?
Solved

SSL not working while running CSG and Presentation 4.0 on the same server

Posted on 2006-04-21
20
Medium Priority
?
602 Views
Last Modified: 2008-01-09
I installed CSG and Presentation manager on the same server.
IIS is set to listen on port 3443 and CSG on 443
I am able to login and see my published web apps via an ssl link but cannont launch the applications over ssl.
If I am on the same subnet with the server my applications launched via the web browser talk over port 2598.
If I put a firewall between myself and the server to test the ssl I get a reply back when launching the apps that say:
Cannot connect to the Citrix server:
There is no Citrix Server configured on the specified address

0
Comment
Question by:DLBroussard
  • 11
  • 8
19 Comments
 
LVL 18

Expert Comment

by:mgcIT
ID: 16508708
First I should mention that installing CSG on the same server as PS 4.0 is not recommended.  You won't be getting the same security that you would if they were separate and the CSG was in the DMZ.

For your problem you probably just haven't configured the Web Interface correctly for use with CSG.  Please give more details on your web interface setup.  Specifically under "Manage Seucre Client Access"

And one other piece of info that is key.  Log into the web interface from the outside but rather than trying to launch an application, right-click on the application icon and choose "Save Target As..."  Save this file (launch.ica) to your desktop and then open it with Notepad.  Post that file here.
0
 

Author Comment

by:DLBroussard
ID: 16509105
I agree with you on the security, but this is a test site.  production will have separate servers.
The Client access for the secure getway settings are:
FQDN = the external host fqdn
STA URL = http://internal host name/scripts/ctxsta.dll
No translations are in place

ICA File setings

[Encoding]
InputEncoding=ISO8859_1

[WFClient]
ClientName=WI_gx7NzjVyuLDzH5P3e
ProxyFavorIEConnectionSetting=Yes
ProxyTimeout=30000
ProxyType=Auto
ProxyUseFQDN=Off
RemoveICAFile=yes
TransparentKeyPassthrough=Local
TransportReconnectEnabled=On
Version=2
VirtualCOMPortEmulation=Off

[ApplicationServers]
Notepad=

[Notepad]
Address=10.1.0.12:1494
AutologonAllowed=ON
CGPAddress=*:2598
ClearPassword=1E83251A9E8A41
ClientAudio=Off
DesiredColor=2
DesiredHRES=640
DesiredVRES=480
Domain=\12AC84499658F584
InitialProgram=#Notepad
Launcher=WI
LongCommandLine=
ProxyTimeout=30000
ProxyType=Auto
SSLEnable=Off
SessionsharingKey=2-basic-none-rdtst-administrator-Test Farm
TWIMode=On
TransportDriver=TCP/IP
Username=administrator
WinStationDriver=ICA 3.0

[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll

[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll

[EncRC5-128]
DriverNameWin16=pdc128w.dll
DriverNameWin32=pdc128n.dll

[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll

[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll

0
 
LVL 18

Expert Comment

by:mgcIT
ID: 16509192
ok see this is not correct: Address=10.1.0.12:1494

When using CSG you should not see an address here because outside your firewall you can't communicate with a server with the address 10.1.0.12 directly.  The address should be masked so something is not working right with your CSG.  When accessing your web interface site are you typing https:// rather than http://?
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 

Author Comment

by:DLBroussard
ID: 16509214
I am using https:
Is there a good document for configuring everything on the same server?
0
 
LVL 18

Expert Comment

by:mgcIT
ID: 16509236
and what settings do you have under Manage Secure Client Access > Edit DMZ Settings
0
 
LVL 18

Expert Comment

by:mgcIT
ID: 16509316
Unfortunately there isn't a document for that simply because it isn't a recommended setup.  The CSG admin guide from http://support.citrix.com (site seems down at the moment - they have changed the design since yesterday so apparently are having problems with that) gives details about installing Web Interface and CSG on the same server but no PS 4.0 also.
0
 
LVL 18

Expert Comment

by:mgcIT
ID: 16509339
ok the site seems fine now.  Here are the links for those specific admin guides:

CSG 3.0: http://support.citrix.com/article/CTX106300

WI for PS 4.0: http://support.citrix.com/article/CTX106472
0
 

Author Comment

by:DLBroussard
ID: 16509360
Edit DMZ settings - Default, Direct
0
 
LVL 18

Expert Comment

by:mgcIT
ID: 16509371
>> Edit DMZ settings - Default, Direct

ok change this to Secure Gateway Direct
0
 

Author Comment

by:DLBroussard
ID: 16509635
Done,
but now I get ERROR: An error has occurred while connecting to the requested resource.
when trying to launch the app
0
 
