Question

There is no citrix ssl server configured on the specified address.

Asked by: tosse22

Hi
Im getting the error after I have logged in on the web interface, using username,password, and safeword.
I get to see my published applications. When i launch one of the applications from the internet, I get the error:  "cannot connect to the citrix metaframe server. there is no citrix ssl server configured on the specified address".
Im thinking it could be a nat or firewall rule problem to the Secure gateway.

If I make a vpn connection to the firewall, and make a entry in my hosts file like this:
172.16.0.5 csg.mydomain.com
it will work.
I can see in the secure gateway performance statistics, that I only get packets back and forth from it, using this method.

I have the following ports forwarded:
externalip1:443 -> CSG -> 80,443,1494,2598 -> LAN
externalip2:443 -> WI:444


Here is some more detail:

Internet  -> Firewall -> Internal Router -> Web interface (172.16.0.3:444) cert = citrix.mydomain.com
                                          |                  Citrix Secure Gateway (172.16.0.5:443) cert = csg.mydomain.com
                                          |
                                          |-> Citrix Servers 192.168.110.4, 192.168.110.5



[Snippet from launch.ica]

[Encoding]
InputEncoding=ISO8859_1

[WFClient]
ClientName=WI_J185ZbOMP2aAUN8cK
ProxyFavorIEConnectionSetting=Yes
ProxyTimeout=30000
ProxyType=Auto
ProxyUseFQDN=Off
RemoveICAFile=yes
TransparentKeyPassthrough=Local
TransportReconnectEnabled=Off
Version=2
VirtualCOMPortEmulation=Off

[ApplicationServers]
Lommeregner=

[Lommeregner]
Address=;40;STAE7A35C69069E;588B7D50D019E925FDFB898D24FC201A
AudioBandwidthLimit=2
AutologonAllowed=ON
BrowserProtocol=HTTPonTCP
CGPSecurityTicket=On
ClearPassword=6986A7AE46B116
ClientAudio=On
DesiredColor=4
DesiredHRES=1024
DesiredVRES=768
Domain=\B04E617A64E9280A
HTTPBrowserAddress=!
InitialProgram=#Lommeregner
Launcher=WI
LongCommandLine=
ProxyTimeout=30000
ProxyType=Auto
SSLCiphers=all
SSLEnable=On
SSLProxyHost=csg.mydomain.com:443
SecureChannelProtocol=Detect
SessionsharingKey=4-basic-basic-NYTORV-mdaservice-Farm1
TWIMode=On
TransportDriver=TCP/IP
Username=mdaservice
WinStationDriver=ICA 3.0

[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll

[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll

[EncRC5-128]
DriverNameWin16=pdc128w.dll
DriverNameWin32=pdc128n.dll

[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll

[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2006-11-22 at 05:48:28ID22069461
Tags

server

,

ssl

,

configured

,

specified

,

address

Topic

Citrix

Participating Experts
1
Points
500
Comments
10

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Citrix ICA Question
    We have been successful in connecting to the citrix servers via telnet. However when using the citrix client the following error presents itself: 'ICA browser failed to return any names. Server addresses may be entered in the server location list for this application set' S...
  2. The difference between Symantec VPN/MS Terminal Serv…
    Hi, I'm doing a risk analyse for mine company. They have recently changed from Symantec VPN (and al other stuff for security from Symantec) in combination with MS Terminal Server to Citrix metaframe (and all other stuff for security from Citrix). The reason that the IT depar...
  3. Citrix over VPN
    What would be the best practise for running Citrix Metaframe with ICA clients over ADSL lines
  4. There is no Citrix Metaframe server configured on the speci…
    I am responsible for a Citrix server that was configured by an outside company which is increasingly difficult to contact. I'm concerned with the inability of users to connect from the outside into published applications there. Users are able to log into the web interface, ...
  5. Citrix Metaframe 4.0 client cannot accept connections
    Hi everyone, We installed Citrix on a Windows 2003 terminal server (still in the 120 days grace period) and everything is fine from inside the network or over the VPM. However, without VPN we get an error: Cannot connect to the Citrix Metaframe server. The Citrix Metafram s...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: chrisnewman01Posted on 2006-11-22 at 06:10:55ID: 17995504

Hello.  If you're forcing users to go to https://<CSG server>, then you can close port 444 to the WI server.  In the CSG configuration wizard's "Access Options" page, you should have Indirect selected (uncheck the checkbox if WI is on another server (I couldn't tell if you just used 2 IPs for one server or not)), enter the FQDN of the WI server (or localhost if it's on the same server), and check the "Secure traffic between the WI and SG" checkbox and enter port 444.

