Solved

Secure Ticket authority cannot be contacted

Posted on 2006-06-12
14
4,351 Views
Last Modified: 2010-05-18
Having a problem with Secure Gateway Diagnostics error: STA specified cannot be contacted

everything else on the diagnostics report is green.

Version = 3.0.1

Computer NetBIOS Name: AMSCITRIX01
Configuration captured on: 6/12/2006 9:52:50 AM
-----------------------------------------------

Secure Gateway Global Settings
------------------------------
  Version = 3.0.1
  Product secured = MetaFrame Presentation Server only
  Logging level =  3 (All events including information)
  Client connection timeout =  100 seconds
  Maximum concurrent connections =  250
  Certificate FQDN = amscitrix01.ams.net

Interfaces
----------

  10.0.0.101 : 8080
  -----------------
    Protocol = SSL, TLS
    Cipher suites = ALL
    Secured = Yes
    HTTP = No
    ICA = Yes
    SOCKS = Yes
    Gateway Client = No
    LoadBalancerIPs = None defined

Web Interface
-------------
  FQDN = localhost
  Port = 80
  Secured = No
  Protocol = SSL, TLS
  Cipher suites = ALL
  Access mode = Indirect
  Tested OK

Authority Servers
-----------------

  ID = STA9487253D2546
  --------------------
    FQDN = amscitrix01.ams.net
    Port = 80
    Path = C:\Inetpub\Scripts/CtxSTA.dll
    Type = STA
    Secured = No
    Protocol = SSL, TLS
    Cipher suites = ALL
   

Certificate Check
-----------------
  FQDN = amscitrix01.ams.net
  This certificate is currently valid.

EOF

any ideas?
0
Comment
Question by:Quadeeb2003
  • 8
  • 6
14 Comments
 
LVL 18

Expert Comment

by:mgcIT
ID: 16887262
give some more info please:

Open Access Suite Console > Manage Server Farms

What is your XML port and do you have your citrix servers listed in the box (citrix servers, not your WI/SG)?


then,
Manage Secure Client Access > Edit Secure Gateway Settings

Paste what you have for Secure Ticket Authority URLs
0
 
LVL 1

Author Comment

by:Quadeeb2003
ID: 16887382
Name  xml port  xml transport  ssl relay port  servers
dme         80          http                  443           amscitrix01


secure ticket authority urls
http://amscitrix01.ams.net/scripts/ctxsta.dll

on a side note, previously you told me to make sure the port i was using for IIS was not 443, but make it 444.

I didnt quite get that one done, could not figure it out.  IIS is running.
0
 
LVL 18

Expert Comment

by:mgcIT
ID: 16887593
ok then there's some conflicting information above.

Tell me one other thing:

Open the Citrix Management Console, right-click on the server name and go to Properties.  Go to the "Metaframe Settings" section and tell me what you have listed for your Citrix XML Service TCP/IP Port
0
 
LVL 1

Author Comment

by:Quadeeb2003
ID: 16887654
Citrix XML Service TCP/IP port:  "Sharing with IIS"
0
 
LVL 18

Expert Comment

by:mgcIT
ID: 16887693
do you only have 1 server: amscitrix01

or do you have a separate server for the Web Interface/Secure Gateway?
0
 
LVL 1

Author Comment

by:Quadeeb2003
ID: 16887730
only one server
0
 
LVL 1

Author Comment

by:Quadeeb2003
ID: 16887742
AMSCitrix01   - all the citrix
a DC
a fileserver
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 18

Expert Comment

by:mgcIT
ID: 16888915
ok a couple things:

>> 10.0.0.101 : 8080

this should be 10.0.0.101 : 443

443 is the port used for SSL.  You would specify this in one of the steps of the Secure Gateway Configuration Wizard

>>ID = STA9487253D2546
  --------------------
    FQDN = amscitrix01.ams.net
    Port = 80
    Path = C:\Inetpub\Scripts/CtxSTA.dll
    Type = STA
    Secured = No
    Protocol = SSL, TLS
    Cipher suites = ALL

I've never installed everything onto 1 server so this may be ok, but usually you will see it like this:

ID = STA9487253D2546
  --------------------
    FQDN = amscitrix01.ams.net
    Port = 80
    Path = /Scripts/CtxSTA.dll   << since this is technically on your server the path you have is correct (C:\...) but usually you don't specify the entire path
    Type = STA
    Secured = No
    Protocol = SSL, TLS
    Cipher suites = ALL

just curious at this point what is working?
0
 
LVL 1

Author Comment

by:Quadeeb2003
ID: 16889023
ok, well i feel a little less stupid here.
I actually tried the 443 in the Gateway Config Wizard, and it said the port is in use.
When I run GCW
choices are as follows
Metaframe Presentation server
standard
amscitrix01.ams.net (server certificate)
next step
monitor all ip addresses is blank
tcp port shows 443 (is greyed out)
listed ip 10.0.0.101:8080
if I try to add 443 "the selected port is in use: please try another port"
if i click "monitor all ip addresses" 443 is now white, but same
"the selected port is in use: please try another port"
and if i try to delete the 8080 reference, i still get the same error.

...that is the first part
now for the part with the ID = STA.....
I read on the citrix board, and tried to change the path to the local, but it would not let me put anything in there besides HTTP//

want to take a look, I'll shoot you a gotomypc session

0
 
LVL 18

Accepted Solution

by:
mgcIT earned 500 total points
ID: 16889465
sorry... no time to fix all this now but this will get you going.  The "... port is in use" error is what I was talking about earlier when I said to change the IIS port to 444.  To do that:

1. Open IIS (Internet Information Services)
2. Right-click your default website and go to Properties
3. on the "Website" tab there will be a box for "SSL Port"
4. If this currently says 443 change it to 444 and click OK

Repeat this process for any other site you have listed (only if they have 443 listed as the SSL Port).

You should also check "Monitor All IP Addresses" when you get to that step in the setup


for the STA... when you get to that step put in the following info:
FQDN: amscitrix01
Path: /Scripts/CtxSTA.dll
ID: (leave blank)

Uncheck "Secure traffic between...."
TCP port: 80
Check "Use default"

After you click OK the STA ID should fill in automatically.  If you get any sort of an error message try changing the FQDN to amscitrix01.ams.net
0
 
LVL 1

Author Comment

by:Quadeeb2003
ID: 16889814
I changed the port on IIS to 444

and the Configuration Wizard will not complete, with "unable to start secure gateway".

I'll keep trying
0
 
LVL 1

Author Comment

by:Quadeeb2003
ID: 16889940
With the STA.. setting at HTTP and the port set to 444 it worked.
0
 
LVL 1

Author Comment

by:Quadeeb2003
ID: 16890093
WOOOHOOOO!!!!

Thanks so much mgcIT, EVERYTHING is working now.
Did my offsite test and all was good!!!
I'll have some easier questions listed soon, window dressing as such!!

Thanks again.
0
 
LVL 18

Expert Comment

by:mgcIT
ID: 16890181
ok glad you got it working... just post more questions and I'll see if I can answer.

By the way, you may want to revisit how much you paid your consultants to get this working for you.  It doesn't appear they did very much at all unless the things you are doing now were not in the contract.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
Citrix XenDesktop, gold image, VMware, vSphere.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now