Internet -> Firewall -> Internal Router -> Web interface (172.16.0.3:444) cert = citrix.mydomain.com
| Citrix Secure Gateway (172.16.0.5:443) cert = csg.mydomain.com
|
|-> Citrix Servers 192.168.110.4, 192.168.110.5

[Snippet from launch.ica]

[Encoding]
InputEncoding=ISO8859_1

[WFClient]
ClientName=WI_J185ZbOMP2aAUN8cK
ProxyFavorIEConnectionSetting=Yes
ProxyTimeout=30000
ProxyType=Auto
ProxyUseFQDN=Off
RemoveICAFile=yes
TransparentKeyPassthrough=Local
TransportReconnectEnabled=Off
Version=2
VirtualCOMPortEmulation=Off

[ApplicationServers]
Lommeregner=

[Lommeregner]
Address=;40;STAE7A35C69069E;588B7D50D019E925FDFB898D24FC201A
AudioBandwidthLimit=2
AutologonAllowed=ON
BrowserProtocol=HTTPonTCP
CGPSecurityTicket=On
ClearPassword=6986A7AE46B116
ClientAudio=On
DesiredColor=4
DesiredHRES=1024
DesiredVRES=768
Domain=\B04E617A64E9280A
HTTPBrowserAddress=!
InitialProgram=#Lommeregner
Launcher=WI
LongCommandLine=
ProxyTimeout=30000
ProxyType=Auto
SSLCiphers=all
SSLEnable=On
SSLProxyHost=csg.mydomain.com:443
SecureChannelProtocol=Detect
SessionsharingKey=4-basic-basic-NYTORV-mdaservice-Farm1
TWIMode=On
TransportDriver=TCP/IP
Username=mdaservice
WinStationDriver=ICA 3.0

[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll

[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll

[EncRC5-128]
DriverNameWin16=pdc128w.dll
DriverNameWin32=pdc128n.dll

[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll

[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll

Start your free trial to view this solution

Question Stats

Zone: Networking

Question Asked By: tosse22

Solution Provided By: chrisnewman01

Participating Experts: 1

Solution Grade: C

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
New Net Users
New Users

Software
Digital Music
Gaming World

Home Security
Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Handhelds / PDAs
Displays / Monitors
Components
Networking Hardware

Peripherals
Laptops/Notebooks
Storage
Servers

Desktops
New Users
Misc
Apple

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMWare
Misc
Web Development

OS
CYGWIN
Voice Recognition
Message Queue
Quality Assurance
Security
Firewalls
MultiMedia Applications

Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals

Devices
Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
WebApplications
IDS
Vulnerabilities
Email Clients

File Sharing
Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMWare

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel

Algorithms
Game
Signal Processing
Project Management
Open Source

Database
Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Images

Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration
WebApplications

Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Broadband

Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Community Advisor
Lounge
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles

Community Support

Suggestions
New to EE
New Topics
Community Advisor

CleanUp
Announcements
General

Feedback
Input
EE Bugs

11.22.2006 at 06:10AM PST, ID: 17995504

Rank: Guru

chrisnewman01:

Hello. If you're forcing users to go to https://<CSG server>, then you can close port 444 to the WI server. In the CSG configuration wizard's "Access Options" page, you should have Indirect selected (uncheck the checkbox if WI is on another server (I couldn't tell if you just used 2 IPs for one server or not)), enter the FQDN of the WI server (or localhost if it's on the same server), and check the "Secure traffic between the WI and SG" checkbox and enter port 444.

Test by going to https://<YourExternalName>. At this point, everything is going through CSG.

Hope this helps,
Chris

11.22.2006 at 06:35AM PST, ID: 17995689

tosse22:

Hi, I have other reasons for going to the WI first.
The reason is that the customer is actually 2 companys.
These sites have ssl certificates.
I have citrix.mycompany.com and citrix.mycompany2.com.

I have no problem logging in and authenticating. The problem appears when I press the application icon.
Users go to http://citrix.mycompany.com which forwards to https://citrix.mycompany.com on the iis

I use 3 IP's for one server.
Internet -> Firewall -> Internal Router -> Web interface (172.16.0.3:444) cert = citrix.mydomain.com
| Web interface (172.16.0.4:444) cert = citrix.mydomain2.com
| Citrix Secure Gateway (172.16.0.5:443) cert = csg.mydomain.com
|
|-> Citrix Servers 192.168.110.4, 192.168.110.5

11.22.2006 at 07:04AM PST, ID: 17995985

Rank: Guru

chrisnewman01:

Ok, so you have port 80 opened as well from the outside (if they're getting to the page that redirects them to either WI1 or WI2, port 444). Within each site in IIS, do you have the IP address assigned to the respective site (the one in the dropdown)? I would assume yes, but wanted to verify. In the CSG configuration, are you using the one IP, or is "monitor all ip addresses" checked?

11.22.2006 at 07:16AM PST, ID: 17996108

Rank: Guru

chrisnewman01:

Also, in the Web Interface console (for each WI site), are you using Secure Gateway Direct for the default method of access? (Manage Secure Client Access > Edit DMZ Settings.)

11.22.2006 at 08:06AM PST, ID: 17996571

tosse22:

Woops yes port 80 is forwarded to the respective sites.

Everything is happening on one server in the dmz.

IP address assigned to the respective site. None of the sites has all unassigned. Default web site is stopped.

CSG is one ip listening.

On webinterface configuration it is set to Secure Gateway Direct

11.22.2006 at 08:20AM PST, ID: 17996726

Rank: Guru

chrisnewman01:

It sounds like one option is off. In the CSG configuration wizard's "Access Options" page, how do you have it configured?

Also check C:\Program Files\Citrix\Secure Gateway\logs. This may help to find the cause of the problem. I probably should've mentioned this folder before :-)

Accepted Solution

11.23.2006 at 12:09AM PST, ID: 18001420

tosse22:

CSG config:
Metaframe Presentation Server -> next
Advanced -> next
Choosing csg.mydomain.com -> next
Protocol = SSLv3 & TLSv1, Cipher = ALL -> next
No check in monitor all IP adresses. 172.16.0.5 port 443 chosen. -> next
No outbound traffic restrictions -> next
Sta is set to the 2 fqdn of the presentation servers on the inside (only resolvable from dmz and inside) -> next
No connection timeout, and connection limit 250 -> next
None exluded from logfiles.
Direct Access option chosen
All events logged including informational

11.23.2006 at 12:32AM PST, ID: 18001519

tosse22:

Nothing is logged unless im connected through VPN. But then it all works.
Im beginning to think its the firewall somehow, although nothing is logged there either.

11.23.2006 at 06:49AM PST, ID: 18003177

tosse22:

Im totally lost here.
I opened everything to csg.mydomain.com and forwarded it to 172.16.0.5.
Nothing at all comes in on this ip.

11.23.2006 at 07:13AM PST, ID: 18003305

tosse22:

Found the problem!!
The company hosting the customers DNS made a typo in the IP address!!! AAarrrrgh, when I get my hands on that guy I dont know what im gonna do! More than 2 days of seaching for a citrix error.... Grrrrr
I'll give you the points. I would never have spotted this even if you had asked me.

20080236-EE-VQP-29