Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4697
  • Last Modified:

Secure Ticket authority cannot be contacted

Having a problem with Secure Gateway Diagnostics error: STA specified cannot be contacted

everything else on the diagnostics report is green.

Version = 3.0.1

Computer NetBIOS Name: AMSCITRIX01
Configuration captured on: 6/12/2006 9:52:50 AM
-----------------------------------------------

Secure Gateway Global Settings
------------------------------
  Version = 3.0.1
  Product secured = MetaFrame Presentation Server only
  Logging level =  3 (All events including information)
  Client connection timeout =  100 seconds
  Maximum concurrent connections =  250
  Certificate FQDN = amscitrix01.ams.net

Interfaces
----------

  10.0.0.101 : 8080
  -----------------
    Protocol = SSL, TLS
    Cipher suites = ALL
    Secured = Yes
    HTTP = No
    ICA = Yes
    SOCKS = Yes
    Gateway Client = No
    LoadBalancerIPs = None defined

Web Interface
-------------
  FQDN = localhost
  Port = 80
  Secured = No
  Protocol = SSL, TLS
  Cipher suites = ALL
  Access mode = Indirect
  Tested OK

Authority Servers
-----------------

  ID = STA9487253D2546
  --------------------
    FQDN = amscitrix01.ams.net
    Port = 80
    Path = C:\Inetpub\Scripts/CtxSTA.dll
    Type = STA
    Secured = No
    Protocol = SSL, TLS
    Cipher suites = ALL
   

Certificate Check
-----------------
  FQDN = amscitrix01.ams.net
  This certificate is currently valid.

EOF

any ideas?
0
Quadeeb2003
Asked:
Quadeeb2003
  • 8
  • 6
1 Solution
 
mgcITCommented:
give some more info please:

Open Access Suite Console > Manage Server Farms

What is your XML port and do you have your citrix servers listed in the box (citrix servers, not your WI/SG)?


then,
Manage Secure Client Access > Edit Secure Gateway Settings

Paste what you have for Secure Ticket Authority URLs
0
 
Quadeeb2003Author Commented:
Name  xml port  xml transport  ssl relay port  servers
dme         80          http                  443           amscitrix01


secure ticket authority urls
http://amscitrix01.ams.net/scripts/ctxsta.dll

on a side note, previously you told me to make sure the port i was using for IIS was not 443, but make it 444.

I didnt quite get that one done, could not figure it out.  IIS is running.
0
 
mgcITCommented:
ok then there's some conflicting information above.

Tell me one other thing:

Open the Citrix Management Console, right-click on the server name and go to Properties.  Go to the "Metaframe Settings" section and tell me what you have listed for your Citrix XML Service TCP/IP Port
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Quadeeb2003Author Commented:
Citrix XML Service TCP/IP port:  "Sharing with IIS"
0
 
mgcITCommented:
do you only have 1 server: amscitrix01

or do you have a separate server for the Web Interface/Secure Gateway?
0
 
Quadeeb2003Author Commented:
only one server
0
 
Quadeeb2003Author Commented:
AMSCitrix01   - all the citrix
a DC
a fileserver
0
 
mgcITCommented:
ok a couple things:

>> 10.0.0.101 : 8080

this should be 10.0.0.101 : 443

443 is the port used for SSL.  You would specify this in one of the steps of the Secure Gateway Configuration Wizard

>>ID = STA9487253D2546
  --------------------
    FQDN = amscitrix01.ams.net
    Port = 80
    Path = C:\Inetpub\Scripts/CtxSTA.dll
    Type = STA
    Secured = No
    Protocol = SSL, TLS
    Cipher suites = ALL

I've never installed everything onto 1 server so this may be ok, but usually you will see it like this:

ID = STA9487253D2546
  --------------------
    FQDN = amscitrix01.ams.net
    Port = 80
    Path = /Scripts/CtxSTA.dll   << since this is technically on your server the path you have is correct (C:\...) but usually you don't specify the entire path
    Type = STA
    Secured = No
    Protocol = SSL, TLS
    Cipher suites = ALL

just curious at this point what is working?
0
 
Quadeeb2003Author Commented:
ok, well i feel a little less stupid here.
I actually tried the 443 in the Gateway Config Wizard, and it said the port is in use.
When I run GCW
choices are as follows
Metaframe Presentation server
standard
amscitrix01.ams.net (server certificate)
next step
monitor all ip addresses is blank
tcp port shows 443 (is greyed out)
listed ip 10.0.0.101:8080
if I try to add 443 "the selected port is in use: please try another port"
if i click "monitor all ip addresses" 443 is now white, but same
"the selected port is in use: please try another port"
and if i try to delete the 8080 reference, i still get the same error.

...that is the first part
now for the part with the ID = STA.....
I read on the citrix board, and tried to change the path to the local, but it would not let me put anything in there besides HTTP//

want to take a look, I'll shoot you a gotomypc session

0
 
mgcITCommented:
sorry... no time to fix all this now but this will get you going.  The "... port is in use" error is what I was talking about earlier when I said to change the IIS port to 444.  To do that:

1. Open IIS (Internet Information Services)
2. Right-click your default website and go to Properties
3. on the "Website" tab there will be a box for "SSL Port"
4. If this currently says 443 change it to 444 and click OK

Repeat this process for any other site you have listed (only if they have 443 listed as the SSL Port).

You should also check "Monitor All IP Addresses" when you get to that step in the setup


for the STA... when you get to that step put in the following info:
FQDN: amscitrix01
Path: /Scripts/CtxSTA.dll
ID: (leave blank)

Uncheck "Secure traffic between...."
TCP port: 80
Check "Use default"

After you click OK the STA ID should fill in automatically.  If you get any sort of an error message try changing the FQDN to amscitrix01.ams.net
0
 
Quadeeb2003Author Commented:
I changed the port on IIS to 444

and the Configuration Wizard will not complete, with "unable to start secure gateway".

I'll keep trying
0
 
Quadeeb2003Author Commented:
With the STA.. setting at HTTP and the port set to 444 it worked.
0
 
Quadeeb2003Author Commented:
WOOOHOOOO!!!!

Thanks so much mgcIT, EVERYTHING is working now.
Did my offsite test and all was good!!!
I'll have some easier questions listed soon, window dressing as such!!

Thanks again.
0
 
mgcITCommented:
ok glad you got it working... just post more questions and I'll see if I can answer.

By the way, you may want to revisit how much you paid your consultants to get this working for you.  It doesn't appear they did very much at all unless the things you are doing now were not in the contract.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 8
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now