PerimeterIT
asked on
Citrix Secure Gateway throwing error (1030) when connecting to one specific host
When our users try to connect to any app hosted on one specific host via the web gateway it times out and gives error 1030. We don't see an embryonic connection in the console.
All apps work internally to that server, it only throws the error when accessing it via the Secure gateway. Accessing the same app via a different host works just fine.
DNS to and from the Secure gateway from the host resolves fine, all servers including the gateway are on the same subnet, no windows firewall or otherwise is in place between them. IP's are pingable.
Which ports need to be answering on the server?
What else could be the cause?
All apps work internally to that server, it only throws the error when accessing it via the Secure gateway. Accessing the same app via a different host works just fine.
DNS to and from the Secure gateway from the host resolves fine, all servers including the gateway are on the same subnet, no windows firewall or otherwise is in place between them. IP's are pingable.
Which ports need to be answering on the server?
What else could be the cause?
ASKER
It was working fine till last week, no idea what's changed since then.
Certificate is valid and matches the FQDN.
CSG works just fine for the other 2 hosts in the cluster, only this one host has issues. All 3 hosts the same applications and desktops.
Users can connect to the affected host internally just fine, it's only when you connect to it via the secure gateway that there is a problem.
CSG v 3.0
Citrix Xen App 5.0
Windows Event logs on the CSG server are clean, where are the logs for CSG v 3.0 ?
Certificate is valid and matches the FQDN.
CSG works just fine for the other 2 hosts in the cluster, only this one host has issues. All 3 hosts the same applications and desktops.
Users can connect to the affected host internally just fine, it's only when you connect to it via the secure gateway that there is a problem.
CSG v 3.0
Citrix Xen App 5.0
Windows Event logs on the CSG server are clean, where are the logs for CSG v 3.0 ?
From memory, the logs are in C:\Program Files\Citrix\Secure Gateway\logs
Check the event logs on the probelm server.
Check the event logs on the probelm server.
ASKER
Event Type: Error
Event Source: Citrix Web Interface
Event Category: None
Event ID: 0
Date: 07/10/2013
Time: 8:45:48 AM
User: N/A
Computer: NEW_WEB_VM
Description:
Site path: C:\CitrixWebPortal\Citrix\
An error occurred while attempting to connect to the server 192.168.1.24 on port 8080. Verify that the Citrix XML Service is running and is using the correct port. If the XML Service is configured to share ports with IIS, verify that IIS is running. This message was reported from the XML Service at address http://192.168.1.24:8080/scripts/wpnbr.dll. This XML Service could not be contacted and will be temporarily removed from the list of active services. [Log ID: 537eb27e]
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I can telnet to that stated IP and port, so I know the service is up.
What else can I check?
Event Source: Citrix Web Interface
Event Category: None
Event ID: 0
Date: 07/10/2013
Time: 8:45:48 AM
User: N/A
Computer: NEW_WEB_VM
Description:
Site path: C:\CitrixWebPortal\Citrix\
An error occurred while attempting to connect to the server 192.168.1.24 on port 8080. Verify that the Citrix XML Service is running and is using the correct port. If the XML Service is configured to share ports with IIS, verify that IIS is running. This message was reported from the XML Service at address http://192.168.1.24:8080/scripts/wpnbr.dll. This XML Service could not be contacted and will be temporarily removed from the list of active services. [Log ID: 537eb27e]
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I can telnet to that stated IP and port, so I know the service is up.
What else can I check?
When you say you can telnet to that IP and port, is that from the Web Interface server?
Have you tried to restart the XML service on the .24 server?
Are you sure that the XML service is the only service listening on .24 on 8080? Try stopping it and telnet'ing again.
Have you tried to restart the XML service on the .24 server?
Are you sure that the XML service is the only service listening on .24 on 8080? Try stopping it and telnet'ing again.
ASKER
I've tried to dismount and remount the XML service on the affected server and it keeps giving me the error that the port is in use.
ctxxmlss /u
ctxxmlss /R8080
I run a "netstat -a -b" to see what applications are bound to the port and it looks like a bunch of random ones. From client launched apps to the print spooler. Every time I kill an app something else takes its place!
During the next outage window I'll try to change the default XML port for all the servers in the cluster and see if that does the trick.
ctxxmlss /u
ctxxmlss /R8080
I run a "netstat -a -b" to see what applications are bound to the port and it looks like a bunch of random ones. From client launched apps to the print spooler. Every time I kill an app something else takes its place!
During the next outage window I'll try to change the default XML port for all the servers in the cluster and see if that does the trick.
ASKER
I've changed the default XML ports on all the server to 4444.
The errors pertaining to this in the eventlogs are now gone, but I'm still having the exact same issue....
The errors pertaining to this in the eventlogs are now gone, but I'm still having the exact same issue....
Did you reconfigure Web Interface to use the new ports?
ASKER
yes, I can telnet to each CTX host from the web gateway on that port as well.
But the same issue as before. Connections via the web gateway work to all the hosts except one.
And that one host works fine internally, not using the web gateway.
But the same issue as before. Connections via the web gateway work to all the hosts except one.
And that one host works fine internally, not using the web gateway.
are you able to telnet to the .24 server with port 1494 and 2598 from the CSG server?
(1494 shold view "ICA" and 2598 a blank screen only)
can you try catch the launch.ica file while initiating the connection via CSG to a working server and a connection to the problem server?
if you post the content (remove username/ticket/appname/..
(1494 shold view "ICA" and 2598 a blank screen only)
can you try catch the launch.ica file while initiating the connection via CSG to a working server and a connection to the problem server?
if you post the content (remove username/ticket/appname/..
Might be worthwhile removing the problem server from WI and CSG - it may have lost the STA settings for some reason.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No solution provided
IIS all ok on the Secure Gateway? It's been a while since I did CSG but I seem to recall you have to change IIS SSL to another port from 443 - commonly 444 - so that CSG services can start properly.
Other than that, it'd help to have some versions of everything.
Two other things - has it ever worked? What does CSG post in its logs?