Solved

Secure Gateway 3 and Web Interface 4.2 Multiple Site

Posted on 2006-06-28
5
678 Views
Last Modified: 2012-06-21
I am having some issues configuring a second Web Interface site.  We currently have one Citrix Farm supporting one company.  We have a second small company of a couple dozen users who will also be accessing some apps in the farm.  The partners want this second company to have their own branded WI site.  I get as far as creating a second site in IIS 6 and changing the port to 444 and then the second site stops running in IIS.  It says the port is already in use.  444?  I'm specifyng IP addresses in IIS for the WI site 1 and this second one.

My current config is a single IIS 6 box (W2k3 SP1) in my DMZ with WI 4.2 and CSG 3.0 installed on it.  PS4 servers are behing the firewall.  I have a cert for secure gateway.  I have a cert for my primary WI site.  I have a cert for my 2nd WI site.  CSG, WI site 1, and WI site 2 each have separate public IP's so no NAT or translation going on.  This should be a very direct config but IIS is killing me off the bat.

I also forsee a problem with my current setup once this hurdle is cleared.  Since everything is on the same box I am using the Indirect Access option in my CSG configuration.  I have unchecked the "Installed on this computer" option so I can specify the FQDN for my WI site 1 in the field.  This is the only way I could get it to work when I specified the specific IP address in IIS for my WI site 1.  If I leave "Installed on this computer" checked off the only way to get access to the WI site 1 through CSG was to not specify an IP address in IIS and leave "All Unassigned".

My concern here, since CSG is specifying WI Site 1 in the config is how will it interact with Site 2 once I get it running in IIS?  My guess is I have something fundamentally misconfigured here but I've tried every iteration I can think of to get just the one site working with specified IP addresses in IIS and this is the only way I could get the pages to come up correctly.

So, I have two tasks here:
1. Get the second site running on 444 in IIS6.
2. Get my CSG setup correctly to work with multiple WI sites.
0
Comment
Question by:broussardgroup
  • 2
5 Comments
 
LVL 19

Expert Comment

by:BLipman
Comment Utility
Can you bind a second IP to your NIC and have site #2 use the alternate IP?  
0
 

Author Comment

by:broussardgroup
Comment Utility
I already have 3 IP's bound to my one NIC.
IP1 for Secure Gateway.
IP2 for WI Site #1.
IP3 for WI Site #2.

I'm still digging and I found this thread on Citrix's Support Forum: http://support.citrix.com/forums/thread.jspa?forumID=96&threadID=77742

I'm giving it a shot.
0
 

Author Comment

by:broussardgroup
Comment Utility
I got it.  For anyone who slams into this in the future here is what I did -- most of this I'm paraphrasing from the thread above which was very helpful.

1. You need a cert for the Secure Gateway and every WI site you want to create.
2. Secure Gateway and each WI site needs a unique IP address.  I didn't try this with headers...
3. Setup SG so that it only listens to its IP address on 443.
4. Setup SG so it uses "Direct" access to the Web Interface Site aka Parallel configuration.

SG is now ready.  Now you have to make IIS play nice.

5. Download the httcfg utility off the W2K3 CD "Support Tools".  This tool is used when dealing with IIS6.  If IIS5 or earlier you have to manipulate some sockets.  Search EE for how to do this.
6. Now you have to tell IIS to listen to ONLY the IP's for the websites you will be creating in IIS.  In my case I did the following:

SG is 1.1.1.1
WI Site 1 is 2.2.2.1
WI Site 2 is 2.2.2.2

httpcfg set iplisten -i 2.2.2.1:443

httpcfg set iplisten -i 2.2.2.2:443

REBOOT.

When you start fooling with httpcfg it makes IIS only listen to those IP's so if you have other sites, etc., you need to include those.  The point is DO NOT include the SG IP or IIS will listen there too and SG won't be able to access 443 on its IP.
7. NOW, create your sites in IIS.  If the sites were created before doing this -- as mine were -- you still have issues when trying to get that 2nd, 3rd, 4th... site up.  After hours of futility I last ditch deleted the 2nd site and recreated it and it worked.  So, create sites last appears to be the proper order.
8. Now go into the Access Suite Console and create your site there.

You will now have multiple unique WI 4.2 sites running on the same box as SG 3.0 running through the same SG each with their own certificate.
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
Comment Utility
PAQed with points refunded (250)

CetusMOD
Community Support Moderator
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

After several days of searching and hunting for limited documentation, I wanted to share this guide to hopefully save someone the hassle of trying to figure this out on their own. I have tested this on Xendesktop 7.1 and PS 4.5 running simultaneous…
Citrix XenDesktop 7.6 Citrix Policies Audio
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now