Test by going to https://<YourExternalName>.  At this point, everything is going through CSG.

Hope this helps,
Chris

 

by: tosse22Posted on 2006-11-22 at 06:35:03ID: 17995689

Hi, I have other reasons for going to the WI first.
The reason is that the customer is actually 2 companys.
These sites have ssl certificates.
I have citrix.mycompany.com and citrix.mycompany2.com.

I have no problem logging in and authenticating. The problem appears when I press the application icon.
Users go to http://citrix.mycompany.com which forwards to https://citrix.mycompany.com on the iis

I use 3 IP's for one server.
Internet  -> Firewall -> Internal Router -> Web interface (172.16.0.3:444) cert = citrix.mydomain.com
                                          |                  Web interface (172.16.0.4:444) cert = citrix.mydomain2.com
                                          |                  Citrix Secure Gateway (172.16.0.5:443) cert = csg.mydomain.com
                                          |
                                          |-> Citrix Servers 192.168.110.4, 192.168.110.5

 

by: chrisnewman01Posted on 2006-11-22 at 07:04:56ID: 17995985

Ok, so you have port 80 opened as well from the outside (if they're getting to the page that redirects them to either WI1 or WI2, port 444).  Within each site in IIS, do you have the IP address assigned to the respective site (the one in the dropdown)?  I would assume yes, but wanted to verify.  In the CSG configuration, are you using the one IP, or is "monitor all ip addresses" checked?  

 

by: chrisnewman01Posted on 2006-11-22 at 07:16:37ID: 17996108

Also, in the Web Interface console (for each WI site), are you using Secure Gateway Direct for the default method of access? (Manage Secure Client Access > Edit DMZ Settings.)

 

by: tosse22Posted on 2006-11-22 at 08:06:12ID: 17996571

Woops yes port 80 is forwarded to the respective sites.

Everything is happening on one server in the dmz.

IP address assigned to the respective site. None of the sites has all unassigned. Default web site is stopped.

CSG is one ip listening.

On webinterface configuration it is set to Secure Gateway Direct

 

by: chrisnewman01Posted on 2006-11-22 at 08:20:03ID: 17996726

It sounds like one option is off.  In the CSG configuration wizard's "Access Options" page, how do you have it configured?

Also check C:\Program Files\Citrix\Secure Gateway\logs.  This may help to find the cause of the problem.  I probably should've mentioned this folder before :-)

 

by: tosse22Posted on 2006-11-23 at 00:09:21ID: 18001420

CSG config:
Metaframe Presentation Server -> next
Advanced -> next
Choosing csg.mydomain.com -> next
Protocol = SSLv3 & TLSv1, Cipher = ALL -> next
No check in monitor all IP adresses. 172.16.0.5 port 443 chosen. -> next
No outbound traffic restrictions -> next
Sta is set to the 2 fqdn of the presentation servers on the inside (only resolvable from dmz and inside) -> next
No connection timeout, and connection limit 250 -> next
None exluded from logfiles.
Direct Access option chosen
All events logged including informational


 

by: tosse22Posted on 2006-11-23 at 00:32:30ID: 18001519

Nothing is logged unless im connected through VPN. But then it all works.
Im beginning to think its the firewall somehow, although nothing is logged there either.

 

by: tosse22Posted on 2006-11-23 at 06:49:29ID: 18003177

Im totally lost here.
I opened everything to csg.mydomain.com and forwarded it to 172.16.0.5.
Nothing at all comes in on this ip.

 

by: tosse22Posted on 2006-11-23 at 07:13:37ID: 18003305

Found the problem!!
The company hosting the customers DNS made a typo in the IP address!!! AAarrrrgh, when I get my hands on that guy I dont know what im gonna do! More than 2 days of seaching for a citrix error.... Grrrrr
I'll give you the points. I would never have spotted this even if you had asked me.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...