LVL 18

Expert Comment

by:mgcIT
ID: 16509698
ok save the launch.ica file again and post here again.
0
 

Author Comment

by:DLBroussard
ID: 16510567
When I go to save the ica file it tries to save it as a serverError.htm which contains the same error.
0
 

Author Comment

by:DLBroussard
ID: 16510611
OK, I got the defective end user out of the way (myself)
[Encoding]
InputEncoding=ISO8859_1

[WFClient]
ClientName=WI_gx7NzjVyuLDzH5P3e
ProxyFavorIEConnectionSetting=Yes
ProxyTimeout=30000
ProxyType=Auto
ProxyUseFQDN=Off
RemoveICAFile=yes
TransparentKeyPassthrough=Local
TransportReconnectEnabled=On
Version=2
VirtualCOMPortEmulation=Off

[ApplicationServers]
Notepad=

[Notepad]
Address=10.1.0.12:1494
AutologonAllowed=ON
CGPAddress=*:2598
ClearPassword=6EB12A50FE133D
ClientAudio=Off
DesiredColor=2
DesiredHRES=640
DesiredVRES=480
Domain=\03C71226F85E9AEB
InitialProgram=#Notepad
Launcher=WI
LongCommandLine=
ProxyTimeout=30000
ProxyType=Auto
SSLEnable=Off
SessionsharingKey=2-basic-none-rdtst-administrator-Test Farm
TWIMode=On
TransportDriver=TCP/IP
Username=administrator
WinStationDriver=ICA 3.0

[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll

[EncRC5-0]
DriverNameWin16=pdc0w.dll
DriverNameWin32=pdc0n.dll

[EncRC5-128]
DriverNameWin16=pdc128w.dll
DriverNameWin32=pdc128n.dll

[EncRC5-40]
DriverNameWin16=pdc40w.dll
DriverNameWin32=pdc40n.dll

[EncRC5-56]
DriverNameWin16=pdc56w.dll
DriverNameWin32=pdc56n.dll

0
 
LVL 18

Expert Comment

by:mgcIT
ID: 16510967
ok still not quite right, but I think I see your problem.  Again the Address should not show.  When the CSG is working correctly it will look something like this:
Address=;40;STAEE63F55267DC;90AB360D6374AFD37016F49B923420A7

one of your problems is here:
CGPAddress=*:2598

port 2598 is used for Session Reliablilty.  Normally this will be 443 as you said in your original post the CSG is using SSL over port 443.  In your web interface settings or CSG settings anywhere are you specifying port 2598?
0
 

Author Comment

by:DLBroussard
ID: 16511728
OK,

I removed the existing web site, re-ran discovery, created a new web site, configured it as you said  for the dmz, set up the fqdn and the sta address and now I get that the certificate is not from a trusted source when I launch the app.
The good news is the ica file looks correct now.
The certificate error is true because I generated a self signed certificate using a MIcrosoft IIS utility.
I think it will work once I get a real certificate or I set up my pc to trust the source.
0
 
LVL 18

Expert Comment

by:mgcIT
ID: 16511762
yes it will work once you get an actual cert.  Or if you want to use the free one do this:

1. on your certificate server (the IIS server you used) browse to the following page: https://servername/certsrv/certcarc.asp
2. click "Download CA Certificate Chain" - save this file to your hard drive
3. now on the computer you are trying to connect to citrix with, get the file you downloaded above, right-click and choose "Install Certificate"
4. Click Next
5. choose "Place all certificates in the following store"
6. click Browse
7. choose Trusted Root Certification Authorities - click yes to any warning messages and finish
8. Now try to log into the CSG from that computer
0
 
LVL 18

Accepted Solution

by:
mgcIT earned 1000 total points
ID: 16512413
is that a question? or a bug with the site?

If you want to accept one of my comments as the answer to your question then just click the "Accept" button next to the comment (if you didn't do that already)... If you did try it again because something went glitchy when you did.
0
 
LVL 18

Expert Comment

by:mgcIT
ID: 16703822
My recommendation: This question was answered correctly..  In fact I believe the asker tried to accept (or thought he/she was doing it correctly based on their last post).  Either way the solution to several different problems here was given.
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#CITRIX #XENDESKTOP #POC #Citrix Studio
Citrix XenDesktop 7.6 Citrix Policies Graphics
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question