Solved

Citrix Secure Gateway and Citrix Web Interface on a single computer

Posted on 2006-06-27
18
1,086 Views
Last Modified: 2012-06-22
OK Experts - Time sensative question here, I will try to be as detailed as possible.

I have 2 servers runnig citrix
1 for PS 4.0
1 for WI and SG

Previously I had everything on one server.  Now I have WI and SG on a separate server, and that server is in the DMZ.

Before I put the SG server in the DMZ, i was able to connect through WI to the PS, now, that the SG server is in the DMZ, and out of the local IP loop, I cannot connect over WI.

The details.
The SG server is on IP address x.x.x.19, I can ping the DMZ x.x.x.18 and hit both.
The SG certificate is secure.billsmoonko.com, it is installed on the SG.
the web address for secure.billsmoonko.com is not currently being redirected to the server ip x.x.x.19, but I can make that happen.
I was hoping SG would function by its direct IP for now, and change it after it is running.

WI and SG both installed (thx mgcIT), but I'm sure I didn't default something correct

Under WI  in the Access Suite Consolu I have 2 interfaces listed
https://amscitrix01.ams.net:444/citrix/metframe
https://secure.billsmoonko.com:444/citrix/metframe  default set to Secure Gateway

I added the second on becuase during the discovery for the first on, nothing cam up under WI.

So presently I cannot connect to the SG via web browser
I tried the ip, the secure.billsmoonko.com

I really need to get this up and going, please let me know what else you need to help me get me up and running.

ON the important scale I give it a literal 10 of 10.  





0
Comment
Question by:Quadeeb2003
  • 12
  • 6
18 Comments
 
LVL 18

Accepted Solution

by:
mgcIT earned 500 total points
Comment Utility
if the only thing you did was move the server into the DMZ then this is probably a DMZ/firewall issue.  What ports do you have open between your LAN & DMZ?
0
 
LVL 1

Author Comment

by:Quadeeb2003
Comment Utility
between the LAN and the DMZ
443
444
80
8080
1443
0
 
LVL 1

Author Comment

by:Quadeeb2003
Comment Utility
I wasn't able to get into Citrix via the certificate name previously either, the secure...
0
 
LVL 1

Author Comment

by:Quadeeb2003
Comment Utility
I had previously changed the name of the IIS server web site from default to the secure.billsmoonko.com, is that incorrect?

0
 
LVL 1

Author Comment

by:Quadeeb2003
Comment Utility
I am able to log into Citrix with the following
http://<servername.domain.org>/citrix/metaframe
0
 
LVL 1

Author Comment

by:Quadeeb2003
Comment Utility
but not through https, sorry about the continuous updates.
0
 
LVL 18

Expert Comment

by:mgcIT
Comment Utility
you are able to do this externally?

if so check to see if you have port 443 opened on the external firewall to the DMZ for the proper IP address.
0
 
LVL 1

Author Comment

by:Quadeeb2003
Comment Utility
No, can't do it externally mgcIT.  Only on the local.
Currently trying to configure the router, there seems to be a problem with how they gave us the new IP addresses that does not work so well for our DMZ.
We cannot ping the router from a non LAN ip at the moment.

But, besides that.  Shouldn't  I be able to hit    https://certname:443.

I can't hit anything with the cert name, but server name and or ip I can hit.

0
 
LVL 18

Expert Comment

by:mgcIT
Comment Utility
should yes... have you configured DNS so that certname = IP Address?
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 18

Expert Comment

by:mgcIT
Comment Utility
also I should mention that DNS changes on the internet can sometimes take awhile to propogate (usually about a day).
0
 
LVL 1

Author Comment

by:Quadeeb2003
Comment Utility
No, I have not configured DNS so the certname = IP address,
how would I go about doing that?
0
 
LVL 18

Expert Comment

by:mgcIT
Comment Utility
well first you would have had to purchase the domain name billsmoonko.com... have you done that?

Depending on where you purchase from, they will have a web admin page where you can point that domain (and others such as secure.billsmoonko.com) to a certain IP Address
0
 
LVL 1

Author Comment

by:Quadeeb2003
Comment Utility
The web domain was purchased from godaddy, it is presently hosted by godaddy, and the ip is mapped to the ip of the server.

I was having difficulty running discovery in the access suite console, so much so that I re-installed the OS on the SG server.
The good news is it only took about 5 minutes to get the WI and SG back to the position they had been in previously.
It is taking a very long time to initialize the snap-ins and to run discovery on the SG server.  
I can't log into http://<servername.domain.org>/citrix/metaframe
I get an error the RPC server cannot be contacted. Check that the server name is correct, that the server is on, that metaframe ps is in the server, and and that the metaframe COM server is running.

I'm guessing this is all firewall related.  
0
 
LVL 1

Author Comment

by:Quadeeb2003
Comment Utility
OK, it was firewall related. All those issues are gone.
Now, I am back to getting the SG to work.
I had success in a local connection over https / ip address
Non local and non VPN i can get to the site Https, install the cert, but I still get cannot find the server.
Next step to look at the launch.ica file, i just have to find it.  I forget how.
0
 
LVL 1

Author Comment

by:Quadeeb2003
Comment Utility
Here is my ICA file
I'm back to my old SG issue, but, we now have the SG server in a DMZ (and working), and behind a firewall (configured correctly)

Can you help me from my iCA

[Encoding]
InputEncoding=ISO8859_1

[WFClient]
ClientName=WI_EQgJ0erWVDz3hfqeA
ProxyFavorIEConnectionSetting=Yes
ProxyTimeout=30000
ProxyType=Auto
ProxyUseFQDN=Off
RemoveICAFile=yes
TransparentKeyPassthrough=Local
TransportReconnectEnabled=On
Version=2
VirtualCOMPortEmulation=Off

[ApplicationServers]
Wordpad=

[Wordpad]
Address=10.0.0.101:1494
AudioBandwidthLimit=2
AutologonAllowed=ON
CGPAddress=*:2598
ClearPassword=90B05D912B0B95
ClientAudio=On
DesiredColor=2
DesiredHRES=640
DesiredVRES=480
Domain=\2D18E6E6232BB1B9
InitialProgram=#Wordpad
Launcher=WI
LongCommandLine=
ProxyTimeout=30000
ProxyType=Auto
SSLEnable=Off
SessionsharingKey=2-basic-basic-AMSNET-Justin-DME
TWIMode=On
TransportDriver=TCP/IP
Username=Justin
WinStationDriver=ICA 3.0

[Compress]
DriverNameWin16=pdcompw.dll
DriverNameWin32=pdcompn.dll

[EncRC5-0]
0
 
LVL 1

Author Comment

by:Quadeeb2003
Comment Utility
Alright, I have added a couple address translations, and now I am to the next error,
I feel like it is progress.

The Citrix SSL relay name could not be resolved (SSL error 40)
citrix has this to say
http://support.citrix.com/article/CTX103569&searchID=22922834

I am looking into the DNS, because mcgIT said something about it previously.
0
 
LVL 18

Expert Comment

by:mgcIT
Comment Utility
the SSL error 40 is because your certificate says secure.billsmoonko.com but you are connecting to the IP Address.  The URL and certificate must match in order for SSL to work.  Have you enabled the DNS yet?
0
 
LVL 1

Author Comment

by:Quadeeb2003
Comment Utility
No, mcgIT, not quite sure how to enable the DNS.
See open question.  This question really had to do with the router settings, which I gave you credit for, that was a step in the right direction.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

#Citrix #XenApp #Citrix XenApp #Citrix Concurrent License #Citrix Licensing #Citrix Policies
CITRIX XENAPP 6.5 FARM CUSTOM POLICY - CHANGE MANAGEMENT WINDOW REBOOT SCHEDULE
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now